Ransomware Intelligence

qilin

Ransomware group profile

1,355Victims
RussiaSource country
111Impact score
Also Known As
agenda

Description

Qilin is an emerging ransomware group recognized for its advanced attack methodologies and ransomware-as-a-service (RaaS) model. The group has gained notoriety for targeting various sectors globally, employing double extortion tactics and exploiting software vulnerabilities to demand substantial ransoms in cryptocurrency. Known for their adaptability, Qilin continues to evolve in response to developing cybersecurity measures.

Key insights

  • Utilizes advanced encryption methods and double extortion techniques.
  • Targets high-value organizations worldwide across multiple sectors.
  • Gains initial access primarily through spear phishing and exploiting software vulnerabilities.
  • Employs ransomware variants written in Golang and Rust for enhanced evasion capabilities.
  • Rapidly adapts tactics to bypass security measures and leverage zero-day vulnerabilities.
  • Exploits public-facing applications and administrative tools for lateral movement.
  • Demands high ransoms, sometimes reaching tens of millions of dollars, causing significant operational disruptions.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For qilin · Based on incidents in selected period

4threat level
Aggressiveness10/ 10
Lethality0/ 10
Criticality1.8/ 10

Status Breakdown

Data Leaked2.2%30
Negotiating0.1%1
Claimed97.6%1,323
First seenJun 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for qilin in the selected period

1,355Total attacks
191peak in Oct
104.2avg / month
↓ 76 vs first month
JunJulAugSepOctNovDecJanFebMarAprMayJun050100150200

Intelligence

IOCs, YARA/Sigma rules, and related families for qilin

  1. e1763c22d4a4bad7987552d0327c83c850358f207c7b22d3af67a6af887a9870
  2. 50520639cf77df0c15cc95076fac901e3d04b708
  3. f0ac3999d4020cd051052a0627a2056d
  4. 4fde7b67da86fdd1587f78254acf9cd6766a7d77
  5. 72231dc69a71f3ac971fa335dc79a04569dd7a09
  6. 561d5036a1ecb3f12f2a0e9a439106b794993273f5775fe801717cd13ceb7631
  7. ebddc99a00bd7a5dcaf7b73349309d970e5c69b8
  8. 88bd49b1bd9c2bde78bc4e394c993035e0fde3ea
  9. e705f69afd97f343f3c1f2bc6027d30935a0bfd29ff025c563f6f8c1f9a7478e
  10. a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
  11. 468121e7d6952799f92940677268937c4c5f92ed
  12. a0dc80a37eb7e2716c02a94adc8df9baedec192a77bde31669faed228d9ff526
  13. a3a06422e0a35c7722fce88343f32a6d
  14. f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55
  15. f9fb816a81b732b0631d9c1bed2958edc47ca52160c0bb03db352872bbd6cbd9
  16. 7a89b347beb55f63dbcbcfc0beedbe43
  17. 6ae7c9a7ea0b8c40a64225734f6bd01d
  18. 9b04a93e05ccff94667f04bffa7af600
  19. 5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2
  20. 03c90fd77221e1b5b9d98e32ada70990
  21. 96bb4ec6c820e485782bd206975a66a11f40dd7424abd9bace54760cbda0ae93
  22. 227f14f4c3aa35b9fb279f52c73b2e1e
  23. 603f38559310eb36089845343eddd8b5baa853aa
  24. e8af48581142212ad00b3ca8d9cec815aa883ed72f2f0cbae59a56ed80562832
  25. 06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268
  26. f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12
  27. 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
  28. 9b95baa91c2e92756da970d7846b6c14
  29. b7703a59c39a0d2f7ef6422945aaeaaf061431af0533557246397551b8eed505
  30. 411b2ed12df1ace6559d3ea666c672617ce23e2ace06806bb53c55bcccb83303
  31. 8729815f87f4186fd46d52418c1b7ae2a54aebcf
  32. 254b7cca40f9e624b21841f60bff0919
  33. 66c27ef465437a28bc13ced74253a712af3cf3ac
  34. 9bac4d59b06239ac6e5cf124e3d8bb13a7145547
  35. bd79aec521aa9f0cec374d57692b540b7b5a6ea8
  36. 21a435ecaa7b86efbec7f6fb61fcda3da686125c
  37. af4066ca0ae65ac63de6af60f46a9b23bb6dbfee
  38. e624e606597f8ae8a5522cd9547afd7c
  39. a5bfb7a7bfaf645edc78e30796d38508603ae1ea7aa76484138433badcdab329
  40. a53a9ca8a074c7108f8412c3f8c1fc5d
  41. 67e8e85e6e316cd3008a7d8ce0d72064416c7a00
  42. f150d19c57a910d714ef773a470bbb8ad88185f4b4713852fce706a1e7482b59
  43. 5a4164420db1e1bb6803981aada44b4e728914f7356d90ca91dd13cfdb097900
  44. 4373fefdec70547cb513be8e908997033197dc86
  45. 2674ad25fabe97a9eb10dcdbd32e4c9d
  46. 68225c5613afe2174ed46e074147676b0f9a3915
  47. 4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00
  48. 56dfe55b016c08f09dd5a2ab58504b377a3cd66ffba236a5a0539f6e2e39aa71
  49. 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
  50. 86233a285363c2a6863bf642deab7e20f062b8eb
  51. 5cdabf41672241798bcca94a7fdb25974ba5ab2289ebadc982149b3014677ae3
  52. 56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7
  53. a97a28276e4f88134561d938f60db495
  54. 2c6233c8dbc560027ee1427f5413e4b1
  55. d96762faa2323ba1e43e794ccf3ac2ba6674fa235d50bb4260766a2ea3156e0c
  56. 0ba2306ec15f7124fafc7615e81f34c7986ba9a5
  57. d6e7547ad7dfd1fbc62e8282aebcc391
  58. fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68
  59. f3897381b9a4723b5f1f621632b1d83d889721535f544a6c0f5b83f6ea3e50b3
  60. 54de95cc33834a2f877ba4842860af27
  61. 8a6a78d23159084ce8063b01d838444a651bdc54
  62. 24a42a912c6ad98ab3910cb1e031edbdf9ed6f452371d5696006c9cf24319147
  63. 21e3dba05111c86468bd060a51e6884c0954940d7b2d8f0ca3f72687e2d5fbac
  64. 5537c708edb9a2c21f88e34e8a0f1744
  65. f65f27e8541da17f46ea61fb5896287d7f16684824eb8df6bb966479efceffc5
  66. f588802958c35fe18eb87bc36651a3d1
  67. d842bc9b4a6491c7955d9b645aea1a56b2531f59
  68. 9e82ee5bde6b5d29281a3c280e6d1f2e
  69. e3bba315a700fa7d10f86aa47db3346c799c0b0786717e8b73512d5439125b1d
  70. d34ca886266b7ce5f75f4caaa6e48f61e194bb55605c2bc4032ba8af5580b2e7
  71. 18033a3e5dddb1c155f5c68d5ccbb49e0072cef92f21104536b6d20040540660
  72. 9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454
  73. 707f55096157aaf84174c2238f56f7addcd76f8d
  74. 54ff98956c3a0a3bc03a5f43d2c801ebcc1255bed644c78bad55d7f7beebd294
  75. 0f73b467ff03f9224c024f4eb3aecedb
  76. 8208c9c1d7e1ceafe552500557dd5af6fffe64bfc20bc7bcc348a1ffce8ab658
  77. 73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a
  78. 7543750b905175ce1ad18774852d945003cb9bde
  79. 01735bb47a933ae9ec470e6be737d8f646a8ec66
  80. 0f9cd505df07e4ebfff3fe61b689e527
  81. dbcad7f3121dd0ccbcac1315337b25789fa86ca976472bea0531762d87b801a3
  82. de5e2c06fc430da77cb7ee8db936c3664d5ef6bd
  83. b16e217cdca19e00c1b68bdfb28ead53b20adeabd6edcd91542f9fbf48942877
  84. b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6
  85. 8c57b97b04d7eabbae651c3400a5e6b897aea1ae8964507389340c44b99c523a
  86. 2c89a18944d3a895bd6432415546635e
  87. eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7
  88. 077ab28d66abdafad9f5411e18d26e87fe43da1410ee8fe846bd721ab0cb52de
  89. df5ab9015833023a03f92a797e20196672c1d6525501a9f9a94a45b0904c7403
  90. 11af4566539ad3224e968194c7a9ad7b596460d8f6e423fc62d1ea5fc0724326
  91. a912233df115e5002f95d55ba0481e6bff798ed3
  92. 6ee94f6bdc4c4ed0fff621fec36c70ff093659ed
  93. e97bdf7fafb1cb2a2bf0a4e14f51e18a34f3ff2f6f7b99731e93070d50801bef
  94. be2b45b7df8e7dea6fb6e72d776f41c50686c2c9cfbaf4d456bcc268f10ab083
  95. 58d529bfaf7209b27c9b920e412fc140
  96. 597de376b1f80c06d501415dd973dcec
  97. cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e
  98. 0b64ee06e7b34f8d44ec47ff2fbf9f10f6753103
  99. 888fa36b196c9b7722026e366fc574015fb7b552
  100. 94f05495eb1b2ebe592481e01d3900615040aa02bd1807b705a50e45d7c53444
  101. e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69
  102. f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
  103. e078778b62796bab2d7ab2b04d6b01bf
  104. 33fe6dc935c1b0df70761d05e26a00f8e5223087
  105. 83c6c1bb37c9071e569aa4b247e54ab763bbf5da
  106. ee24110ddb4121b31561f86692650b63215a93fb2357b2bd3301fabc419290a3
  107. 37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30
  108. 19bbc2daa05a0e932d72ecfa4e08282aa4a27becaabad03b8fc18bb85d37743a
  109. 5288353d7946566a1247f78239a98b2c859071c1547ce3f6db88ebae43db5f40
  110. 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
  111. 47ec51b5f0ede1e70bd66f3f0152f9eb536d534565dbb7fcc3a05f542dbe4428
  112. 1979530e00102fd69aa217aeda725571e91d99a04610187d367760f2c04c86ec
  113. 4cf09f8fd5385c4b8414fb6163d831164f1f25c8
  114. c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8
  115. 1406e538fc441e89ce3d1747017f97a5
  116. fb9cb023e9e209b51dc8128036564a70e7015d03247ef4a49525c2fc902e4808
  117. 8f31f69f88a75d5faab4f94cfc2ec8a649fe1a24
  118. 1334f20e9559777fba749918a72bf174f0ab2437059161027d2f29949e9845e5
  119. 7e6d9dac619c04ae1b3c8c0906123e752ed66d63
  120. 39300863bcaad71e5d4efc9a1cae118440aa778f
  121. 58bb9dab4e9b3aa2fd1e7a7b17d2eeb1
  122. 794a0b6f21d80a426ac33a706a962b66a6cc0492
  123. bc65ed919988c8e4b8f5a1cd371745456601700a
  124. 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
  125. a9da26cba0230c60880b1bec3f391ab43095de01
  126. 338d4f4ec714359d589918cee1adad12ef231907
  127. 389b12da259a23fa4559eb1d97198120f2a722fe
  128. 74096848382ffb86a5ff0c7811b9867ad97f83d3f406b2c5aa9f357e1619fe21
  129. a1aad716ef61cc29379a4fd096f891f86b3aa8c4aea038a09b59e61cc1d36302
  130. 13fe3c1072ce308192994f2d7b329f7c8cbb192d49bdb538872383192d133ebb
  131. 5c62cdf97b2caa60448619e36a5eb0b6
  132. 3e2272b916da4be3c120d17490423230ab62c174
  133. 6bc8e3505d9f51368ddf323acb6abc49
  134. 485f804ddf201224915ed9df0112109b
  135. f3d09afc535097b0c5523579054b381e73ca58a2568e028fac0046ce73139d54
  136. c0979ec20b87084317d1bfa50405f7149c3b5c5f
  137. 3a24cd31c8287f7ee7336936a95f82b5d71a3746d210b4240869f3e3f5b34208
  138. cb77734eda7de79cd8ccedfb70f2a26c4c2847ad
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for qilin

CVE-2025-5777
CVE-2025-53771
CVE-2025-53770
CVE-2025-49706
CVE-2025-49704
CVE-2025-49113
CVE-2025-42999
CVE-2025-42980
CVE-2025-42966
CVE-2025-42964
CVE-2025-42963
CVE-2025-32433
CVE-2025-31324
CVE-2025-31161
CVE-2025-30012
CVE-2025-26633
CVE-2025-24071
CVE-2025-0282
CVE-2025-0108
CVE-2024-55956
CVE-2024-55591
CVE-2024-4577
CVE-2024-26169
CVE-2024-21893
CVE-2024-21887
CVE-2024-21762
CVE-2023-48788
CVE-2023-46805
CVE-2023-41570
CVE-2023-27997
CVE-2023-27532
CVE-2022-42475
CVE-2019-18935
Other

T1486

T1486

T1490

T1490

T1021

T1021

T1562

T1562

T1080

T1080

T1078

T1078

T1547

T1547

T1059

T1059

T1021.001

T1021.001

T1036

T1036

T1040

T1040

T1210

T1210

Victims(200)

CompanyDomainCountryIndustryStatusDiscovered
JNP ENGManufacturing
Claimed
about 11 hours ago
MarketJoyProfessional Services
Claimed
about 11 hours ago
Eat SaladHospitality
Claimed
about 11 hours ago
MEISA - Sinesmeisa-e.comPT PortugalEnergy & Utilities
Claimed
about 13 hours ago
Nova Medical ProductsUS United StatesRetail & E-Commerce
Claimed
1 day ago
Clinica MaitenesCL ChileHealthcare
Claimed
1 day ago
Sinomax USAsinomax-usa.comUS United StatesManufacturing
Claimed
6 days ago
Mindpath College Healthcollege.mindpath.comUS United StatesHealthcare
Claimed
6 days ago
Carton Craft Supplycartoncraftsupply.comUS United StatesManufacturing
Claimed
6 days ago
Gallun Snow Associatesgallunsnow.comUS United StatesProfessional Services
Claimed
6 days ago
Kennedy, McLaughlin & Associateskennedymclaughlin.com.auAU AustraliaProfessional Services
Claimed
6 days ago
HumanEdgehumanedge.comUS United StatesTechnology
Claimed
6 days ago
Providence Medical Groupprovmedgroup.comUS United StatesHealthcare
Claimed
6 days ago
Jens Jensenjensjensen.dkDK DenmarkOther
Claimed
6 days ago
Osool Poultryosoolpoultry.comSA Saudi ArabiaOther
Claimed
6 days ago
Martinez & Shankenaztaxcpa.comUS United StatesProfessional Services
Claimed
6 days ago
Otthon Centrumoc.huHU HungaryRetail & E-Commerce
Claimed
7 days ago
Mainstreet Organization of REALTORSUS United StatesProfessional Services
Claimed
7 days ago
Shocco SpringsUS United StatesHospitality
Claimed
7 days ago
Roofing SolutionsUS United StatesOther
Claimed
7 days ago

Page 1 of 10

Affected countries(107)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇱Albania🇦🇴Angola🇦🇷Argentina🇦🇹Austria🇦🇺AustraliaAruba🇦🇿Azerbaijan🇧🇦Bosnia and Herzegovina🇧🇧Barbados🇧🇩Bangladesh🇧🇪BelgiumBolivia, Plurinational State of🇧🇷Brazil🇧🇸Bahamas🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇴Dominican Republic🇪🇨Ecuador🇪🇪Estonia🇪🇬Egypt🇪🇸Spain🇪🇹Ethiopia🇫🇮Finland🇫🇯Fiji🇫🇷France🇬🇦Gabon🇬🇧United Kingdom🇬🇭Ghana🇬🇷Greece🇬🇹Guatemala🇭🇰Hong Kong🇭🇳Honduras🇭🇷Croatia🇭🇹Haiti🇭🇺Hungary🇮🇩Indonesia🇮🇪Ireland🇮🇱IsraelIsle of Man🇮🇳India🇮🇹ItalyJersey🇯🇲Jamaica🇯🇴Jordan🇯🇵Japan🇰🇪KenyaKorea, Republic of🇰🇼Kuwait🇱🇷Liberia🇱🇺Luxembourg🇲🇦Morocco🇲🇬Madagascar🇲🇲MyanmarMacao🇲🇹Malta🇲🇺Mauritius🇲🇽Mexico🇲🇾Malaysia🇲🇿Mozambique🇳🇦Namibia🇳🇪Niger🇳🇮Nicaragua🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇴🇲Oman🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇱Poland🇵🇹Portugal🇵🇼Palau🇵🇾Paraguay🇶🇦Qatar🇷🇴Romania🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇸🇳Senegal🇸🇻El SalvadorSwaziland🇹🇭Thailand🇹🇱Timor-Leste🇹🇳Tunisia🇹🇷Turkey🇹🇹Trinidad and TobagoTaiwan, Province of China🇺🇦Ukraine🇺🇬Uganda🇺🇸United States🇺🇾UruguayVenezuela, Bolivarian Republic of🇻🇳Vietnam🇾🇪Yemen🇿🇦South AfricaGlobal