The Evolution of Qilin RaaS

Oct. 8, 2025, 4:40 p.m.

Description

Qilin ransomware is used for domain-wide encryption, and a ransom is then demanded for the decryption keys and/or to prevent the publication of the stolen data. Qilin affiliates are recruited from cybercrime forums to use the Qilin RaaS platform, which handles payload generation, the publication of stolen data, and ransom negotiations.

External References

https://www.sans.org/blog/evolution-qilin-raas
https://otx.alienvault.com/pulse/68e69076a95f1726dd5d19eb
Tags
phishing
ransomware
bitcoin
qilin
ryuk
raas
tor
supply chain attack
nova
2025-10-08
onion
fin12
alphvblackcat
kela
agenda
wikileaks

Date

  • Created: Oct. 8, 2025, 4:25 p.m.
  • Published: Oct. 8, 2025, 4:25 p.m.
  • Modified: Oct. 8, 2025, 4:40 p.m.

Indicators

  • 31.41.244.100
  • wikileaksv2.com
  • ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion
  • kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion
  • ji57fr53anp7wb44tbbnp72qcgbhqywy4jmbncawdcrejj5amuvh3zqd.onion
Download all indicators here!

Attack Patterns

  • Agenda
  • Qilin
  • Qilin