← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Evolution of Qilin RaaS
WHITE Qilin AlienVault 2025-10-08 Modified: 2025-11-07
4
IOCs
LOW VOLUME
Qilin ransomware is used for domain-wide encryption, and a ransom is then demanded for the decryption keys and/or to prevent the publication of the stolen data. Qilin affiliates are recruited from cybercrime forums to use the Qilin RaaS platform, which handles payload generation, the publication of stolen data, and ransom negotiations.
qilinraasfin12alphvblackcatkelabitcoinnovaryukransomwareagendatoronionwikileaksphishingsupply chain attack
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Agenda Qilin
Indicators of Compromise (4)
All domain
TYPEINDICATORDESCRIPTIONCREATED
domain ji57fr53anp7wb44tbbnp72qcgbhqywy4jmbncawdcrejj5amuvh3zqd.onion 2025-10-08
domain kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion 2025-10-08
domain ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion 2025-10-08
domain wikileaksv2.com 2025-10-08
References (1)
↗ https://www.sans.org/blog/evolution-qilin-raas