← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Qilin Ransomware A Double Extortion Campaign
WHITE Qilin PetrP.73 2025-12-29 Modified: 2026-01-28
8
IOCs
LOW VOLUME
Qilin ransomware, also known as "Agenda," represents a significant cyber threat that has been increasingly active since its emergence in 2022, particularly after the decline of RansomHub. Operating under a Ransomware-as-a-Service (RaaS) model, Qilin has been leveraging a double extortion strategy. This involves not only encrypting a victim's data but also stealing sensitive information and threatening to release it to intensify pressure on victims for ransom payments. Qilin's primary targets are sectors like healthcare, manufacturing, education, and critical infrastructure, with a focus on organizations that have high financial value, including public entities like state and local governments.
qilinjunejulyagendawindowssha256augustraasaprilhashesransomwarepsexeccybermissionransomhubsectorrustindonesiacriticalpowershellastersharepointwinrarincognitoimpactmimikatzanydeskwinscpcoroxycobalt strikemonitoringlinuxpathology labcombines linux
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (8)
All CVE FileHash-MD5 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-21762 2025-12-29
CVE CVE-2024-55591 2025-12-29
FileHash-MD5 ef3e42e5fa24acaee2428ff0118feb2b 2025-12-29
URL http://m.ms/suKcHZYV/1/010001948f5ca 2025-12-29
hostname fcloud.screenconnect.com.ms 2025-12-29
hostname cloud.screenconnect.com.ms 2025-12-29
hostname cloud.screenconnect.co 2025-12-29
hostname b8dymnk3.r.us-east1.awstrack.me 2025-12-29
References (1)
↗ https://cyberflorida.org/qilin-ransomware-a-double-extortion-campaign/