216.73.217.22

Qilin

· Published 20/12/2025 08:53 · Modified 10/06/2026 13:00 · Source: Ransomware.Live

Essential information

Confidence
100/100
Published
20/12/2025 08:53
Modified
10/06/2026 13:00
Updated at
10/06/2026 13:00
Revoked
No
Author / Source
Ransomware.Live
Resource level
Primary motivation
Related entities
8 reports, 35 attack patterns (mitre), 4 malware, 16 sectors, 25 countries, 58 indicators, 3 vulnerabilities (cve), 104 organization

Description

Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryption modes; all of which are controlled by the operator. Qilin actors practice double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data.

Marking (TLP)

TLP:CLEAR

Labels

ransomware

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (8)

Attack patterns (MITRE) (35)

  • T1068 uses
    Exploitation for Privilege Escalation
  • T1105 uses
    Ingress Tool Transfer
  • T1560 uses
    Archive Collected Data
  • T1573 uses
    Encrypted Channel
  • T1055 uses
    Process Injection
  • T1033 uses
    System Owner/User Discovery
  • T1082 uses
    System Information Discovery
  • T1489 uses
    Service Stop
  • T1543 uses
    Create or Modify System Process
  • T1070.001 uses
    Clear Windows Event Logs
  • T1222 uses
    File and Directory Permissions Modification
  • T1071.001 uses
    Web Protocols
  • T1190 uses
    Exploit Public-Facing Application
  • T1566 uses
    Phishing
  • T1046 uses
    Network Service Discovery
  • T1567 uses
    Exfiltration Over Web Service
  • T1083 uses
    File and Directory Discovery
  • T1018 uses
    Remote System Discovery
  • T1133 uses
    External Remote Services
  • T1087.002 uses
    Domain Account
  • T1053 uses
    Scheduled Task/Job
  • T1090 uses
    Proxy
  • T1048 uses
    Exfiltration Over Alternative Protocol
  • T1589.002 uses
    Email Addresses
  • T1110 uses
    Brute Force
  • T1486 uses
    Data Encrypted for Impact
  • T1021.001 uses
    Remote Desktop Protocol
  • T1078 uses
    Valid Accounts
  • T1070 uses
    Indicator Removal
  • T1059.001 uses
    PowerShell
  • T1057 uses
    Process Discovery
  • T1484.001 uses
    Group Policy Modification
  • T1537 uses
    Transfer Data to Cloud Account
  • T1490 uses
    Inhibit System Recovery
  • T1176 uses
    Software Extensions

Malware (4)

  • KaWaLocker 2.0 uses
    Family
    Published 19/08/2025 18:06 · Modified 19/08/2025 18:06
  • SystemBC uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • KaWaLocker uses
    Family
    Published 19/08/2025 18:06 · Modified 19/08/2025 18:06
  • Cobalt Strike - S0154 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40

Sectors (16)

  • Consumer Services targets
  • Education targets
  • Technology targets
  • Retail targets
  • Transportation targets
  • Healthcare targets
  • Finance targets
  • Manufacturing targets
  • Business Services targets
  • Energy targets
  • Telecommunications targets
  • Construction targets
  • Agriculture Food Production targets
  • Transportation/Logistics targets
  • Wholesale trade targets
  • Hospitality Tourism targets

Countries (25)

  • Italy targets
  • Germany targets
  • Colombia targets
  • Netherlands targets
  • Japan targets
  • Belgium targets
  • Mexico targets
  • Finland targets
  • Jordan targets
  • Austria targets
  • United Kingdom of Great Britain and Northern Ireland targets
  • Tunisia targets
  • Malaysia targets
  • Sweden targets
  • Taiwan targets
  • United States of America targets
  • India targets
  • Thailand targets
  • Puerto Rico targets
  • Argentina targets
  • Singapore targets
  • Republic of Korea targets
  • Peru targets
  • Australia targets
  • Poland targets

Indicators (58)

  • d1347f4dccebf2fcd672dcef9c66c91b9d3f12b9881e3e390626927718fda616 related
  • 209.182.225.136 related
  • e705f69afd97f343f3c1f2bc6027d30935a0bfd29ff025c563f6f8c1f9a7478e related
  • cloud.screenconect.eu related
  • 0b9b0715a1ffb427a02e61ae8fd11c00b5d086eb76102d4b12634e57285c1aba related
  • fadfef5caf6aede2a3a02a856b965ed40ee189612fa6fde81a30d5ed5ee6ae7d related
  • cloud.screenconnect.cl related
  • 6ce228240458563d73c1c3cbbd04ef15cb7c5badacc78ce331848f5431b406cc related
  • [email protected] related
  • cloud.screenconnect.com.so related
  • 011df46e94218cbb2f0b8da13ab3cec397246fdc63436e58b1bf597550a647f6 related
  • cloud.screenconnect.com.ly related
  • cloud.screenconnect.is related
  • 8fe746dd277e644fa0337db3394f0eadfafe57df029e13df9feef25c536adf4d related
  • 792182b7c5a56e5ccefd32073dc374e66c6a4e7981075e3804f49a276878e0fb related
  • cloud.screenconnect.com.bo related
  • e129dd5cc80f39b24db489df999c847335d169910bd966814d2f81b0b1bbc365 related
  • account.microsoftonline.com.ec related
  • cloud.screenconnect.com.se related
  • ef3e42e5fa24acaee2428ff0118feb2be925bfe6b1ea4eccce8b70a7ac5ab2cc related
  • 2fcloud.screenconnect.com.ms related
  • 162.33.177.101 related
  • 33a0121068748f6e6149bc6104228a81aecdfed387d7eb7547d95481e60150b7 related
  • 38.54.107.167 related
  • cloud.screenconect.com.mx related
  • b60ef95da28cba0d44cad8d03121b0bec3bc3865044d010cffb8450629d91c9f related
  • 9da70c521b929725774c3980763a4aed9baf9de4e6f83fc8f668c3a365a55f82 related
  • f3a6d4ccdd0f663269c3909e74d6847608b8632fb2814b0436a4532b8281e617 related
  • cloud.screenconnect.com.ph related
  • holapor67.top related
  • dbe9ed8e8e8cdff3670e7205cb9f11b5a0fa9d1983a6c6bab67527d8775c4ffd related
  • cloud.screenconnect.com.vc related
  • 144.208.127.155 related
  • fdf6b0560385a6445bd399eba03c8662be9e61928d6cbc268d550163a5a09285 related
  • 08224e4c619c7bbae1852d3a2d8dc1b7eb90d65bba9b73500ef7118af98e7e05 related
  • b52917b0658cd2a9197e6bb62bade243ee1ad164f2bb566f3a1e09dfa580397f related
  • kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion related
  • cloud.screenconnect.com.ng related
  • 45.61.136.173 related
  • ji57fr53anp7wb44tbbnp72qcgbhqywy4jmbncawdcrejj5amuvh3zqd.onion related
  • 38.60.157.139 related
  • d3af11d6bb6382717bf7b6a3aceada24f42f49a9489811a66505e03dd76fd1af related
  • wikileaksv2.com related
  • 912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9 related
  • 45c8716c69f56e26c98369e626e0b47d7ea5e15d3fb3d97f0d5b6e8997299d1a related
  • dd29138bf369863c33402a3fc995458ab5fc015a13a9378022131ab31d940c9f related
  • cloud.screenconnect.com.cm related
  • cloud.iscreenconnect.com related
  • cloud.screenconnect.com.am related
  • 38.54.88.201 related
  • aeddd8240c09777a84bb24b5be98e9f5465dc7638bec41fb67bbc209c3960ae1 related
  • ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion related
  • a068f595472c4f94baf1c2a8fba6831a327514e24ec4b38e1eee2cf1646b1591 related
  • cloud.screenconnect.co.za related
  • 38ddde36929a2ddf13b1844973550072c41004187eaa2456f86e20aa93036b18 related
  • regsvchst.com related
  • [email protected] related
  • cloud.screenconnect.com.ms related

Vulnerabilities (CVE) (3)

CVE-2023-27532 KEV
7.5 High

Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …

Attack vector
Network
Published
22/08/2023
Modified
27/05/2026
CVE-2026-50751 KEV
9.3 Critical

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker …

Attack vector
NETWORK
Complexity
LOW
EPSS
0.0001 (P1.2%)
Published
08/06/2026
Modified
10/06/2026
CVE-2026-50752
7.4 High

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle …

Attack vector
Network
Complexity
High
Published
08/06/2026
Modified
10/06/2026

Organization (104)

  • CoreHQ targets
  • Cedar Valley Services targets
  • BTX Global Logistics targets
  • Publicidad Sarmiento targets
  • SEIMITSU THAI COMPANY LIMITED targets
  • STESAD targets
  • Root Security targets
  • Felix Gonzalez Law Firm targets
  • сj Global targets
  • Arimex Importadora targets
  • Maison Law targets
  • Silvon Software targets
  • LogicVein targets
  • Shore Gardens Rehabilitation & Nursing Center targets
  • Jacobs & Sons targets
  • Atalian targets
  • Hongfa America targets
  • National Biscuit Industries targets
  • Happy Telecom targets
  • MCC Economics targets
  • Dom Development targets
  • Hopital La Rabta targets
  • PODOVIA targets
  • Lasercomb targets
  • Special Shapes Refractory targets
  • TDS Construction targets
  • Victoria Benelux targets
  • RetireRight Financial Planning targets
  • Besco Electrical targets
  • GOOD+ Foundation targets
  • Sugawara Laboratories targets
  • GIV SRL targets
  • A-Fast Tile & Coping targets
  • Health Bridge Chiropractic targets
  • Berkmann Wine Cellars targets
  • Lugiano Medical targets
  • Josh Steel targets
  • Jing Cheng Enterprise Co., Ltd. targets
  • mdm®NT targets
  • Bangchak Corporation targets
  • Sievert Electric Service and Sales targets
  • Von Weise Associates targets
  • Telstar-Hommel targets
  • loginport targets
  • Anteriad targets
  • hollu Systemhygiene targets
  • Syed Professional Services targets
  • Georgia Dermatology & Skin Cancer Center targets
  • Grandes Vinos targets
  • Goodwin College targets
  • Eastern Townships School Board targets
  • IAPMO targets
  • Jaf Gifts targets
  • Sintac Recycling targets
  • Rio supermarket targets
  • Tommotek targets
  • Typhoo Tea targets
  • Farmacia San Pablo targets
  • Hometech Window targets
  • Fürth targets
  • Cal Spas, Inc. targets
  • USArt targets
  • Questica targets
  • Shah Law Office targets
  • Sipl targets
  • Omega Optical targets
  • Dolan Construction targets
  • Grupo Amanus targets
  • Curtiembre Austral S.R.L. targets
  • Integrated Technology Group targets
  • Millard Manufacturing targets
  • Sönmezler Metal targets
  • La Papelera targets
  • Ellison Educational Equipment targets
  • Secorp Industries targets
  • Jadtec Security Services targets
  • SW/WC Service Cooperative targets
  • Fortress Systems targets
  • MG Chartered Professional Accountant targets
  • Madera County Superintendent of Schools targets
  • Sai Oral SurgeryOral targets
  • Duffy's Sports Grill targets
  • NECO Equipment targets
  • daispa.it targets
  • Z-Tronix targets
  • Affinity Designs targets
  • Luminex Software targets
  • Acme Electric targets
  • Scenic Solutions targets
  • Arca Service targets
  • Club Atlético River Plate targets
  • Ruhnau Clarke targets
  • Tlechaim targets
  • Callipo Group targets
  • Spring Grove Area School District targets
  • Biogel targets
  • Commercial Paving targets
  • SV-Büro Ing. Schulz GmbH targets
  • Enviaseo ESP targets
  • KOPA Kozmetik A targets
  • RWB Consulting Engineers targets
  • Lynn Electrical targets
  • Universiti Sains Islam Malaysia targets
  • FMRS Health Systems targets