216.73.217.86

Cisco Talos: Qilin EDR killer infection chain

· Published 02/04/2026 15:23 · Modified 02/04/2026 18:02

Export JSON

Essential information

Published
02/04/2026 15:23
Modified
02/04/2026 18:02
Tags
2026-04-02
Related entities
4 observables

Description

Endpoint detection and response (EDR) tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. The malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. It can terminate over 300 different EDR drivers from almost every vendor in the market.

External references