Qilin (Malware Family)

Qilin

Qilin ransomware, initially observed in July 2022 under the name “Agenda,” operates on a Ransomware-as-a-Service (RaaS) model. This model allows core developers to provide their malicious software and infrastructure to affiliates in exchange for a percentage of the profits generated from attacks. The name “Qilin” references a Chinese mythological creature symbolizing power and prosperity, a fitting metaphor for the group’s perceived influence and financial objectives. Despite the Chinese name, the group is linked to Russian-speaking cybercriminals, often recruiting affiliates on Russian-language forums and notably excluding Commonwealth of Independent States (CIS) countries from its targets.

References

2025-08-18 ⋅ Medium RaghavtiResearch ⋅ BeGoodToAll
Qilin Ransomware-as-a-Service: Threat Analysis and Strategic Outlook
Qilin AgendaCrypt

2025-06-27 ⋅ TEHTRIS ⋅ Lefebvre Fabien
Rage Against the Powershell - Qilin in the Name
Qilin

2025-03-06 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Tweet about Moonstone Sleet dropping Qilin ransomware
Qilin

2023-12-03 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Linux version of Qilin ransomware focuses on VMware ESXi
Qilin

2023-11-13 ⋅ Twitter (@malwrhunterteam) ⋅ MalwareHunterTeam
Tweet on Qilin Linux Locker
Qilin

There is no Yara-Signature yet.

Qilin Propose Change

References

Qilin