Qilin

Ransomware Group Profile

Overview

Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryption modes; all of which are controlled by the operator. Qilin actors practice double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data.

Dark Web Infrastructure (11)
ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion
24kckepr3tdbcomkimbov5nqv2alos6vmrmlxdr76lfmkgegukubctyd.onion
wlh3dpptx2gt7nsxcor37a3kiyaiy6qwhdv7o6nl6iuniu5ycze5ydid.onion
kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion
wikileaksv2.com
ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion
85.209.11.49
188.119.66.189
31.41.244.100.
ijzn3sicrcy7quixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvad.onion
ji57fr53anp7wb44tbbnp72qcgbhqywy4jmbncawdcrejj5amuvh3zqd.onion
Associated Threat Actors (2)
Qilin Ransomware Actors (Deprecated)Lazarus Group
Activity Timeline
First Seen2021
Last Seen2026
Leak Sites11
Quick Actions
View All GroupsThreat Actors
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001