GroupProfiles: Qilin.md
Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.
Qilin's Tools
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
| Nmap | ScreenConnect | EDRSandBlast | Mimikatz | Cobalt Strike | Proxychains | fsutil | EasyUpload |
| Nping | | PCHunter | | Evilginx | | PsExec | |
| | | PowerTool | | NetExec | | WinRM | |
| | | Toshiba power management driver (BYOVD) | | | | | |
| | | Updater for Carbon Black’s Cloud Sensor AV (upd.exe) | | | | | |
| | | YDArk | | | | | |
| | | Zemana Anti-Rootkit driver | | | | | |
> [!NOTE]
> This is the list of tools that have been observed during various intrusions that lead to Qilin ransomware deployment.
#### Sources
| Date Published | Report |
|---|---|
| 25 April 2025 | https://redpiranha.net/news/qilin-ransomware-all-you-need-know |
| 1 April 2025 | https://news.sophos.com/en-us/2025/04/01/sophos-mdr-tracks-ongoing-campaign-by-qilin-affiliates-targeting-screenconnect/ |
| 10 March 2025 | https://www.picussecurity.com/resource/blog/qilin-ransomware |
| 19 June 2024 | https://www.secureworks.com/research/threat-profiles/gold-feather |
| 26 March 2024 | https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html |
| 25 August 2022 | https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html |