Qilin
Also known as Pestilent Mantis, Agenda
Reports
161
First seen
Aug 19
Last seen
Jun 25
Motivation
extortion, financial, financial extortion
Targeting
Sectors
manufacturing ×18healthcare ×16other ×12professional services ×12retail ecommerce ×7education ×4financial services ×3media entertainment ×3
Victim regions
United States ×33Canada ×3Malaysia ×3Germany ×3France ×2Spain ×2Libya ×1Taiwan ×1
Top ATT&CK techniques
T1486 Data Encrypted for Impact ×13T1190 Exploit Public-Facing Application ×12T1566 Phishing ×11T1195 Supply Chain Compromise ×8T1078 Valid Accounts ×6T1021 Remote Services ×6T1041 Exfiltration Over C2 Channel ×6T1059 Command and Scripting Interpreter ×5T1133 External Remote Services ×5T1562.001 Impair Defenses: Disable or Modify Tools ×4T1105 Ingress Tool Transfer ×4T1567 Exfiltration Over Web Service ×4
Indicators
domain ×145filename ×75cve ×64hash_sha256 ×1ip_v4 ×1hash_sha1 ×1
Indicator values are available on Pro and via the API.
Associated CVEs
CVE-2026-50751 (exploited)CVE-2026-50752CVE-2026-1340 (exploited)CVE-2026-35273 (exploited)CVE-2026-41091 (exploited)CVE-2025-37899CVE-2025-40551 (exploited)CVE-2025-8088 (exploited)CVE-2026-11645 (exploited)CVE-2026-1281 (exploited)CVE-2026-20131 (exploited)CVE-2026-21509 (exploited)CVE-2026-22719 (exploited)CVE-2026-22769 (exploited)CVE-2026-2441 (exploited)CVE-2026-27022CVE-2026-33017 (exploited)CVE-2026-34908 (exploited)CVE-2026-34909 (exploited)CVE-2026-34910 (exploited)
Recent reports
High