CyberDudeBivash Pvt LtdThreat Intelligence ReportQilin Ransomware – Rust Variant – November 2025Author: Bivash Kumar NayakDate: 20 November 2025
Executive SummaryRust-based cross-platform ransomwareAggressive double-extortion (data exfil + encryption)BYOVD + Safe Mode reboot techniqueTop 3 most active group in Q4 2025
Technical AnalysisLanguage: RustEncryption: AES-256-CTR (parallel) + RSA-2048File marker: .qilinTargets: 200+ extensionsAdvanced TTPs: vssadmin delete, wevtutil cl, EnableLinkedConnections
IOCsSHA256: e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527C2: secureexfil.ru / qilinc2.topTor onion: qilinpay[.]onionYARA Rule (full rule included)
Mitigation & DetectionBlock IPs/domainsHarden RDP + disable vulnerable driversImmutable backups + 3-2-1 ruleSigma rules for TTPs
References & ContactFull report: 32 pages with pcap, Rust disassembly, PoCPrivate analysis availablecontact@cyberdudebivash.comhttps://cyberdudebivash.com© 2025 CyberDudeBivash Pvt Ltd