Zero-Dwell Threat Intelligence Reports

Paradise Ransomware Build Detected With Packed PE32+ Layout and Aggressive File-Targeting Logic.exe

64bits payload

Qilin Variant Shows Veeam Indicators, RSA Public Key, and Extensive Network Enumeration.exe

detect-debug-environment

Qilin Loader Executes Process Killing, Enterprise Enumeration, and Full Filecoder Workflow.exe

detect-debug-environment spreader payload

High-Severity Qilin Sample Exhibits Spreader/Evader Traits and Tor-Based Extortion Workflow.exe

detect-debug-environment checks-user-input spreader

Qilin Surfaces With Full Extortion Note, Onion Domains, and Privileged Service Manipulation.exe

detect-debug-environment spreader

Qilin Build Surfaces Media-Linked Extortion Note, Hardened AES/RSA Pipeline.exe

detect-debug-environment

BQTLock Exhibits AES/RSA Encryption, User-Creation Abuse, and Multi-Channel C2 Traits.exe

64bits idle

Delphi-Compiled Vilsel/Qilin Trojan Uses Overlay Payload & WinExec Launching for Stealth Execution.exe

overlay spreader

Qilin Demonstrates Privileged Service Manipulation & Enterprise-Wide Discovery Behavior.exe

detect-debug-environment checks-user-input idle

Agenda/Qilin Shows RSA Public Key, Veeam Indicators, and Large-Scale Network Enumeration.exe

detect-debug-environment

BQTLock Uses OpenSSL Crypto, Discord Indicators, and libcurl Exfiltration in Packed Payload.exe

64bits overlay

Qilin Shows RSA Public Key, Veeam Indicators, and Extensive Network Enumeration.exe

detect-debug-environment