{"id":29416287,"url":"https://github.com/usrtem/malware-classification-qilin","last_synced_at":"2025-07-11T19:02:45.859Z","repository":{"id":299834235,"uuid":"1004364163","full_name":"usrtem/Malware-Classification-Qilin","owner":"usrtem","description":"Comparative overview of malware types with a case study on Qilin ransomware operations, tooling, and tactics. Includes behavioral analysis and threat trends.","archived":false,"fork":false,"pushed_at":"2025-06-18T14:14:06.000Z","size":23191,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-18T15:26:15.855Z","etag":null,"topics":["backdoors","botnets","cyber-threat-intelligence","cybercrime","keyloggers","malware-analysis","mitre-attack","powershell","qilin","ransomware","windows-security"],"latest_commit_sha":null,"homepage":"https://github.com/usrtem/Malware-Classification-Qilin/tree/main","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/usrtem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-18T14:07:00.000Z","updated_at":"2025-06-18T14:14:09.000Z","dependencies_parsed_at":"2025-06-18T15:36:48.119Z","dependency_job_id":null,"html_url":"https://github.com/usrtem/Malware-Classification-Qilin","commit_stats":null,"previous_names":["usrtem/malware-classification-qilin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/usrtem/Malware-Classification-Qilin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrtem%2FMalware-Classification-Qilin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrtem%2FMalware-Classification-Qilin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrtem%2FMalware-Classification-Qilin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrtem%2FMalware-Classification-Qilin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/usrtem","download_url":"https://codeload.github.com/usrtem/Malware-Classification-Qilin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrtem%2FMalware-Classification-Qilin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264878580,"owners_count":23677451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoors","botnets","cyber-threat-intelligence","cybercrime","keyloggers","malware-analysis","mitre-attack","powershell","qilin","ransomware","windows-security"],"created_at":"2025-07-11T19:02:42.025Z","updated_at":"2025-07-11T19:02:45.829Z","avatar_url":"https://github.com/usrtem.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🧬 Malware Classification \u0026 Qilin Ransomware Analysis\n\nThis project explores major malware categories and trends, including a detailed case study on **Qilin ransomware**, a Ransomware-as-a-Service (RaaS) operation observed in the wild. It presents classification examples, threat actor tactics, and real-world telemetry data.\n\n## 📄 Contents\n\n- [Malware Classification Presentation (PPTX with audio narration)](https://github.com/usrtem/Malware-Classification-Qilin/blob/main/Malware%20Classification_Michael%20Twining.pptx)\n\n## 🦠 Malware Types Covered\n\nThe following categories are described and compared using behavior-based characteristics and operational roles:\n\n- **Backdoors** – Enable stealthy, persistent access for threat actors\n- **Downloaders** – Install secondary payloads post-infection; often used for persistence\n- **Worms** – Self-replicating malware that spreads laterally across networks\n- **Command \u0026 Control (C2)** – Facilitates attacker communication and remote management (botnets, proxies)\n- **Spyware / Keyloggers** – Used for surveillance, credential theft, and user tracking\n\nData from recent AV telemetry and malware trend reports is used to illustrate modern usage and prevalence.\n\n## 🔐 Qilin Ransomware Spotlight\n\nQilin, also known as Agenda, is a RaaS threat actor known for:\n- Double extortion tactics (data encryption + leak threats)\n- Use of PowerShell, credential dumping, and persistence scripts\n- Targeting both Windows and Linux platforms\n- Lateral movement via RDP and SSH\n- Disk wiping and system recovery disabling\n\nQilin leverages spear-phishing for initial access and deploys obfuscation strategies using junk code and encoded command payloads.\n\n## 🔍 Data Sources\n\n- AV-TEST global malware telemetry (Windows-focused)\n- OSINT reports from HC3 and industry research\n- Analysis of real-world ransomware campaigns and malware behaviors\n\n## 👤 Author\n\n**Michael Twining**  \nCybersecurity Researcher | Malware \u0026 Threat Intelligence | GitHub: [@usrtem](https://github.com/usrtem)  \n📫 Contact: michael.twining@outlook.com  \n🌐 Portfolio: [LinkedIn](https://www.linkedin.com/in/michael-twining) | [YouTube](https://www.youtube.com/@cybergeek-mt)\n\n## 🔐 License\n\nThis project is licensed under the [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusrtem%2Fmalware-classification-qilin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fusrtem%2Fmalware-classification-qilin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusrtem%2Fmalware-classification-qilin/lists"}