https://github.com/usrtem/malware-classification-qilin

Comparative overview of malware types with a case study on Qilin ransomware operations, tooling, and tactics. Includes behavioral analysis and threat trends.
https://github.com/usrtem/malware-classification-qilin

backdoors botnets cyber-threat-intelligence cybercrime keyloggers malware-analysis mitre-attack powershell qilin ransomware windows-security

Last synced: 9 months ago
JSON representation

Comparative overview of malware types with a case study on Qilin ransomware operations, tooling, and tactics. Includes behavioral analysis and threat trends.

• Host: GitHub
• URL: https://github.com/usrtem/malware-classification-qilin
• Owner: usrtem
• Created: 2025-06-18T14:07:00.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-06-18T14:14:06.000Z (10 months ago)
• Last Synced: 2025-06-18T15:26:15.855Z (10 months ago)
• Topics: backdoors, botnets, cyber-threat-intelligence, cybercrime, keyloggers, malware-analysis, mitre-attack, powershell, qilin, ransomware, windows-security
• Homepage: https://github.com/usrtem/Malware-Classification-Qilin/tree/main
• Size: 22.1 MB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# 🧬 Malware Classification & Qilin Ransomware Analysis

This project explores major malware categories and trends, including a detailed case study on **Qilin ransomware**, a Ransomware-as-a-Service (RaaS) operation observed in the wild. It presents classification examples, threat actor tactics, and real-world telemetry data.

## 📄 Contents

- [Malware Classification Presentation (PPTX with audio narration)](https://github.com/usrtem/Malware-Classification-Qilin/blob/main/Malware%20Classification_Michael%20Twining.pptx)

## 🦠 Malware Types Covered

The following categories are described and compared using behavior-based characteristics and operational roles:

- **Backdoors** – Enable stealthy, persistent access for threat actors

- **Downloaders** – Install secondary payloads post-infection; often used for persistence

- **Worms** – Self-replicating malware that spreads laterally across networks

- **Command & Control (C2)** – Facilitates attacker communication and remote management (botnets, proxies)

- **Spyware / Keyloggers** – Used for surveillance, credential theft, and user tracking

Data from recent AV telemetry and malware trend reports is used to illustrate modern usage and prevalence.

## 🔐 Qilin Ransomware Spotlight

Qilin, also known as Agenda, is a RaaS threat actor known for:

- Double extortion tactics (data encryption + leak threats)

- Use of PowerShell, credential dumping, and persistence scripts

- Targeting both Windows and Linux platforms

- Lateral movement via RDP and SSH

- Disk wiping and system recovery disabling

Qilin leverages spear-phishing for initial access and deploys obfuscation strategies using junk code and encoded command payloads.

## 🔍 Data Sources

- AV-TEST global malware telemetry (Windows-focused)

- OSINT reports from HC3 and industry research

- Analysis of real-world ransomware campaigns and malware behaviors

## 👤 Author

**Michael Twining**  

Cybersecurity Researcher | Malware & Threat Intelligence | GitHub: [@usrtem](https://github.com/usrtem)  

📫 Contact: michael.twining@outlook.com  

🌐 Portfolio: [LinkedIn](https://www.linkedin.com/in/michael-twining) | [YouTube](https://www.youtube.com/@cybergeek-mt)

## 🔐 License

This project is licensed under the [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/).