Ransomware Group: QILIN

VICTIM NAME: grupobocel[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page associated with grupobocel[.]com carries a post date of September 25, 2025. The metadata does not clearly identify the victim’s industry, and the entry presents the incident as a data-leak event rather than an encryption of systems. The page includes a gallery of eight images that appear to be screenshots of internal documents or records, intended to illustrate the data the actors claim to have exfiltrated. A claim URL is indicated on the page, suggesting an external link for additional data or instructions, though the destination URL is not shown in the provided data. The body excerpt references contact channels (a Jabber handle) and an FTP location, but those contact details are redacted in the published data to protect PII. No ransom amount is disclosed in the available information.

The page’s image gallery comprises eight images, described as screenshots of internal documents. These images are referenced as being hosted on onion-address style locations in the raw data; the actual URLs are defanged and not reproduced here. The presence of these visuals supports a data-leak claim and aligns with ransomware leak patterns that threaten public release of stolen information. The post emphasizes data exposure rather than a clearly documented encryption of a live environment, and there is no explicit ransom figure provided in the supplied fields. The victim name remains grupobocel[.]com, while other organization identifiers present in the text are not the focus of this CTI summary.