[QILIN] – Ransomware Victim: Domy

AI Generated Summary of the Ransomware Leak Page

Domy is identified as the victim in a ransomware leak post attributed to the threat actor group qilin. The leak page is dated 2025-10-27 15:23:38.521010, which is presented as the post date since no explicit compromise date is provided in the data. The post frames the incident as a data-leak event rather than a straightforward encryption of systems, indicating that data was exfiltrated and that the attackers may release the stolen material or otherwise disclose it. The victim’s industry is not specified in the available data, and no country is listed. A claim URL is indicated on the page, signaling the attackers’ intent to release the exfiltrated data, though the excerpt does not specify any ransom amount. The body references a TOX hash and an FTP-based data-share resource, which aligns with the standard leak-page workflow used by ransomware operators.

Three images are referenced on the leak page; they are described only as visual assets (likely screenshots) without detailed captions in the provided excerpt. The page includes an FTP link to a data-share host with credentials, but any emails or contact details are redacted in the data provided. The summary does not reveal any explicit ransom figure or a detailed description of the disclosed files. Taken together, the material is consistent with a data-leak publication associated with the Domy incident and attributed to qilin.