[QILIN] – Ransomware Victim: Durvet

AI Generated Summary of the Ransomware Leak Page

On November 5, 2025, a ransomware leak post surfaced on a dark-web page associated with the threat actor group qilin, naming Durvet as a victim in the United States manufacturing sector. The post frames the incident as a data-leak disclosure and does not publish an explicit ransom amount in the excerpt provided. Because no compromise date is listed, the published post date is treated as the post date. The leak page notes that a claim URL is present and includes a gallery of 15 images that appear to be screenshots or thumbnails of internal documents or related materials. A hex-coded identifier labeled “TOX” accompanies the text, followed by a long hex string, which seems to function as an attacker reference for this post.

The 15 image assets are delivered via onion-hosted links, indicating the leak uses a dark-web infrastructure for distribution. The images are displayed as thumbnails, but their exact contents are not described in the excerpt. The presence of a claim URL suggests the attackers maintain a portal for extortion or disclosure of exfiltrated data. The excerpt does not reveal any explicit ransom demand or encryption status; the material focuses on showing internal materials rather than detailing the breach’s technical impact.

Taken together, the visible artifacts identify Durvet as the victim and place the event in the US manufacturing domain. The post date is November 5, 2025, and the listing includes a 15-image gallery plus an indication of a claim URL. No compromised date or ransom amount is disclosed in the excerpt. Observers should monitor for updates from the threat group and consider reviewing data security and third-party risk controls in light of potential exposure of internal documents.