Water Galura
G10500 reportsaliases · Water Galura · GOLD FEATHER
0
Reports
0
Techniques
0
Tactics
0
Countries
n/a
Hunt coverage
2
Aliases
Analyst assessment — key judgments
- No recorded activity: 0 report(s) in last 30d vs 0 prior (+0%).
- Assessment confidence: n/a.
Activity & trend
InactiveLast 30d: 0 vs 0 prior (+0%)
0
7d
0
30d
0
90d
0
All
0.0
Rpts/wk
Reporting timeline · 12 months
Overview
Analyst triage
Intelligence summary
Water Galura are the operators of the Qilin Ransomware-as-a-Service (RaaS) who handle payload generation, ransom negotiations, and the publication of stolen data for Qilin affilates recruited on Russian cybercrime forums. Water Galura have been active since at least 2022 and use a double extortion model where they demand payment for providing decryption keys and for refraining from publishing the stolen data to their leak site.(Citation: BushidoToken Qilin RaaS JUN 2024)(Citation: Sophos Qilin MSP APR 2025)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- No ATT&CK techniques associated yet.
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|