d0glun details

Description

D0glun is a crypto-ransomware strain first observed in January 2025, believed to be derived from Babuk via an intermediary variant known as Cheng Xilun. It uses AES-256 symmetric encryption and appends filenames with patterns such as .@D0glun@ or similar. The malware encrypts files rapidly, changes the desktop wallpaper, and drops ransom notes typically named @[email protected], Desktopcxl.txt, or help.exe. The campaign has shown signs of shared infrastructure and code reuse from Cheng Xilun, but there is no confirmed evidence of a large-scale or mature operation. Its activity so far suggests it is being tested or deployed by a small group or individual rather than a structured affiliate network.

External Analysis
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/d0glun
https://www.pcrisk.com/removal-guides/31986-d0glun-ransomware
https://bazaar.abuse.ch/browse/signature/D0glun/
https://cs.beta.fletch.ai/p/d0glun

External Analysis

https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/d0glun

https://www.pcrisk.com/removal-guides/31986-d0glun-ransomware

https://bazaar.abuse.ch/browse/signature/D0glun/

https://cs.beta.fletch.ai/p/d0glun

Telegram
@CXL13131

@CXL13131

Other
QQ ID: 424714982

Other

QQ ID: 424714982

Url	Status	Screen	Uptime 30d	Health
http://33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion	Down		0%

Url

Status

Screen

Uptime 30d

Health

http://33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion

Down

D0Glun

Description

Note