FIVEHANDS

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
FiveHands, also known as HelloKitty, is a sophisticated form of malware that primarily targets financial institutions. It was first reported by Mandiant in April 2021 as part of a cyber threat posed by the UNC2447 group. The ransomware is typically delivered through Encryptor.exe, a loader that initiates the malicious software on the victim's device. FiveHands has been associated with other notorious ransomware strains such as Abyss Locker and DeathRansom, demonstrating its evolution and adaptability to exploit various vulnerabilities. In November 2021, the FBI issued a flash alert warning private organizations about the evolution of the FiveHands ransomware. This followed incidents where SonicWall appliances, often used by businesses for network security, were targeted by FiveHands and other ransomware gangs. The malware has also been linked to significant disruptions, including the compromise of VMware ESXi instances and CD Projekt Red, highlighting its potential for large-scale damage. PQ Hosting, a web hosting service, has been implicated in hosting infamous ransomware like FiveHands and DarkSide. Notably, DarkSide was responsible for the high-profile attack on US energy company Colonial Pipeline in 2021, leading to a shutdown of critical energy infrastructure. This incident underscores the severe real-world implications of ransomware attacks and the importance of robust cybersecurity measures to protect against threats like FiveHands.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
HELLOKITTY
5
HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
DEATHRANSOM
2
DeathRansom is a form of malware, specifically ransomware, known for its damaging effects on computer systems. It operates by infiltrating systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ranso
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SombRATUnspecified
2
Sombrat is a sophisticated malware that poses a significant financial threat, as reported by Mandiant in April 2021. It operates in conjunction with FIVEHANDS Ransomware under the umbrella of UNC2447, a malicious cyber activity group. The malware infects systems through suspicious downloads, emails,
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the FIVEHANDS Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat | Mandiant
MITRE
a year ago
Handy guide to a new Fivehands ransomware variant
MITRE
a year ago
FiveHands Ransomware | CISA
CERT-EU
4 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
Securityaffairs
7 months ago
The source code of the 2020 variant of HelloKitty ransomware was leaked on cybercrime forum
CERT-EU
7 months ago
The source code of the 2020 variant of HelloKitty ransomware was leaked on cybercrime forum | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
4 months ago
Infographic: A History of Network Device Threats and What Lies Ahead
Malwarebytes
6 months ago
Apache ActiveMQ vulnerability used in ransomware attacks | Malwarebytes
InfoSecurity-magazine
4 months ago
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
CERT-EU
7 months ago
HelloKitty ransomware source code exposed
CISA
7 months ago
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA
CERT-EU
4 months ago
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
CERT-EU
7 months ago
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA