FIVEHANDS

Malware updated 7 months ago (2024-05-04T20:45:24.453Z)
Download STIX
Preview STIX
FiveHands, also known as HelloKitty, is a sophisticated form of malware that primarily targets financial institutions. It was first reported by Mandiant in April 2021 as part of a cyber threat posed by the UNC2447 group. The ransomware is typically delivered through Encryptor.exe, a loader that initiates the malicious software on the victim's device. FiveHands has been associated with other notorious ransomware strains such as Abyss Locker and DeathRansom, demonstrating its evolution and adaptability to exploit various vulnerabilities. In November 2021, the FBI issued a flash alert warning private organizations about the evolution of the FiveHands ransomware. This followed incidents where SonicWall appliances, often used by businesses for network security, were targeted by FiveHands and other ransomware gangs. The malware has also been linked to significant disruptions, including the compromise of VMware ESXi instances and CD Projekt Red, highlighting its potential for large-scale damage. PQ Hosting, a web hosting service, has been implicated in hosting infamous ransomware like FiveHands and DarkSide. Notably, DarkSide was responsible for the high-profile attack on US energy company Colonial Pipeline in 2021, leading to a shutdown of critical energy infrastructure. This incident underscores the severe real-world implications of ransomware attacks and the importance of robust cybersecurity measures to protect against threats like FiveHands.
Description last updated: 2024-05-04T16:53:17.350Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
HELLOKITTY is a possible alias for FIVEHANDS. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
5
DEATHRANSOM is a possible alias for FIVEHANDS. **Executive Summary on DeathRansom Malware** DeathRansom is a malicious software strain that emerged in October 2020, characterized by its ability to encrypt files and demand ransom payments from victims. It has been linked to various ransomware families, including HelloKitty and Fivehands, which h
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The SombRAT Malware is associated with FIVEHANDS. Sombrat is a sophisticated malware that poses a significant financial threat, as reported by Mandiant in April 2021. It operates in conjunction with FIVEHANDS Ransomware under the umbrella of UNC2447, a malicious cyber activity group. The malware infects systems through suspicious downloads, emails,is related to
3
Source Document References
Information about the FIVEHANDS Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CISA
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago