FIVEHANDS

Malware updated 4 months ago (2024-05-04T20:45:24.453Z)

Download STIX

Preview STIX

FiveHands, also known as HelloKitty, is a sophisticated form of malware that primarily targets financial institutions. It was first reported by Mandiant in April 2021 as part of a cyber threat posed by the UNC2447 group. The ransomware is typically delivered through Encryptor.exe, a loader that initiates the malicious software on the victim's device. FiveHands has been associated with other notorious ransomware strains such as Abyss Locker and DeathRansom, demonstrating its evolution and adaptability to exploit various vulnerabilities. In November 2021, the FBI issued a flash alert warning private organizations about the evolution of the FiveHands ransomware. This followed incidents where SonicWall appliances, often used by businesses for network security, were targeted by FiveHands and other ransomware gangs. The malware has also been linked to significant disruptions, including the compromise of VMware ESXi instances and CD Projekt Red, highlighting its potential for large-scale damage. PQ Hosting, a web hosting service, has been implicated in hosting infamous ransomware like FiveHands and DarkSide. Notably, DarkSide was responsible for the high-profile attack on US energy company Colonial Pipeline in 2021, leading to a shutdown of critical energy infrastructure. This incident underscores the severe real-world implications of ransomware attacks and the importance of robust cybersecurity measures to protect against threats like FiveHands.

Description last updated: 2024-05-04T16:53:17.350Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
HELLOKITTY	5	HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
DEATHRANSOM	2	Executive Summary on DeathRansom Malware DeathRansom is a malicious software strain that emerged in October 2020, characterized by its ability to encrypt files and demand ransom payments from victims. It has been linked to various ransomware families, including HelloKitty and Fivehands, which h

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
SombRAT	is related to	3	Sombrat is a sophisticated malware that poses a significant financial threat, as reported by Mandiant in April 2021. It operates in conjunction with FIVEHANDS Ransomware under the umbrella of UNC2447, a malicious cyber activity group. The malware infects systems through suspicious downloads, emails,

Source Document References

Information about the FIVEHANDS Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	7 months ago	Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
CERT-EU	8 months ago	Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	HelloKitty ransomware source code exposed
Malwarebytes	10 months ago	Apache ActiveMQ vulnerability used in ransomware attacks \| Malwarebytes
Securityaffairs	a year ago	The source code of the 2020 variant of HelloKitty ransomware was leaked on cybercrime forum
CERT-EU	a year ago	The source code of the 2020 variant of HelloKitty ransomware was leaked on cybercrime forum \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations \| CISA
CISA	a year ago	NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations \| CISA
MITRE	2 years ago	UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat \| Mandiant
MITRE	2 years ago	FiveHands Ransomware \| CISA
MITRE	2 years ago	Handy guide to a new Fivehands ransomware variant