Active ransomware operator
← All groupsHellokitty
aka FiveHands · 0 victims indexed · last activity 5 years ago
0
Victims indexed
—
Active period
—
Countries hit
At a glance
- Status
- active
- Aliases
- FiveHands
- First seen
- —
- Last activity
- 5 years ago
- Onion sites
- 1 known endpoint
About
Auto-discovered from ransomware tracking sources
References
33 linksExternal sources curated by the MISP threat-intel community.
- blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group
- blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html
- soolidsnake.github.io/2021/07/17/hellokitty_linux.html
- unit42.paloaltonetworks.com/emerging-ransomware-groups/
- bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/
- crowdstrike.com/blog/hypervisor-jackpotting-ecrime-actors-increase-targeting-of-esxi-servers/
- esentire.com/blog/conti-affiliate-exposed-new-domain-names-ip-addresses-and-email-addresses-uncovered-by-esentire
- govinfosecurity.com/vice-society-ransomware-gang-disrupted-spar-stores-a-18225
- microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
- vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf
- blog.bushidotoken.net/2022/05/gamer-cheater-hacker-spy.html
- blog.malwarebytes.com/threat-spotlight/2021/03/hellokitty-when-cyberpunk-met-cy-purr-crime/
- blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html
- id-ransomware.blogspot.com/2020/11/hellokitty-ransomware.html
- labs.sentinelone.com/hellokitty-ransomware-lacks-stealth-but-still-strikes-home/
- medium.com/proferosec-osm/static-unpacker-and-decoder-for-hello-kitty-packer-91a3e8844cb7
- twitter.com/fwosar/status/1359167108727332868
- advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape
- advintel.io/post/enter-karakurt-data-extortion-arm-of-prolific-ransomware-group
- bleepingcomputer.com/news/security/hellokitty-ransomware-is-targeting-vulnerable-sonicwall-devices/
Detection · YARA rules
2 rulesransom_Linux_HelloKitty_0721
YARA rule from ATR/Trellix: ransomware/RANSOM_Linux_HelloKitty0721.yar
source: ATR/Trellix
to
YARA rule from ATR/Trellix: ransomware/RANSOM_Linux_HelloKitty0721.yar
source: ATR/Trellix
Recent victims
Loading…
Onion infrastructure
1 known- http://3r6n77mpe737w4sbxxxrpc5phbluv6xhtdl5ujpnlvmck5tc7blq2rqd.onion
Source
Updated 5 years agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.