Uptime Hamster: 15d 4h 8mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza hellokitty

hellokitty

2 incidentes 1 paises 1 sectores ransomware UA Ultimo: 2026-06-29
Aliases: hellokitty, KittyCrypt, HelloGookie, FiveHands, VICE SPIDER, DEV-0832, Vanilla Tempest, Vicesociety, PrintNightmare, HelloKitty, Zeppelin ransomware
Ver en IntelTracker → APTTrail →
HelloKitty, also known by the alias FiveHands, is a ransomware operation that first emerged in late 2020, with its initial samples observed in October. The group is characterized by its rapid adaptation of new tactics, techniques, and procedures, notably deploying both Windows and Linux variants of its ransomware, including a version targeting VMware ESXi environments. Initially, the group was assessed with moderate confidence to be of Ukrainian origin, though recent activity suggests an evolving geographic footprint with samples uploaded from Chinese IP addresses. Its primary motivation is financial gain through data encryption and extortion, employing double extortion tactics by exfiltrating data prior to encryption and threatening its release or sale. A distinguishing behavior is its customization of ransom notes, often addressing victims by name, and its use of a unique mutex, "HelloKittyMutex," upon execution. The group is also known for sometimes opening a shell terminal to displ

Aliases del actor

hellokittyKittyCryptHelloGookieFiveHandsVICE SPIDERDEV-0832Vanilla TempestVicesocietyPrintNightmareHelloKittyZeppelin ransomware

Actores similares

VICE SPIDERapt · 0vicesocietyransomware · 188ViceSocietyransomware · 0Scattered Spideractor · 2Indrik Spideractor · 1doppel-spideractor · 1salty-spideractor · 1brain-spideractor · 1skeleton-spideractor · 1bamboo-spideractor · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteunknownransomware.anggipradana.comRansomware Group: hellokitty
Malware asociado
TigerRAT, NukeSped, Andariel, TigerRAT
Tecnicas MITRE
T1568, T1057, T1106, T1083, T1078, T1189
CVEs relacionadas
CVE-2023-46604, CVE-2023-22518, CVE-2021-20023, CVE-2021-20022, CVE-2021-20021, CVE-2021-20016
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United States (1)

Paises objetivo (SOCRadar)

United Arab EmiratesArgentinaAustraliaBelgiumBrazilChinaGermanySpainFranceUnited Kingdom

Sectores atacados

Software (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesSoftware PublishersHospitalsAir TransportationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic Administration

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com