HelloKitty Inactive

Cross-platform ransomware. Attacked CD Projekt Red. Also known as FiveHands.
PDF Report Back to Groups
117
Total Victims
2020-11-01
First Seen
2022-12-03
Last Seen
0
Known TTPs
29.4d
Avg Delay
12
Negotiations
ONION URLS
3r6n77mpe737w4sbxxxrpc5phbluv6xhtdl5ujpnlvmck5tc7blq2rqd.onion
TOOLS
net.exe GMER ngrok Brute Ratel
FILE EXTENSIONS
.help
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2022-12-03 Mountain Point LLC France Technology Published
2022-12-03 StrategicMechanical Belgium Energy Removed
2022-11-05 Omni Enterprises LLC Mexico Non-Profit Published
2022-11-04 Onyx & United Steel Bulgaria Retail Published
2022-11-03 GlobalWellness Latvia Financial Services Published
2022-11-03 Imperial & Legacy Farm Colombia Hospitality Published
2022-10-05 Federal Robotics LLC United Kingdom Government Published
2022-10-04 Genesis Rail GmbH United States Construction Removed
2022-09-22 Lake Bio GmbH Portugal Logistics Published
2022-09-15 LighthouseRobotics Netherlands Manufacturing Published
2022-09-11 Superior Dynamics United States Construction Published
2022-09-11 Mountain Sports GmbH Singapore Construction Removed
2022-09-08 Willow Storage Inc. Panama Energy Published
2022-09-07 Heritage Group Ltd Romania Transportation Published
2022-09-03 Venture & Summit Sports United Kingdom Food & Beverage Negotiating
2022-08-14 Wolf Build GmbH Italy Manufacturing Published
2022-08-12 Southern & Riverside Financial United States Transportation Published
2022-08-11 TriHoldings India Retail Published
2022-08-07 NewCare United States Technology Published
2022-07-28 HarborLogistics Germany Technology Published
2022-07-10 Dynamic Partners GmbH Belgium Financial Services Removed
2022-07-03 Integral Auto LLC Romania Transportation Published
2022-06-23 ExcelInsurance United Kingdom Education Published
2022-06-19 AlphaMetals Switzerland Telecommunications Removed
2022-06-15 Highland Land GmbH Argentina Manufacturing Removed
2022-06-11 Iron Health Ltd Germany Healthcare Published
2022-06-02 Quest Info Australia Telecommunications Removed
2022-05-23 Orange Cyberdefense Poland Technology Removed
2022-05-21 Tower Financial Germany Government Removed
2022-05-20 SkyLabs Czechia Technology Published
2022-05-17 Pacific Consulting Inc. Puerto Rico Manufacturing Published
2022-05-17 Pacific Plus GmbH Austria Government Removed
2022-05-07 Pacific Networks Inc. Ukraine Construction Negotiating
2022-05-04 Mid Homes Ltd Germany Healthcare Published
2022-04-26 Sun IT Inc. Ireland Government Published
2022-04-17 Euro Web Ltd United States Financial Services Published
2022-04-11 NordicTech Spain Legal Negotiating
2022-04-09 National & Venture Clinic Türkiye Aerospace & Defense Removed
2022-04-08 Titan Media LLC United States Healthcare Published
2022-04-01 Grand Supply Ltd United States Food & Beverage Published
2022-03-24 American Land GmbH Puerto Rico Healthcare Published
2022-03-21 Strategic Trade LLC Czechia Government Published
2022-03-14 Superior Corp LLC Ecuador Construction Removed
2022-03-13 Lighthouse Integrated Ltd United States Financial Services Negotiating
2022-03-11 Blue Defense New Zealand Healthcare Removed
2022-03-01 American Farm Inc. France Aerospace & Defense Published
2022-02-20 Innovative Plus Inc. Japan Financial Services Published
2022-02-17 Prairie Works GmbH United States Retail Removed
2022-02-17 United Media Ltd France Aerospace & Defense Published
2022-02-16 Magna Design LLC Poland Media & Entertainment Published
2022-02-15 PatriotIntel Switzerland Technology Published
2022-02-15 New Design United States Technology Published
2022-02-05 Sierra Mining Ltd United Arab Emirates Manufacturing Published
2022-01-23 StarStudios Ukraine Healthcare Removed
2022-01-06 CapitalIntel United States Healthcare Removed
2021-12-23 Grand Electronics Inc. Portugal Construction Published
2021-12-12 Riverside Risk GmbH Switzerland Real Estate Published
2021-12-05 Bay Data LLC India Retail Published
2021-12-02 WolfWealth United States Education Published
2021-12-02 Quest Manufacturing GmbH United States Energy Published
2021-11-26 Venture Associates LLC Ireland Agriculture Published
2021-11-24 Synergy Bank LLC India Construction Negotiating
2021-11-19 Great Rail Inc. Canada Technology Published
2021-11-17 Infinity Path Finland Government Published
2021-11-15 MidServices Thailand Transportation Published
2021-11-07 Venture Financial Czechia Retail Published
2021-11-07 Continental & Palm Guard United States Non-Profit Removed
2021-09-27 TitanOil Brazil Professional Services Published
2021-09-23 Willow Media Ltd United States Technology Published
2021-09-22 Integral & River Engineering France Real Estate Removed
2021-09-18 Progressive Group Inc. Canada Financial Services Removed
2021-09-15 OakServices Switzerland Legal Published
2021-09-07 United & Key Comm United States Manufacturing Published
2021-08-28 ShieldLand Switzerland Telecommunications Published
2021-08-19 Maple Path LLC Australia Healthcare Published
2021-08-16 Apex & Inland Materials Switzerland Government Published
2021-08-06 Diamond Care LLC Malaysia Government Published
2021-07-26 Red Resources Inc. Netherlands Financial Services Published
2021-07-11 Alpha Solutions GmbH India Aerospace & Defense Negotiating
2021-07-11 Phoenix Cast LLC United States Transportation Published
2021-07-08 Bay Bio Inc. Netherlands Government Published
2021-06-28 Vital Labs United States Education Published
2021-06-23 Solar Operations Ltd Belgium Construction Published
2021-06-09 Solid & Sterling Space United States Financial Services Published
2021-06-09 Meridian & Wolf Technologies Italy Technology Published
2021-06-01 Titan Resources Taiwan, Province of China Healthcare Published
2021-05-24 Stone Energy GmbH United States Government Removed
2021-05-22 Frontier & Allied Realty United States Healthcare Published
2021-05-18 Trans Media GmbH Greece Legal Removed
2021-05-10 Lone StarStudios United Kingdom Professional Services Published
2021-05-08 ZenithData Belgium Healthcare Removed
2021-05-06 Innovative Cloud GmbH Indonesia Government Removed
2021-04-23 Sierra Dental GmbH Canada Education Published
2021-04-21 UnitedTrade Croatia Automotive Negotiating
2021-04-17 Pro Space Inc. United States Utilities Published
2021-04-08 Ultra Innovations Inc. Israel Retail Removed
2021-04-06 Envision Networks GmbH France Manufacturing Published
2021-04-04 Peninsula Legal United Kingdom Financial Services Published
2021-04-02 HarborSolutions United States Energy Published
2021-03-20 Phoenix Guard LLC United States Technology Published
2021-03-16 PlatinumCloud Ecuador Retail Published
2021-03-15 Pro Financial Czechia Technology Published
2021-03-10 SummitStorage Japan Construction Published
2021-03-05 River Intel Inc. United States Legal Published
2021-02-17 Strategic & Prairie Guard Netherlands Government Published
2021-01-22 CoastalIT United States Telecommunications Published
2021-01-07 Royal Risk Hungary Healthcare Published
2021-01-03 Sage & Progressive Storage Canada Mining Published
2020-12-27 Eagle Trade United States Education Published
2020-12-14 SunManagement Dominican Republic Financial Services Published
2020-12-10 Union Med LLC United States Media & Entertainment Published
2020-11-28 Maple Bridge GmbH Sweden Construction Removed
2020-11-25 Smart & Trust Aero United States Professional Services Published
2020-11-24 Southern Power LLC Australia Government Published
2020-11-20 Magna & City Oil United States Government Published
2020-11-20 White Med GmbH Czechia Real Estate Published
2020-11-12 Diamond Connect GmbH United States Legal Published

No TTPs data

HelloKitty_rule_1 CISA 
rule HelloKitty_ransomware_1 {
    meta:
        description = "Detects HelloKitty ransomware"
        author = "RansomwareMonitor"
        date = "2026-03-06"
        hash = "31704a0f54596290257ee2e225c6610c0313e7f00093f3bab3ab52c94f1575f0"

    strings:
        $h0 = { F5 95 B3 40 ED DA 60 BC 8 }
        $r1 = /README\..{3,10}/i
        $h2 = { 7D 6A F6 C6 F5 00 A0 4C 1D FC C3 89 0B E8 77 01 A }
        $h3 = { 5D B0 E2 68 33 98 E1 27 7 }
        $h4 = { B8 B1 CC 41 C7 3E 47 6D 8E C1 C }
        $r5 = /[13][a-km-zA-HJ-NP-Z1-9]{25,34}/

    condition:
        uint16(0) == 0x5A4D and
        filesize < 5MB and
        3 of them
}
HelloKitty_rule_2 YARA-Rules/rules 
rule HelloKitty_ransomware_2 {
    meta:
        description = "Detects HelloKitty ransomware"
        author = "RansomwareMonitor"
        date = "2026-03-06"
        hash = "54eaf148eb62de32f0cd1456b7fb95e5ef6389bec27b0b0e28d0442edb970d99"

    strings:
        $h0 = { 44 6B 56 76 EF F3 96 EC 7E 4D 2 }
        $s1 = "AES-256" nocase
        $s2 = "README" nocase
        $h3 = { DB F7 EB 6E C5 BB 4D 78 37 B1 04 E3 FC 67 D6 89 7D 4 }

    condition:
        uint16(0) == 0x5A4D and
        filesize < 5MB and
        4 of them
}
HelloKitty_rule_3 Elastic Security 
rule HelloKitty_ransomware_3 {
    meta:
        description = "Detects HelloKitty ransomware"
        author = "RansomwareMonitor"
        date = "2026-03-06"
        hash = "6de795b498606832f6c16729b10e3c362e213b109315dbb11ebd7cdaae8ccbeb"

    strings:
        $h0 = { 93 C6 86 D7 BF 37 72 BB C6 72 D6 72 0A E1 }
        $r1 = /[13][a-km-zA-HJ-NP-Z1-9]{25,34}/
        $r2 = /[13][a-km-zA-HJ-NP-Z1-9]{25,34}/
        $s3 = ".onion" nocase
        $s4 = "HelloKitty" nocase
        $r5 = /[A-Za-z0-9]{56}\.onion/
        $r6 = /README\..{3,10}/i

    condition:
        uint16(0) == 0x5A4D and
        filesize < 5MB and
        2 of them
}

No IoCs

No ransom notes