FIVEHANDS

Description

(FireEye) In January 2021, Mandiant observed a new ransomware deployed against a victim and assigned the name FIVEHANDS.

• Analysis of FIVEHANDS revealed high similarity to DeathRansom, sharing several features, functions, and coding similarities. Absent in FIVEHANDS is a language check, similar to HELLOKITTY • Both DEATHRANSOM and FIVEHANDS drops a ransom note in all non-excluded directories

Names

Name
FIVEHANDS
Thieflock

Type

Ransomware
Big Game Hunting

Information

https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126b
https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/
https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/

Mitre Attack

https://attack.mitre.org/software/S0618/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.fivehands

Other Information

Uuid

15096d65-ae63-4e6a-be93-fec62675b087

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

FIVEHANDS

FIVEHANDS

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks