HELLOKITTY
The MITRE Corporation
· Published 03/06/2021 22:07 · Modified 27/03/2026 01:05
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 03/06/2021 22:07
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 33 attack patterns (mitre), 1 intrusion sets (apt), 9 sectors, 7 countries, 19 indicators, 2 vulnerabilities (cve)
Description
[HELLOKITTY](https://attack.mitre.org/software/S0617) is a ransomware written in C++ that shares similar code structure and functionality with [DEATHRANSOM](https://attack.mitre.org/software/S0616) and [FIVEHANDS](https://attack.mitre.org/software/S0618). [HELLOKITTY](https://attack.mitre.org/software/S0617) has been used since at least 2020, targets have included a Polish video game developer and a Brazilian electric power company.(Citation: FireEye FiveHands April 2021)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (33)
Intrusion sets (APT) (1)
-
Vice Society usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (9)
-
Telecommunications targets
-
Media targets
-
Finance targets
-
Education targets
-
Government targets
-
Manufacturing targets
-
Retail targets
-
Healthcare targets
-
Energy targets
Countries (7)
-
Italy targets
-
Germany targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Brazil targets
-
France targets
-
Spain targets
-
United States of America targets
Indicators (19)
-
stix 100/100 Revoked
ELF:Filecoder-BT\ [Trj]
· Valid until 10/03/2024 · Source: AlienVault -
stix 100/100 Revoked
Ransom:Win32/Zeppelin.A!MSR
· Valid until 10/03/2024 · Source: AlienVault
Vulnerabilities (CVE) (2)
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …
- Published
- 03/11/2021
- Modified
- 20/12/2025