███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

HelloKitty

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

HelloKitty

CATEGORY:

RANSOMWARE

DESCRIPTION:

HelloKitty is a ransomware variant known for targeting large corporations and was famously used in the attack against CD Projekt Red. It is often associated with the FiveHands ransomware due to shared infrastructure and tactics.

ALIASES:

HelloKitty RansomwareFiveHands

TAGS:

file_encryptionextortioncd_projekt_red

[MUTEX_SIGNATURES](1)

[MUTEX_01]

HELLOKITTYMutex

ANALYST: @adhikara13 DATE: 2025-07-12

REFERENCES:

https://www.sentinelone.com/anthology/hello-kitty/

https://cloud.google.com/blog/topics/threat-intelligence/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠UNC2447

FIRST_OBSERVED:

2020

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:2

TAGS:3

CATEGORY:RANSOMWARE

Malware profile loaded successfully