HELLOKITTY
HELLOKITTY is a ransomware written in C++ that shares similar code structure and functionality with DEATHRANSOM and FIVEHANDS. HELLOKITTY has been used since at least 2020, targets have included a Polish video game developer and a Brazilian electric power company.[1]
ID: S0617
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 03 June 2021
Last Modified: 18 October 2021
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1047 | Windows管理规范 |
HELLOKITTY can use WMI to delete volume shadow copies.[1] |
|
| Enterprise | T1486 | 数据加密以实现影响 |
HELLOKITTY can use an embedded RSA-2048 public key to encrypt victim data for ransom.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
HELLOKITTY can enumerate logical drives on a target system.[1] |
|
| Enterprise | T1490 | 系统恢复抑制 |
HELLOKITTY can delete volume shadow copies on compromised hosts.[1] |
|
| Enterprise | T1135 | 网络共享发现 |
HELLOKITTY has the ability to enumerate network resources.[1] |
|
| Enterprise | T1057 | 进程发现 |
HELLOKITTY can search for specific processes to terminate.[1] |
|