Ransomfeed

Profilo, status e statistiche (dal 12-01-2020)

Dettaglio cyber gang
hellokitty

Profilo gang by OSINT sources: [source: 0]

Unit42 states that HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting Windows systems. The malware family got its name due to its use of a Mutex with the same name: HelloKittyMutex. The ransomware samples seem to evolve quickly and frequently, with different versions making use of the .crypted or .kitty file extensions for encrypted files. Some newer samples make use of a Golang packer that ensures the final ransomware code is only loaded in memory, most likely to evade detection by security solutions.

Alerts: aka fivehands


Statistiche
N. rivendicazioni 2024 2023 2022
0 0 0 0
URLs
Fonte onionUltimo titoloStatusUltimo scrapeVersione Tor
3r6n77mpe737w4sbxxxrpc5phbluv6xhtdl5ujpnlvmck5tc7blq2rqd.onion News 🔴 02-10-2021 3
Materiale utile
URL ricerca source: 0
https://blog.bushidotoken.net/2022/05/gamer-cheater-hacker-spy.html
https://blog.malwarebytes.com/threat-spotlight/2021/03/hellokitty-when-cyberpunk-met-cy-purr-crime/
https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html
https://cocomelonc.github.io/malware/2023/01/04/malware-tricks-26.html
https://id-ransomware.blogspot.com/2020/11/hellokitty-ransomware.html
https://labs.sentinelone.com/hellokitty-ransomware-lacks-stealth-but-still-strikes-home/
https://medium.com/proferosec-osm/static-unpacker-and-decoder-for-hello-kitty-packer-91a3e8844cb7
https://twitter.com/fwosar/status/1359167108727332868
https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape
https://www.advintel.io/post/enter-karakurt-data-extortion-arm-of-prolific-ransomware-group
https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-is-targeting-vulnerable-sonicwall-devices/
https://www.cadosecurity.com/post/punk-kitty-ransom-analysing-hellokitty-ransomware-attacks
https://www.cisa.gov/uscert/ncas/alerts/aa22-249a
https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/
https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/
https://www.esentire.com/blog/conti-affiliate-exposed-new-domain-names-ip-addresses-and-email-addresses-uncovered-by-esentire
https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
https://www.ic3.gov/Media/News/2021/211029.pdf
https://www.intrinsec.com/vice-society-spreads-its-own-ransomware/
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
https://www.speartip.com/resources/fbi-hellokitty-ransomware-adds-ddos-to-extortion-arsenal/
Note di riscatto

hellokitty : Crypto wallet(s)

address blockchain Balance
bc1ql5f3m75qx3ueu2pz5eeveyqsw6pdjs3ufk8r20 bitcoin $ 1072689

Last update : Monday 13/03/2023 21.09 (UTC)

Questo script colleziona ogni rivendicazione criminale esattamente come esposta dalle fonti (modello "As Is"), in un database SQL per creare un feed permanente, che può anche essere seguito con tecnologia RSS.
Il motore è basato sul progetto ransomFeed, fork in GitHub.

© ransomfeed.it 2024 | share with |