Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:13:29 UTC
Home > List all groups > List all tools > List all groups using tool FIVEHANDS
 Tool: FIVEHANDS
Names
FIVEHANDS
Thieflock
Category Malware
Type Ransomware, Big Game Hunting
Description
(FireEye) In January 2021, Mandiant observed a new ransomware deployed against a
victim and assigned the name FIVEHANDS.
• Analysis of FIVEHANDS revealed high similarity to DeathRansom, sharing several
features, functions, and coding similarities. Absent in FIVEHANDS is a language check,
similar to HELLOKITTY
• Both DEATHRANSOM and FIVEHANDS drops a ransom note in all non-excluded
directories
Information
MITRE ATT&CK Malpedia Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool FIVEHANDS
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=15096d65-ae63-4e6a-be93-fec62675b087
Page 1 of 2

APT groups
  UNC2447 [Unknown] 2020  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=15096d65-ae63-4e6a-be93-fec62675b087
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=15096d65-ae63-4e6a-be93-fec62675b087
Page 2 of 2