FIVEHANDS

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[FIVEHANDS](https://attack.mitre.org/software/S0618) is a customized version of [DEATHRANSOM](https://attack.mitre.org/software/S0616) ransomware written in C++. [FIVEHANDS](https://attack.mitre.org/software/S0618) has been used since at least 2021, including in Ransomware-as-a-Service (RaaS) campaigns, sometimes along with [SombRAT](https://attack.mitre.org/software/S0615).(Citation: FireEye FiveHands April 2021)(Citation: NCC Group Fivehands June 2021)

Associated Techniques (8)

ID	ATT&CK	Tactics
T1027.013	Encrypted/Encoded File	-
T1047	Windows Management Instrumentation	-
T1059	Command and Scripting Interpreter	-
T1083	File and Directory Discovery	-
T1135	Network Share Discovery	-
T1140	Deobfuscate/Decode Files or Information	-
T1486	Data Encrypted for Impact	-
T1490	Inhibit System Recovery	-

Metadata

ID:	664
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00