SYMBOLCOMMON_NAMEaka. SYNONYMS
win.sienna_blue (Back to overview)

SiennaBlue

aka: HolyLocker, H0lyGh0st

Ransomware used by threat actor group DEV-0530, attributed by MSTIC to North Korean origin.

References
2023-02-09CISA, DSA, FBI, HHS, NSA, ROK
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot
2023-02-09CISACISA
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Maui Ransomware SiennaBlue SiennaPurple Storm-0530
2022-08-04BlackberryBlackBerry Research & Intelligence Team
North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics
SiennaBlue SiennaPurple Storm-0530
2022-07-29PICUS SecurityHüseyin Can YÜCEEL
H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware
SiennaBlue SiennaPurple Storm-0530
2022-07-14MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple Storm-0530

There is no Yara-Signature yet.