SiennaBlue (Malware Family)

SiennaBlue

aka: HolyLocker, H0lyGh0st

Ransomware used by threat actor group DEV-0530, attributed by MSTIC to North Korean origin.

2023-02-09 ⋅ CISA, DSA, FBI, HHS, NSA, ROK
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot

2023-02-09 ⋅ CISA ⋅ CISA
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Maui Ransomware SiennaBlue SiennaPurple Storm-0530

2022-08-04 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics
SiennaBlue SiennaPurple Storm-0530

2022-07-29 ⋅ PICUS Security ⋅ Hüseyin Can YÜCEEL
H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware
SiennaBlue SiennaPurple Storm-0530

2022-07-14 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple Storm-0530

There is no Yara-Signature yet.