SYMBOLCOMMON_NAMEaka. SYNONYMS
win.sienna_blue (Back to overview)

SiennaBlue

aka: HolyLocker, H0lyGh0st

Ransomware used by threat actor group DEV-0530, attributed by MSTIC to North Korean origin.

References
2023-02-09NSA, FBI, CISA, HHS, ROK, DSA
@techreport{nsa:20230209:stopransomware:87d3a94, author = {NSA and FBI and CISA and HHS and ROK and DSA}, title = {{#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities}}, date = {2023-02-09}, institution = {}, url = {https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA_RANSOMWARE_ATTACKS_ON_CI_FUND_DPRK_ACTIVITIES.PDF}, language = {English}, urldate = {2023-02-13} } #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Maui Ransomware SiennaBlue SiennaPurple
2022-08-04BlackberryBlackBerry Research & Intelligence Team
@online{team:20220804:north:395b87f, author = {BlackBerry Research & Intelligence Team}, title = {{North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics}}, date = {2022-08-04}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/08/h0lygh0st-ransomware}, language = {English}, urldate = {2022-08-22} } North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics
SiennaBlue SiennaPurple
2022-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220714:north:876e680, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware}}, date = {2022-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/}, language = {English}, urldate = {2022-07-15} } North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple

There is no Yara-Signature yet.