H0lyGh0st 랜섬웨어
2022-08-05 • Somansa • H0lyGh0st ransomware •
https://www.somansa.com/wp-content/uploads/2022/11/202208holyghost.pdf
Attachments
202208holyghost.pdf (5 MB)
The report describes H0lyGh0st ransomware as activity linked to a newly observed North Korean attack group with suspected ties to Andariel. The extracted PDF notes sandbox-evasion capability, use of public open-source components, public-key encryption for data impact, and extortion pressure through threats to publish or send victim data.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | outlook.com | 2018-09-06 | 2026-04-17 |
| HASH | 99fc54786a72f32fd44c7391c2171ca… | 2022-07-14 | 2024-03-17 |
| HASH | bea866b327a2dc2aa104b7ad7307008… | 2022-07-14 | 2023-02-09 |
| HASH | f8fc2445a9814ca8cf48a979bff7f18… | 2022-07-14 | 2023-02-09 |
| [email protected] | 2022-08-05 | 2022-08-05 | |
| URL | https://usaupload.com/6qsy/Pict… | 2022-08-05 | 2022-08-05 |
| URL | http://gcrtutk2fjcut4lmllvkg5do… | 2022-08-05 | 2022-08-05 |
| URL | https://usaupload.com/cache/plu… | 2022-08-05 | 2022-08-05 |
| DOMAIN | gcrtutk2fjcut4lmllvkg5dojbwgu4y… | 2022-08-05 | 2022-08-05 |
| DOMAIN | usaupload.com | 2022-07-14 | 2022-08-05 |
Related Actors
Related Reports
Shares tags: Ransomware, H0lyGh0st • Shares 3 IOCs • Published within a month
Shares tags: Ransomware, H0lyGh0st • Shares 3 IOCs • Published within a month
Shares tag: Andariel • Published within a week
Shares tags: Andariel, Ransomware
2025-01-02 •
46% Match
#Andariel
#Ransomware
#Play
#T1046
#T1219
#T1562.001
#T1486
#T1018
#T1657
#T1003.001
#T1048.003
#T1560.001
#T1033
#T1087.002
#T1570
#T1069.001
#T1069.002
#T1572
#T1615
#T1482
Shares tags: Andariel, Ransomware
2025-01-01 •
46% Match
#Andariel
#Ransomware
#Play
#T1046
#T1219
#T1562.001
#T1486
#T1018
#T1657
#T1003.001
#T1048.003
#T1560.001
#T1033
#T1087.002
#T1570
#T1069.001
#T1069.002
#T1572
#T1615
#T1482
Shares tags: Andariel, Ransomware