We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/SiennaPurple.A!dha
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this threat.
This trojan is a H0lyGh0st ransomware loader that has been developed and used by DEV-0530 threat actors in multiple campaigns. It is classified under the extension – BTLC_C.exe. It is written in the C++ programming language and is compiled into .exe to target Windows systems. Microsoft Defender Antivirus, which is built into and ships with Windows 10 and 11, detects and blocks BTLC_C.exe as SiennaPurple.
Microsoft Defender Antivirus automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat.
To help reduce the impact of this threat, you can:
- Proactively implement and frequently validate a data backup and restore plan as part of broader protection against ransomware and extortion threats.
- Use the included IOCs to investigate whether they exist in your environment and assess for potential intrusion. Read the blog North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware, for details.
- Follow the exhaustive guide from our blog on the ransomware-as-a-service economy on how to protect against ransomware threats.
