| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Kaspersky described DarkHotel in a 2014 report as: '... DarkHotel drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits that effectively evade the latest Windows and Adobe defenses, and yet they also imprecisely spread among large numbers of vague targets with peer-to-peer spreading tactics. Moreover, this crews most unusual characteristic is that for several years the Darkhotel APT has maintained a capability to use hotel networks to follow and hit selected targets as they travel around the world.'
| 2022-05-16
⋅
cocomelonc
⋅
Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example. CherryPicker POS Ramsay |
| 2022-05-05
⋅
BrightTALK (Mandiant)
⋅
The Sample: Beating the Malware Piñata Jaku |
| 2022-03-17
⋅
Trellix
⋅
Suspected DarkHotel APT activity update RMOT |
| 2021-12-01
⋅
ESET Research
⋅
Jumping the air gap: 15 years of nation‑state effort Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry |
| 2020-09-22
⋅
Youtube (Virus Bulletin)
⋅
Ramsay: A cyber-espionage toolkit tailored for air-gapped networks Ramsay |
| 2020-09-08
⋅
⋅
NSFOCUS
⋅
APT GROUP系列——DARKHOTEL之窃密与RAT篇 Nemim |
| 2020-08-25
⋅
⋅
360 Threat Intelligence Center
⋅
Darkhotel (APT-C-06) organized multiple attacks using the Thinmon backdoor framework to reveal the secrets ThinMon |
| 2020-06-14
⋅
BushidoToken
⋅
Deep-dive: The DarkHotel APT Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode) |
| 2020-05-22
⋅
⋅
Antiy CERT
⋅
Analysis of Ramsay components of Darkhotel's infiltration and isolation network Ramsay DarkHotel |
| 2020-05-20
⋅
SentinelOne
⋅
Why On-Device Detection Matters: New Ramsay Trojan Targets Air-Gapped Networks Ramsay |
| 2020-05-13
⋅
ESET Research
⋅
Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks Ramsay Retro |
| 2020-03-23
⋅
Reuters
⋅
Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike DarkHotel |
| 2020-01-01
⋅
Secureworks
⋅
TUNGSTEN BRIDGE Nemim DarkHotel |
| 2019-08-22
⋅
Trend Micro
⋅
Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities Asruex |
| 2019-01-01
⋅
MITRE
⋅
Group description: Darkhotel DarkHotel |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Darkhotel DarkHotel |
| 2018-06-17
⋅
IBM
⋅
Storwize USB Initialization Tool may contain malicious code Jaku |
| 2018-05-25
⋅
360
⋅
Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack Retro |
| 2017-07-19
⋅
SecurityWeek
⋅
'DarkHotel' APT Uses New Methods to Target Politicians DarkHotel |
| 2017-07-18
⋅
Bitdefender
⋅
Inexsmar: An unusual DarkHotel campaign DarkHotel |
| 2016-06-30
⋅
JPCERT/CC
⋅
Asruex: Malware Infecting through Shortcut Files DarkHotel |
| 2016-06-09
⋅
Microsoft
⋅
Reverse-engineering DUBNIUM DarkHotel |
| 2016-06-09
⋅
Microsoft
⋅
Reverse-engineering DUBNIUM DarkHotel |
| 2016-01-01
⋅
Forcepoint
⋅
Analysis of a Botnet Campaign Jaku |
| 2015-12-31
⋅
Overseas "Dark Inn" organization launched an APT attack on executives of domestic enterprises DarkHotel |
| 2015-08-10
⋅
Kaspersky Labs
⋅
Darkhotel’s attacks in 2015 DarkHotel DarkHotel |
| 2015-03-04
⋅
Kaspersky Labs
⋅
Who’s Really Spreading through the Bright Star? Jaku |
| 2014-11-10
⋅
Kaspersky Labs
⋅
The Darkhotel APT DarkHotel |
| 2014-11-10
⋅
Kaspersky Labs
⋅
The Darkhotel APT DarkHotel |