SYMBOLCOMMON_NAMEaka. SYNONYMS

DarkHotel  (Back to overview)

aka: APT-C-06, ATK52, DUBNIUM, Dark Hotel, Fallout Team, G0012, Karba, Luder, Nemim, Nemin, Pioneer, SIG25, Shadow Crane, T-APT-02, TUNGSTEN BRIDGE, Tapaoux, Zigzag Hail

Kaspersky described DarkHotel in a 2014 report as: '... DarkHotel drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits that effectively evade the latest Windows and Adobe defenses, and yet they also imprecisely spread among large numbers of vague targets with peer-to-peer spreading tactics. Moreover, this crews most unusual characteristic is that for several years the Darkhotel APT has maintained a capability to use hotel networks to follow and hit selected targets as they travel around the world.'


Associated Families
ps1.rmot win.dubnium_darkhotel win.thinmon win.asruex win.jaku win.nemim win.ramsay win.retro win.tapaoux

References
2022-05-16cocomelonccocomelonc
Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.
CherryPicker POS Ramsay
2022-05-05BrightTALK (Mandiant)Christopher Gardner
The Sample: Beating the Malware Piñata
Jaku
2022-03-17TrellixJohn Fokker, Thibault Seret
Suspected DarkHotel APT activity update
RMOT
2021-12-01ESET ResearchAlexis Dorais-Joncas, Facundo Muñoz
Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry
2020-09-22Youtube (Virus Bulletin)Ignacio Sanmillan
Ramsay: A cyber-espionage toolkit tailored for air-gapped networks
Ramsay
2020-09-08NSFOCUSNSFOCUS
APT GROUP系列——DARKHOTEL之窃密与RAT篇
Nemim
2020-08-25360 Threat Intelligence Center360 Threat Intelligence Center
Darkhotel (APT-C-06) organized multiple attacks using the Thinmon backdoor framework to reveal the secrets
ThinMon
2020-06-14BushidoTokenBushidoToken
Deep-dive: The DarkHotel APT
Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode)
2020-05-22Antiy CERTAntiy CERT
Analysis of Ramsay components of Darkhotel's infiltration and isolation network
Ramsay DarkHotel
2020-05-20SentinelOneJim Walter
Why On-Device Detection Matters: New Ramsay Trojan Targets Air-Gapped Networks
Ramsay
2020-05-13ESET ResearchIgnacio Sanmillan
Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
Ramsay Retro
2020-03-23ReutersChristopher Bing, Jack Stubbs, Raphael Satter
Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike
DarkHotel
2020-01-01SecureworksSecureWorks
TUNGSTEN BRIDGE
Nemim DarkHotel
2019-08-22Trend MicroIan Mercado, Mhica Romero
Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities
Asruex
2019-01-01MITREMITRE ATT&CK
Group description: Darkhotel
DarkHotel
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Darkhotel
DarkHotel
2018-06-17IBMIBM Support
Storwize USB Initialization Tool may contain malicious code
Jaku
2018-05-25360360 Helios Team
Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
Retro
2017-07-19SecurityWeekEduard Kovacs
'DarkHotel' APT Uses New Methods to Target Politicians
DarkHotel
2017-07-18BitdefenderAlexandru Maximciuc, Alexandru Rusu, Cristina Vatamanu
Inexsmar: An unusual DarkHotel campaign
DarkHotel
2016-06-30JPCERT/CCShusei Tomonaga
Asruex: Malware Infecting through Shortcut Files
DarkHotel
2016-06-09MicrosoftJeong Wook Oh
Reverse-engineering DUBNIUM
DarkHotel
2016-06-09MicrosoftMicrosoft Defender ATP Research Team
Reverse-engineering DUBNIUM
DarkHotel
2016-01-01ForcepointAbel Toro, Andy Settle, Bapadittya Dey, Nicholas Griffin
Analysis of a Botnet Campaign
Jaku
2015-12-31ThreatBook
Overseas "Dark Inn" organization launched an APT attack on executives of domestic enterprises
DarkHotel
2015-08-10Kaspersky LabsGReAT
Darkhotel’s attacks in 2015
DarkHotel DarkHotel
2015-03-04Kaspersky LabsJuan Andrés Guerrero-Saade, Kurt Baumgartner
Who’s Really Spreading through the Bright Star?
Jaku
2014-11-10Kaspersky LabsGReAT
The Darkhotel APT
DarkHotel
2014-11-10Kaspersky LabsGReAT
The Darkhotel APT
DarkHotel

Credits: MISP Project