← Back to Actors
Darkhotel
DarkhotelDUBNIUMZigzag Hail
[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)
24
Techniques
22
Covered
2
Gaps
92%
Coverage
Coverage22/24
COVERED (22)
T1016System Network Configuration Discovery40 det.T1027.013Encrypted/Encoded File8 det.T1036.005Match Legitimate Resource Name or Location45 det.T1056.001Keylogging4 det.T1057Process Discovery21 det.T1059.003Windows Command Shell83 det.T1080Taint Shared Content2 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1091Replication Through Removable Media8 det.T1105Ingress Tool Transfer184 det.T1124System Time Discovery4 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution79 det.T1204.002Malicious File441 det.T1497Virtualization/Sandbox Evasion12 det.T1497.001System Checks6 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1553.002Code Signing4 det.T1566.001Spearphishing Attachment979 det.