← Back to Actors
Darkhotel
DarkhotelDUBNIUMZigzag Hail
[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)
24
Techniques
22
Covered
2
Gaps
92%
Coverage
Coverage22/24
COVERED (22)
T1016System Network Configuration Discovery39 det.T1027.013Encrypted/Encoded File8 det.T1036.005Match Legitimate Resource Name or Location44 det.T1056.001Keylogging4 det.T1057Process Discovery20 det.T1059.003Windows Command Shell82 det.T1080Taint Shared Content2 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1091Replication Through Removable Media8 det.T1105Ingress Tool Transfer183 det.T1124System Time Discovery4 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution75 det.T1204.002Malicious File425 det.T1497Virtualization/Sandbox Evasion12 det.T1497.001System Checks6 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1553.002Code Signing3 det.T1566.001Spearphishing Attachment905 det.