🇰🇷
DarkHotel
APT Group
Information theft and espionage
15 zero-day CVEs
ETDA ✓
Also Known As 17 names
APT-C-06
ATK52
DUBNIUM
Dark Hotel
Fallout Team
G0012
Karba
Luder
Nemim
Nemin
Pioneer
SIG25
Shadow Crane
T-APT-02
TUNGSTEN BRIDGE
Tapaoux
Zigzag Hail
Target Countries 41
Countries highlighted in red
United Arab Emirates
Afghanistan
Armenia
Angola
Bangladesh
Belgium
Switzerland
China
Germany
Ethiopia
United Kingdom
Greece
Hong Kong
Indonesia
Ireland
Israel
India
Italy
Japan
Kyrgyzstan
Democratic People's Republic of Korea
Republic of Korea
Kazakhstan
Lebanon
Mexico
Malaysia
Mozambique
Nepal
Philippines
Pakistan
Poland
Serbia
Russian Federation
Saudi Arabia
Singapore
Thailand
Tajikistan
Turkey
Province of China Taiwan
United States
Vietnam
Sectors Targeted
Public Administration
92
Healthcare
Automobile Dealers
4411
Grantmaking and Giving Services
8132
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Accommodation
721
Construction
23
Computer and Electronic Product Manufacturing
334
Hospitality
Hotels (except Casino Hotels) and Motels
721110
Real Estate and Rental and Leasing
53
Chemical Manufacturing
325
Technology
National Security and International Affairs
9281
Chinese institutions abroad
NGOs
Utilities
22
Private sector
Space Research and Technology
927
Data Processing, Hosting, and Related Services
51821
Pharmaceutical
Portfolio Management
52392
Government
Computer Systems Design Services
541512
Energy
Other Services (except Public Administration)
81
Telecommunications
517
Data Processing, Hosting, and Related Services
518
National Security and International Affairs
928
Insurance Carriers and Related Activities
524
Research
Health Care and Social Assistance
62
Defense
Finance and Insurance
52
Justice, Public Order, and Safety Activities
922
Details
Origin
🇰🇷 KR
Last Updated
01 Jun 2022
Malware Families 10
ramsay
sorgu
unidentified_075
asruex
rmot
retro
jaku
thinmon
NewCore
darkstrat
MITRE ATT&CK 138
T1001
T1001.003
T1003
T1005 - Data from Local System
T1007
T1008
T1011
T1012 - Query Registry
T1016
T1020 - Automated Exfiltration
T1021
T1025 - Data from Removable Media
T1027 - Obfuscated Files or Information
T1027.001
T1027.013
T1027.015
T1029
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.004
T1036.005
T1041 - Exfiltration Over C2 Channel
T1047
T1048
T1049
T1053 - Scheduled Task/Job
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1056.001
T1057
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003
T1059.005
T1059.007
T1060
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1078 - Valid Accounts
T1080
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087
T1090
T1090.001
T1091
T1095
T1098 - Account Manipulation
T1102 - Web Service
T1104
T1105 - Ingress Tool Transfer
T1106
T1110
T1112
T1113 - Screen Capture
T1114
T1114.001
T1115
T1119 - Automated Collection
T1120
T1124 - System Time Discovery
T1125 - Video Capture
T1127
T1130
T1132
T1133 - External Remote Services
T1134
T1136 - Create Account
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176 - Browser Extensions
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1192
T1195 - Supply Chain Compromise
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1204.002 - Malicious File
T1217
T1218 - Signed Binary Proxy Execution
T1218.010 - Regsvr32
T1218.011 - Rundll32
T1219 - Remote Access Software
T1220
T1482 - Domain Trust Discovery
T1485
T1486 - Data Encrypted for Impact
T1489
T1490 - Inhibit System Recovery
T1497
T1497.001
T1497.002
T1497.003
T1498 - Network Denial of Service
T1503
T1505 - Server Software Component
T1518
T1518.001
T1529
T1530
T1531
T1539
T1543
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550
T1552
T1553 - Subvert Trust Controls
T1553.002
T1555
T1560
T1561
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1564
T1564.003
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1566.002 - Spearphishing Link
T1571
T1572 - Protocol Tunneling
T1573 - Encrypted Channel
T1573.001
T1574
T1574.001 - DLL Search Order Hijacking
T1574.002 - DLL Side-Loading
T1583
T1587
T1595
T1596 - Search Open Technical Databases
T1680