Darkhotel is a threat group that has been active since at least 2004. This group has conducted activity on hotel and business center WiFi and physical connections, and peer-to-peer and file sharing networks. This threat group has also conducted spear phishing attacks.

Other names for this threat

APT-C-06, DUBNIUM, Fallout Team, Karba, Luder, Nemim, Nemin, Pioneer, Shadow Crane, SIG25, Tapaoux

The following is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.