Darkhotel is a threat group that has been active since at least 2004. This group has conducted activity on hotel and business center WiFi and physical connections, and peer-to-peer and file sharing networks. This threat group has also conducted spear phishing attacks.
Other names for this threat
APT-C-06, DUBNIUM, Fallout Team, Karba, Luder, Nemim, Nemin, Pioneer, Shadow Crane, SIG25, Tapaoux
The following is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.