Darkhotel IOC  





Published on: 22 May, 2018

Darkhotel (APT-C-06) actor known to perform cyber espionage activities against corporate executives, defense industry, electronics industry via Wi-Fi infrastructure in hotels coupling with whaling (high-level spear phishing) techniques. Researchers have revealed recent activities by the gang. A list of reported IOC's is listed for your perusal and action.

IOC's:


  1. domain100100011100[dot]com
  2. domain37281933[dot]net
  3. domaingw-engine[dot]com
  4. domainhelp-software[dot]org
  5. domainluriasstereo[dot]net
  6. domainmakethemeasier[dot]com
  7. domainstar--co[dot]net
  8. domainwindows-updater[dot]net
  9. domainursbusiness[dot]com

URL's:


  1. http://100100011100[dot]com/_sexygirl/userinfo.php
  2. http://37281933[dot]net/_radiostar/kill.php
  3. http://gw-engine[dot]com/i33po/profile.php
  4. http://help-software[dot]org/i33po/profile.php
  5. http://luriasstereo[dot]net/_sexygirl/userinfo.php
  6. http://makethemeasier[dot]com/TT2/config.php
  7. http://star--co[dot]net/_sexygirl/userinfo.php
  8. http://windows-updater[dot]net/_radiostar/kill.php

File System:


  1. File system %temp%\taskhost.exe
  2. File system %temp%\chrome_frame_helper.dll
  3. File system %ALLUSERSPROFILE%\AU50FE1D

MD5 Hash:


  1. FileHash-MD5060808e4df4fe5a25d3abb05dccd5119
  2. FileHash-MD50b7d49d9e56c39ac7b253205a0805d57
  3. FileHash-MD51fedb9693fd1677b5015a6ef72d6c6f4
  4. FileHash-MD523db00a35ef7dc511a27d229313d4e27
  5. FileHash-MD534243444bebe430a85b372eaa78f0b67
  6. FileHash-MD546a52215e44a9814c6c8e96c973181ac
  7. FileHash-MD54a5eba093461e4f19201b3406a3e5188
  8. FileHash-MD558f80d3ef27f6a424a5ace8c032fad28
  9. FileHash-MD56075cbb9b522dc71a46cadd18a1afef4
  10. FileHash-MD583a24589431f191cdde110ef64c21568
  11. FileHash-MD5840b73bef7c38e1266faac4eb3f00447
  12. FileHash-MD59badf32c51938cf61e7b37879a4fb349
  13. FileHash-MD5a2a0f725dda95d7ec79d0621e1b7a5b2
  14. FileHash-MD5c6d68c4f7f059f55894e5b57440b5dcf
  15. FileHash-MD5cba213e68cb6af25ae7303efb8629f14
  16. FileHash-MD5dc97cb0c195f4f1cf82429bba9cc007f
  17. FileHash-MD5dd2b0d222167406279a4ca91fd935591
  18. FileHash-MD5e0dceda02df50e974d9e51bb6c7dac84
  19. FileHash-MD500f048d0fbb3d6d1bf0c3e0c910c1805
  20. FileHash-MD508fd1e9374266cc0d9304757913ddac9
  21. FileHash-MD50a5aac8e9c17ecaa7de4b7949198321c
  22. FileHash-MD51b982fd90168f50d0f6b5c72461a48cc
  23. FileHash-MD528e434a304e99d3b01ae8ac557c8f256
  24. FileHash-MD53244a208715e1a4ced1e626d74fe7fd2
  25. FileHash-MD539aba73891b2c6bc96a34dd28df41358
  26. FileHash-MD53dab0965ab27825ac10b3d8f50db86b6
  27. FileHash-MD53dee6f79039eaa22319d1990540929b2
  28. FileHash-MD5573a67b5dda7346f338f1f380b300e7b
  29. FileHash-MD562ae0da3a12be98e641828d11a990bce
  30. FileHash-MD57abd7a9ee4eb8a89b5bd423612f87a6d
  31. FileHash-MD5842366795efde36c321059db44be6163
  32. FileHash-MD58d5271ee2d503e697232ada1e3775a85
  33. FileHash-MD592480c1a771d99dbef00436e74c9a927
  34. FileHash-MD5a0ef9bf38cd759fd6ddd1f6f93406284
  35. FileHash-MD5a1179f2fc248ccc2f9eafc6d04928515
  36. FileHash-MD5c100213f5a961039ed35a1e776fc65c7
  37. FileHash-MD5da3255aa260090589543a807aeaa3894
  38. FileHash-MD5e02fad27032a0373812100c8d7b0959b
  39. FileHash-MD5e884f0cb851137bd73b2eb70a110655b