Rewterz Threat Alert – Energetic Bear APT Group – Active IOCs

Severity

High

Analysis Summary

Energetic Bear – aka Dragonfly, is a cyberespionage group active since at least 2011. They first targeted defense and aviation businesses, but in early 2013, they broadened their scope to include the energy industry. They have also targeted organizations that deal with industrial control systems.
Energetic Bear APT targets US government infrastructure, including private contractors, on a regular basis to collect intelligence. Its main purpose is to gather intelligence and steal intellectual property in the energy industry and aviation networks as well. Energetic Bear is known for employing a variety of attack methods, such as spear-phishing, waterhole attacks, and compromising genuine software packages.

Impact

• Information Theft and Espionage

Indicators of Compromise

MD5

• a379602dd45308b319f582adf1cf9423

SHA-256

• 5781f4c5831ed1a334dc08f55189581e4b4bd4657c53719cd3ebe3a22e9a6f91

SHA-1

• 85a9ecd9548fc4c4ad37c21dfb0fa9a315fd7557

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.