This is a turn-key content package issued within same day of TA18-074A US-CERT alert https://www.us-cert.gov/ncas/alerts/TA18-074A to help detect compromised assets and activity of Dragonfly 2.0 / Berserk Bear / Energetic Bear. Contains 128 IOCs including URL, IP, MD5, SHA-1 and SHA-256 hashes. 82.5% of IOCs are gathered from US-CERT alert and 17.5% from Anomali ThreatStream Community, all IOCs are TLP:WHITE. It is recommended to run these searches for the longest time period possible.
We excluded the following 4 hashes from the case as they are not present in TA18-074A, however they were present in TA-17-293A. You can add them to active list if you want to monitor for them too but watch out for false positives.
Archive contains two Dashboards for Kibana for events in ECS and CEF data models.