This is a turn-key content package issued within same day of TA18-074A US-CERT alert https://www.us-cert.gov/ncas/alerts/TA18-074A to help detect compromised assets and activity of Dragonfly 2.0 / Berserk Bear / Energetic Bear. Contains 117 IOCs including IP, MD5, SHA-1 and SHA-256 hashes. 82.5% of IOCs are gathered from US-CERT alert and 17.5% from Anomali ThreatStream Community, all IOCs are TLP:WHITE.

It is recommended to run these searches for the longest time period possible.

We excluded the following 4 hashes from the case as they are not present in TA18-074A, however they were present in TA-17-293A. You can add them to active list if you want to monitor for them too but watch out for false positives.

*A7F7A0F74C8B48F1699858B3B6C11EDA

*AEEE996FD3484F28E5CD85FE26B6BDCD

*E29D1F5D79CD906F75C88177C7F6168E

*FCC093A79FAE9B92E69C99BB28F9AE12939E4E1327A371EEAC9207E346ECCDB4

TA18-074A Detector Dashboard Guide provides information how to configure dashboard in QualysGuard IOC Module manually with predifined search queries for copy/paste.