Loading . . .

TA18-074A Detector

Sign Up Sign In

This is a turn-key content package issued within same day of TA18-074A US-CERT alert https://www.us-cert.gov/ncas/alerts/TA18-074A to help detect compromised assets and activity of Dragonfly 2.0 / Berserk Bear / Energetic Bear. Contains 117 IOCs including IP, MD5, SHA-1 and SHA-256 hashes. 82.5% of IOCs are gathered from US-CERT alert and 17.5% from Anomali ThreatStream Community, all IOCs are TLP:WHITE.

It is recommended to run these searches for the longest time period possible.

We excluded the following 4 hashes from the case as they are not present in TA18-074A, however they were present in TA-17-293A. You can add them to active list if you want to monitor for them too but watch out for false positives.





TA18-074A Detector Dashboard Guide provides information how to configure dashboard in QualysGuard IOC Module manually with predifined search queries for copy/paste.