Dragonfry1.0和Dragonfry2.0

https://otx.alienvault.com/adversary/Energetic%20Bear/pulses
https://securityaffairs.co/wordpress/62782/hacking/dragonfly-2-0-campaigns.html
CISA警告
https://www.us-cert.gov/ncas/alerts/TA18-074A
https://www.cyberscoop.com/us-nuclear-hack-russia-energetic-bear-fireeye-phishing-watering-hole/

至少在2010年就活跃在APT组织中。该组织倾向于GJ专注于能源和工业领域的不同公司
针对能源行业

IRON LIBERTY通常会部署Karagany恶意软件。在许多情况下,威胁组还使用MCMD远程访问工具来下载和安装开源SoftEtherXXX应用程序。通过使用合法的XXX软件来建立从C2基础架构到目标系统的TLS加密网桥,IRON LIBERTY能够隐藏其网络流量,而无需部署其他自定义恶意软件。IRON LIBERTY还使用受损的服务帐户来访问系统,以安装和升级Karagany恶意软件,有时是通过PsExec进行远程安装。

http://www.hackdig.com/09/hack-48783.htm

Havex、Sysmain、Backdoor.Oldrea
https://en.wikipedia.org/wiki/Havex
https://www.netresec.com/index.ashx?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans
https://www.netresec.com/?page=Blog&month=2014-11&post=Observing-the-Havex-RAT
http://www.emrsolutions.ie/wp-content/uploads/2014/12/Belden-White-Paper-Dragonfly-Cyber-Security-Attacks.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080840/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf

Crouching Yeti恶意软件

https://www.kaspersky.com.cn/resource-center/threats/crouching-yeti-energetic-bear-malware-threat
https://usa.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat#.V57CLZMrJo4

karaganyRAT(HTTPS)
https://www.cyber.nj.gov/threat-profiles/trojan-variants/karagany
https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector

2014年
EB
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080817/EB-YetiJuly2014-Public.pdf

Heriplor和KaraganyMUMA

2017年10月20日
西方能源部门、Phishery
https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks
https://blog.talosintelligence.com/2017/07/template-injection.html
https://resources.infosecinstitute.com/dragonfly-2-0-alleged-nation-state-actor-hit-energy-sector/#gref

分析
https://paper.seebug.org/395/
https://paper.seebug.org/388/

土耳其
https://www.riskiq.com/blog/labs/energetic-bear/

EnergeticBear分析
https://ics-cert.kaspersky.com/reports/2018/04/23/energetic-bear-crouching-yeti-attacks-on-servers/
https://ics-cert.kaspersky.com/media/EB_public_FINAL_EN_20042018.pdf

2018年4月23日
对服务器的GJ
https://securelist.com/energetic-bear-crouching-yeti/85345/
https://ics-cert.kaspersky.com/reports/2018/04/23/energetic-bear-crouching-yeti-attacks-on-servers/