ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Heriplor

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Heriplor

NamesHeriplor
CategoryMalware
TypeBackdoor
Description(Symantec) Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks. This custom malware is not available on the black market, and has not been observed being used by any other known attack groups. It has only ever been seen being used in attacks against targets in the energy sector.
Information<https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks>
<https://insights.sei.cmu.edu/cert/2019/03/api-hashing-tool-imagine-that.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.heriplor>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: HenBox
Next: Hermes

All groups using tool Heriplor

ChangedNameCountryObserved

APT groups

 Energetic Bear, DragonflyRussia2010-Oct 2020X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key