Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 23:39:52 UTC
Home > List all groups > List all tools > List all groups using tool Heriplor
 Tool: Heriplor
Names Heriplor
Category Malware
Type Backdoor
Description
(Symantec) Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly,
and is one of the strongest indications that the group that targeted the western energy sector
between 2011 and 2014 is the same group that is behind the more recent attacks. This custom
malware is not available on the black market, and has not been observed being used by any
other known attack groups. It has only ever been seen being used in attacks against targets in
the energy sector.
Information
<https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks>
<https://insights.sei.cmu.edu/cert/2019/03/api-hashing-tool-imagine-that.html>
Malpedia <https://malpedia.caad.fkie.fraunhofer.de/details/win.heriplor>
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
All groups using tool Heriplor
Changed Name Country Observed
APT groups
  Energetic Bear, Dragonfly 2010-Mar 2022
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ed2cc683-3ae0-4793-9903-9b046ea364ad
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ed2cc683-3ae0-4793-9903-9b046ea364ad
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ed2cc683-3ae0-4793-9903-9b046ea364ad
Page 2 of 2

APT groups Energetic Bear, Dragonfly 2010-Mar 2022 
1 group listed (1 APT, 0 other, 0 unknown) 
   Page 1 of 2