Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Are hackers wreaking Havex on your network?

MarthaAviles ‎07-03-2014 09:36 AM - edited ‎09-25-2015 08:10 AM

Havex, also referred to as “Energetic Bear,” is a piece of Windows malware that is actively being utilized in the wild in attacks against critical infrastructure, specifically targeting the energy sector in Western Europe and North America. This threat to enterprise security is a remote access Trojan (RAT) that is used to perform reconnaissance and assist in delivering additional payloads to the target. Once installed, it fingerprints the victim machine (users, files, directories, etc.) it sends and receives information from compromised PHP web servers.


Havex can be delivered to the target in multiple ways:

  • Spam/Phishing
  • Watering-hole attacks
  • Exploit Kits (Hello/Lights Out)
  • Masquerading as a legitimate (trojanized) download

 Let’s take a look at a sample of this malware (SHA1: 7f249736efc0c31c44e96fb72c1efcc028857ac7)


The sample we analyzed was a trojanized version of VPN software.  Upon execution, this software loads and activates the malware which starts obtaining information about the system and waiting to receive commands. 















So now what? Is there a way to protect yourself from Havex?

Well that’s the good news—HP TippingPoint customers are protected from this malware’s outbound communication attempts. Next Tuesday a specific filter, 16455, will be published in our HP TippingPoint DVLabs weekly Digital Vaccine package for full coverage. In the interim, please contact HP TippingPoint support or your local Solution Architect to receive a custom filter for immediate use.

Protection from the Hello and Lights Out exploit kit are provided today by filters:

  • 12877: HTTP: Oracle Java Malicious Archive File Download
  • 13244: HTTP: Malicious Jar File Download (ZDI-13-153)
  • 13187: HTTP: Malicious Jar File Download
  • 12916: HTTP: Microsoft Internet Explorer offsetParent Use-After-Free Vulnerability
  • 12917: HTTP: Microsoft Internet Explorer offsetParent Use-After-Free Vulnerability
  • 12918: HTTP: Microsoft Internet Explorer offsetParent Use-After-Free Vulnerability

Stay ahead of the bad guys with HP TippingPoint—we are always on your side and understand that when it comes to protecting your network, every second matters. 


HP TippingPoint Network Security solutions

When every second matters, HP TippingPoint delivers industry-leading security intelligence powered by HP TippingPoint DVLabs—keeping you ahead of the threats. With simple, reliable and effective products including TippingPoint Next-Generation Intrusion Prevention System (IPS),  TippingPoint Next-Generation Firewall (NGFW), and the TippingPoint Security Management System, we are on your side, delivering proactive network security protection.  Learn more about how HP TippingPoint can help you with your network security solutions.


0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all