Subscribe to ThreatSTOP feed
Updated: 2 hours 56 min ago

Dimnie: Targeting the Unexpected

Wed, 04/26/2017 - 17:14


GitHub is a platform used to share any type of code. For this reason, it’s an important part of research and information sharing within the cyber security field. Because it’s a part of this environment, it’s inevitable that malicious actors will try to infect users’ platforms with malware.

Bi-Weekly Security Update 4/17/17

Mon, 04/17/2017 - 17:34

Malicious Content Identified and Inserted:

New Targets to Protect Against Incoming Attacks

Mon, 04/03/2017 - 12:49

We are happy to announce the release of 3 new targets, including updates to 3 existing ones. The new IPs derive from live attacks targeting online servers. This data is collected by the voluntary service,

Bi-Weekly Security Update 3/29/17

Wed, 03/29/2017 - 17:33

Bi-Weekly Security Update 3/15/2017

Wed, 03/15/2017 - 17:02


Malicious Content Identified and Inserted:

  • IPs – 3680
  • Domains – 603

Target List Content Updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

EITest – The Long Living Campaign

Wed, 03/08/2017 - 13:22

EITest is a campaign initially discovered in 2014 by Malwarebytes. It distributes malware (that uses iframes) through a flash file on a compromised site, followed by exploitation through an Exploit Kit. In the past, this campaign was used to distribute malware including Cerber, CryptoMix, CryptoShield, Gootkit and the Chthonic banking Trojan, all using various types of Exploit Kits.

3 New Targets Protecting Against Drive-By Attacks

Thu, 03/02/2017 - 15:55

We are happy to announce the release of 3 new targets, specifically protecting against Drive-By attacks. In a drive-by attack, web sites are used as malware droppers. The targets include manually identified domains, as well as domains identified by running known botnet domain generation algorithms. These 3 new targets are built for users to choose the level of protection that accommodates their needs.

The 3 new targets are:

ThreatSTOP Bi-weekly Security Update

Wed, 03/01/2017 - 21:32

Malicious content identified and inserted:

  • IPs – 3967
  • Domains – 391

Target list content updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

Magic Hound Sniffs Out Trouble

Tue, 02/28/2017 - 17:51


Magic Hound, as dubbed by researchers at Palo Alto Networks, is a targeted espionage campaign against Saudi Arabian government, energy and technology industries. The campaign utilized a common phishing tactic, embedding macros into Word and Excel documents. If the victim enabled macros on the document, Powershell scripts downloaded additional malware onto their computer, such as the open-source Python RAT, Pupy.

Highlights, Trends & Predictions from RSA 2017

Thu, 02/23/2017 - 19:03

We’re back!

It was a fun, productive week in San Francisco exhibiting and chatting with attendees about our product suite, including the soon-to-be ThreatSTOP family member, Roaming Endpoint.



ThreatSTOP at RSA 2017

Thu, 02/16/2017 - 16:38

Hello again, San Francisco! We can’t believe it’s already the third day of RSA, but we’ve had a great time exhibiting and talking to attendees and partners about our newest product, Roaming Endpoint. (And our existing products, DNS and IP Firewall Services)

Bi-weekly Security Update 2/15/2017

Wed, 02/15/2017 - 22:00

Malicious content identified and inserted:

  • IPs – 1318
  • Domains – 323

Target list content updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

ThreatSTOP Launches New Roaming DNS Protection Service at RSA

Tue, 02/14/2017 - 19:51

The Cyber Security Start Up’s Answer to Roaming Security

CARLSBAD, CA: Feb 8, 2017:  Cyber security company ThreatSTOP announced today a Cloud-based offering that quickly detects and automatically blocks DNS attacks on laptops outside a secured company network, without using external 3rd party DNS servers or requiring a VPN connection. This new SaaS offering, Roaming Endpoint, is ThreatSTOP’s answer to a growing mobile workforce, protecting devices when they leave the corporate network, anywhere and anytime.

Locky Back in Action

Thu, 02/09/2017 - 17:43

Locky, the infamous ransomware plaguing computers worldwide since it was first seen early last year, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an 81% decrease in the number of Locky attacks.

CryptXXX Ransomware Spread Through SoakSoak Botnet: Two Big Actors As One

Tue, 01/31/2017 - 20:55

CryptXXX and SoakSoak are huge threats individually.

One Email: Countless Phishing Domains

Mon, 01/30/2017 - 22:42

We often analyze indictors of phishing-related compromise from These lists contain a large number of indicators, usually not all related to one campaign, but to countless ones that have already spread before the lists were updated.

dga updates

Thu, 01/26/2017 - 14:23

In December, we introduced a target list of more than 20 malware family DGAs provided by our friends over at 360 Research Team. Continuing their great work, we are happy to integrate 7 new malware DGAs:

The “TelePort Crew” Evolves from Carbanak

Tue, 01/24/2017 - 17:49

The "Digital Plagiarist" campaign, dubbed by researchers at the tr1adx team, was run by the "TelePort Crew” and appears to be an evolution of the Carbanak cybercrime group. This group is infamous for a large-scale campaign against banks, leading to the 2015 theft of hundreds of millions of dollars and the Carbanak/Anunak malware that targets point of sale machines.

Sure, Just a Threat Feed Works. Like Biden Without Ray-Bans.

Mon, 01/23/2017 - 19:18


Sure, just any old threat feed will do. Like those one-size-fits-all “I Heart NY” shirts in Times Square. Just like Chipotle without guac (if you’re obsessed with both Chipotle and guac, like me) or Caesar salad with no… dressing. Laverne without Shirley, Biden without Ray-Bans, or maybe the internet without a politically topical meme. I’m going somewhere with this…. I promise.