ThreatSTOP continues to expand proactive protection coverage with new intelligence added to the Active Malware Domains and Active Malware IPs targets. These updates introduce additional high confidence malware related infrastructure identified through authoritative research and curation, strengthening early stage protection against active and evolving threats.

The newly added content focuses on tracking name server hostnames and name server IPs associated with well known and long running malware families, including Banjori, Dircrypt, Kraken, Nymaim, Ramdo, Ramnit, Shifu, Simda, Suppobox, Tempedreve, Tinba, Vawtrak, Virut, Volatile, and Pizd. 

Malware families frequently rotate payloads, hosting locations, and delivery mechanisms, but their supporting DNS infrastructure often persists longer than individual command servers. By focusing on the authoritative name servers that underpin malicious domains, ThreatSTOP is able to disrupt entire malware ecosystems rather than chasing individual indicators. This approach limits command and control communication, prevents callback traffic, and reduces the attacker’s ability to maintain operational control over infected systems.  Heavy filtering is applied to these particular feeds to ensure no false positives.

Fast and proactive response is critical. Active malware does not wait for manual investigation or post compromise cleanup. Once an endpoint attempts to communicate with malicious infrastructure, the damage may already be underway. Blocking access at the DNS and IP layers stops malware communication before instructions are received, credentials are exfiltrated, or additional payloads are delivered.

These enhancements are immediately available to customers using ThreatSTOP Protective DNS through DNS Defense Cloud or DNS Defense deployed on customer managed infrastructure. The same intelligence also extends into IP Defense, allowing organizations to apply protection across routers, firewalls, intrusion prevention systems, and cloud platforms such as AWS WAF. This unified approach ensures consistent protection regardless of where enforcement occurs.

All protections are authored, validated, or maintained by the ThreatSTOP Security, Intelligence, and Research team. The team continuously develops protections covering command and control infrastructure, peer to peer communication, data exfiltration, phishing, spam, invalid traffic, and distributed denial of service activity. Each update is designed to reduce exposure, limit attacker dwell time, and protect critical business operations.

By expanding the Active Malware Domains and Active Malware IPs targets with this additional intelligence, ThreatSTOP customers gain stronger visibility and protection against malware families that continue to pose real world risk across industries and environments.

For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers. Get started with a Demo today.

MITRE ATT&CK Framework Alignment

 

MITRE ATT&CK Tactic

Technique

Relevance

Command and Control

Application Layer Protocol T1071

Blocks malware communication through DNS based infrastructure

Command and Control

Dynamic Resolution T1568

Disrupts use of malicious name servers supporting domain rotation

Persistence

Domain Generated Algorithms T1568.002

Limits effectiveness of infrastructure designed for long term resilience

Exfiltration

Exfiltration Over Web Services T1567

Reduces ability to transmit stolen data once communication is blocked

Connect with Customers, Disconnect from Risks