ThreatSTOP Blog

ThreatSTOP Security and Research Team: Protective Updates 29/Feb/2024

Written by Joel Esler | February 29, 2024

At ThreatSTOP, we're always on the move, improving and expanding our cybersecurity services. Our dedicated Security and Research Team is regularly updating our detection capabilities, and we're excited to introduce new targets to our system.

Given the real-time nature of ThreatSTOP's protection updates, it's not feasible to detail all the updated feeds in one blog post. Instead, we're highlighting the new additions we've made to our feed system's backend to enhance the effectiveness and immediacy of our protection.

We've embarked on a project to thoroughly review each feed, feed processor, target, and bundle available to our ThreatSTOP clients. The goal is to ensure a seamless out-of-box experience for all ThreatSTOP protections across all deployment formats. Stay tuned for more details about this initiative in an upcoming blog post.

We're excited to introduce the following new targets:

  • Internet Scanners - IPs
    • This is a list of common scanners of the Internet.  Don't want people scanning your network, for educational or nefarious purposes?  Enable our "Monitoring Services IPs" Bundle, and you'll be protected.
  • TS Originated - Manual Malware IP list - IPs 
    • This is a list of IPs related to malware, manually curated by the ThreatSTOP Security, Intelligence, and Research Team through manual or automated analysis.  Enable our "Active Malware" bundle.
  • TS Originated Manual Malware Domain List - Domains
    • This is a list of Domains related to malware, manually curated by the ThreatSTOP Security, Intelligence, and Research Team through manual or automated analysis.  Enable our "Active Malware" bundle.
  • ThreatFox C2 IPs - IPs
    • This is a list of IPs related to malware such as Cobalt Strike, various RATs and other automated analysis.  Big thanks go out to our friends at abuse.ch for their work in identifying these C2s. Enable our "Active Malware" bundle.
  • ThreatFox C2 Domains - Domains
    • This is a list of Domains related to malware such as Cobalt Strike, various RATs and other automated analysis.  Big thanks go out to our friends at abuse.ch for their work in identifying these C2s. Enable our "Active Malware" bundle.


If you are a user of the "Active Malware" or "Monitoring Services IPs" bundle, or if you enable them, you will automatically receive coverage for all these new targets, enhancing your cybersecurity measures.

In the coming weeks, we will continue to refine our system, simplifying target selection for your policies and bolstering protection for your networks. More information about this internal project will be coming soon.

Becoming a Part of the ThreatSTOP Community

For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape.  We have pricing for all sizes of customers! Get started with a Demo today!