Subscribe to ThreatSTOP feed
Updated: 29 min 14 sec ago

ThreatSTOP Tools & Action For Visibility Fighting Ransomware & WannaCry

Wed, 05/17/2017 - 23:36

Protecting and empowering our valued customers is always a top priority at ThreatSTOP. Today, we're taking additional action to deliver better protection and greater visibility related to the WannaCry ransomware attack.

Operation Cloud Hopper Jumps Into View

Wed, 05/17/2017 - 18:08

Operation Cloud Hopper, uncovered by researchers at BAE Systems and PwC, was a cyberespionage campaign by APT10 (also known as Red Apollo and the menuPass Team) that targeted IT managed service providers (MSPs) in order to steal their clients' corporate data.

This past weekend made all of us WannaCry

Sun, 05/14/2017 - 14:38

On May 12th, an outburst of a new Ransomware named WannaCry (aka WannaCrypt, WCry) took place. This ransomware, spread wildly and in a short amount of time infected over 100K victims in over 99 countries utilizing the MS17-010 Vulnerability. The following image from the live infection map demonstrates how big the impact of this campaign had been over the past 24 hours.

Bi-Weekly Security Update 5/11/17

Thu, 05/11/2017 - 19:39

Malicious Content Identified and Inserted:

ThreatSTOP & Reposify Partner to Stop DDoS Attacks from Infected IoT Devices & Services

Tue, 05/09/2017 - 18:54
Cyber Security Startups Combine Threat Data & Real-Time Policy Delivery Platform to Address Huge Gap in Cybersecurity.

Knock-Knock! Who’s There? ... NoTrove.

Tue, 05/09/2017 - 17:34


Internet-based advertising has been in wide use since the early 21st century. Its popularity grew in 2010 with the development of programmatic advertising. (Also referred to as automated advertainment) Here, you pay per ad view, which can be maliciously misused by counting machines and bots as actual viewers. Additional types of malicious use include accumulating web traffic and selling it to web traffic brokers, or engaging this traffic in semi-malicious programs like PUP. (Potentially Unwanted Programs)

Targets for inbound attacks & whitelisting major services in policies

Tue, 05/09/2017 - 14:54

We are happy to announce the release of a new Blacklist target for our IP Firewall service.

Use of VPN and Tor Traffic Allows Corporate Security Bypassing

Mon, 05/08/2017 - 23:47


We’ve all been bored at work, that’s a given. We don’t have a need to go crashing through the brush looking for our next meal and that leaves our brains with a bunch of extra cycles to spend on life in the modern world. That means our personal lives, our jobs, and what to have for lunch.

New DGA targets for DNS Firewall policy

Thu, 05/04/2017 - 13:20

ThreatSTOP’s Security Research Team has been busily tracking down new threat sources and compiling publicly shared data from multiple research teams. The result is our New Domain Generation Algorithm (DGA) target collection.

Bi-Weekly Security Update 4/28/17

Fri, 04/28/2017 - 19:50

Dimnie: Targeting the Unexpected

Wed, 04/26/2017 - 17:14


GitHub is a platform used to share any type of code. For this reason, it’s an important part of research and information sharing within the cyber security field. Because it’s a part of this environment, it’s inevitable that malicious actors will try to infect users’ platforms with malware.

Bi-Weekly Security Update 4/17/17

Mon, 04/17/2017 - 17:34

Malicious Content Identified and Inserted:

New Targets to Protect Against Incoming Attacks

Mon, 04/03/2017 - 12:49

We are happy to announce the release of 3 new targets, including updates to 3 existing ones. The new IPs derive from live attacks targeting online servers. This data is collected by the voluntary service,

Bi-Weekly Security Update 3/29/17

Wed, 03/29/2017 - 17:33

Bi-Weekly Security Update 3/15/2017

Wed, 03/15/2017 - 17:02


Malicious Content Identified and Inserted:

  • IPs – 3680
  • Domains – 603

Target List Content Updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

EITest – The Long Living Campaign

Wed, 03/08/2017 - 13:22

EITest is a campaign initially discovered in 2014 by Malwarebytes. It distributes malware (that uses iframes) through a flash file on a compromised site, followed by exploitation through an Exploit Kit. In the past, this campaign was used to distribute malware including Cerber, CryptoMix, CryptoShield, Gootkit and the Chthonic banking Trojan, all using various types of Exploit Kits.

3 New Targets Protecting Against Drive-By Attacks

Thu, 03/02/2017 - 15:55

We are happy to announce the release of 3 new targets, specifically protecting against Drive-By attacks. In a drive-by attack, web sites are used as malware droppers. The targets include manually identified domains, as well as domains identified by running known botnet domain generation algorithms. These 3 new targets are built for users to choose the level of protection that accommodates their needs.

The 3 new targets are:

ThreatSTOP Bi-weekly Security Update

Wed, 03/01/2017 - 21:32

Malicious content identified and inserted:

  • IPs – 3967
  • Domains – 391

Target list content updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

Magic Hound Sniffs Out Trouble

Tue, 02/28/2017 - 17:51


Magic Hound, as dubbed by researchers at Palo Alto Networks, is a targeted espionage campaign against Saudi Arabian government, energy and technology industries. The campaign utilized a common phishing tactic, embedding macros into Word and Excel documents. If the victim enabled macros on the document, Powershell scripts downloaded additional malware onto their computer, such as the open-source Python RAT, Pupy.