<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Analysis Tools Special Feature: VirusTotal VT Graph

VirusTotal is a great analysis platform for enriching data on IOCs and finding related malicious infrastructure. VT inspects IOCs with over 70 antivirus scanners and URL/domain blacklisting services. The platform offers a search engine for previously scanned items, as well as a number of URL and file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API.

In our opinion, VT's holy grail is its awesome VT Graph - a dynamic threat relations visualization, allowing users to view information about each entity, pivot over data points, edit the graph, and add new nodes. Users can also save their graphs and download the node list.

Read More

Share this:

ThreatSTOP's New and Upgraded Check IOC Analysis Tool is Out!

Check IOC is a security research tool that provides rich metadata, passive DNS and aggregated threat intelligence on IPs and domains. Check IOC also shows exclusive threat intelligence data provided by ThreatSTOP on over 24 million known malicious indicators from our database. Using Check IOC, you can search IPs and domains to vet their maliciousness, get more information on suspicious IOCs, or even upload your logs to see if threat actors are communicating with your network.

We are glad to announce that we have just launched a new and upgraded Check IOC tool! Features that were previously reserved for our Premium Portal and API users now have been added to the free version. The new Check IOC also sports an updated interface, smoother UX, and a more generous limit of 25 free lookups a day.

Read More

Share this:

Bad IP of the Week: ThreatSTOP Blocks 2M+ Connections from Russian IP

Over the weekend, a Russian IP known to be malicious by a variety of threat intelligence vendors tried to communicate with our customers' networks over 2 million times. The IP is known to be malicious by DShield, CINS Army, AbuseIPDB, IPSum and Collective Intelligence. Malicious activity from this IP was also reported on Alienvault's Open Threat Exchange by two additional sources - the Louisiana Cyber Investigators Alliance (LCIA) who caught this IP using their honeypot, and the Internet Storm Center.

Read More

Share this:

Two DNS Dudes with a ‘tude Dissect the NAME:WRECK Vulnerability in Ep.1 of New Streaming Series

Last week Forescout Research Labs and JSOF Research disclosed NAME:WRECK, a set of Domain Name System (DNS) vulnerabilities that have the potential to cause either Denial of Service (DoS) or allow Remote Code Execution (RCE) for tens of millions of Internet-connected devices. 

Read More

Share this:

Command Line Heroes Interview with Dr. Paul Mockapetris

Check out Dr. Paul Mockapetris, inventor of the Domain Name System and ThreatSTOP's Chief Scientist on this Command Line Heroes episode "Season 7, Episode 1: Connecting the Dot-Com" 

Click, sit back, and enjoy. Here is the direct link to the episode: https://www.redhat.com/en/command-line-heroes/season-7/dot-com

Read More

Share this:

Is DNS the Key to DGA Protection?

Command and control servers (C2s) are a central part of malware campaigns - almost all malware families communicate with C2 servers to receive orders from the attackers controlling them. Threat actors go to great lengths to keep these servers up and running while law enforcement attempts to shut them down and security vendors strive to protect their customers from them. When C2 addresses were hard coded into malware it wouldn’t take long before the address was found, published and taken down or blocked. Today's reality is much more complex.

Read More

Share this:

6 Cybersecurity Mistakes Every Organization Should Avoid

 

All it takes is one mistake, one wrong click or weak password, one unpatched vulnerability, for a malicious threat actor to infiltrate your network. Once they are inside, the options are endless. Security can never be 100% airtight, but making sure you have strong armor at the frontline will critically minimize the attacks that have a chance of penetrating your network. How is this defense built? Most of the time, our mind jumps right to the tools – which technologies can we use to armor up? But effective security is much more than that – setting in place the right mindset, personnel, processes AND tools is the key to keeping your data secure. In this blog post, we will share critical mistakes that managers, IT teams and employees alike should be aware of in order to make the right choices and keep the company network safe.

Read More

Share this:

ThreatSTOP launches built-in ThreatCONNECT Integration

ThreatSTOP is now a ThreatConnect partner, integrating our DNS and IP threat intelligence directly into ThreatConnect's market-leading Threat Intelligence (TIP) and Security Orchestration, Automation, and Response (SOAR) Platform.

Read More

Share this:

Cyber Criminals Upset by New ThreatSTOP - Bandura Integration

In news that's certain to make cyber criminals depressed, but security practitioners joyous, ThreatSTOP and Bandura have developed an integration that builds on the proactive, block-threats-early mantra shared by the two security companies.

Read More

Share this:

From Russia with Love: Selectel hosting some busy, bad IP addresses

In the past week we saw a massive surge in hits on customer logs coming from the IP 45.146.165[.]11. Our security research team checked it out, and found that it has been the launch pad for abnormally large amounts of traffic trying to reach customer machines. On one customer network alone they got over 2 million hits.

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter