As with many other people in the cybersecurity world, ThreatSTOP received notification today about a spear phishing campaign using some of the zero day vulnerabilities leaked from “Hackinged Team” at the beginning of the month. ThreatSTOP is happy to report that we are blocking the IOCs in that notification for all our customers who use either the TSCritical Target List or the Lists that include it – BASIC or BOTNETS - in their firewall policy.
ThreatSTOP customers who upload logs should check for outbound connection attempts to TSCritical IP addresses in their reports. Any TSCritical hit is a significant cause for concern. We are adding many Angler Exploit Kit dropper sites to this list as well as other similarly critical malware. If customers want to learn why a particular IP address is in TSCritical, they should contact our Technical Support at firstname.lastname@example.org.