<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:Ofir Ashman

Recent Posts

Bad Domain of the Week: D-D-Don't mess with ddd[.]com

 

The website ddd[.]com claims to be a domain registrant and manager, and even if it is - we definitely wouldn't trust this one. Our Security Research team came across this domain while reviewing customer logs, and saw an unusual amount of communications blocked from this domain.

Read More

Share this:

Yet Another Legitimate Scanner Testing User Patience?

When an IP is in a number of blocklists and it tries to make over 20 Million (yes, you read that right!) connection attempts with our customer devices, it definitely catches our attention. This is exactly what the IP address 89.248.165[.]118 did. Just Memorial Day morning showed around 30K hits in our customer logs from this IP.

Read More

Share this:

Darkside RANSOMWARE Group domains fotoeuropa[.]ro and catsdegree[.]com

This week our Security Research team noticed loads of blocked traffic between ThreatSTOP customer machines and domains recently associated with DarkSide ransomware - the malware behind the Colonial Pipeline shutdown that forced the company to pay $5 million in ransom. The domains - fotoeuropa[.]ro and catsdegree[.]com – logged an accumulative 3.8 million blocked communication attempts in our systems over the last week alone. Almost nothing makes us happier than potential victims saved from malicious threat actors and cyberattack disasters. 

Read More

Share this:

Are your Network Communications ITAR and OFAC Compliant?

Many organizations are subject to government regulations such as ITAR or OFAC that prohibit any dealings with certain foreign nations. Others have countries that they will not do business with for reasons of corporate policy - because of rampant piracy or fraud for example. However with the Internet, what matters isn't always where another computer is located, at least not from the domain name it reports or the place a user fills in as its contact address. This means that, wittingly or unwittingly, devices in any organization may be connecting with other machines in locations that they are legally forbidden to have any communication with.

Read More

Share this:

ThreatSTOP Recommends: Free Open Source Analysis Tools

ThreatSTOP security analysts work around the clock to ensure our threat intelligence include the most relevant and critical indicators of compromise (IOCs). Their analysis and research ensures TS block these IOCs and by extension protect customers from the vast spectrum of cyber threats and related infrastructure. We've asked our analysts to share their favorite free analysis tools for every step of the threat analysis journey, as well as tips and analysis use cases on infamous malware variants. You can view all this awesome info in our Open Source Analysis Tools Infographic, or below in our more extensive blog series. 

Read More

Share this:

When Good IPs Behave Badly - like 146.88.240[.]4

Detecting, verifying and blocking malicious traffic is already quite the challenge in today's rapidly changing cyber threat landscape. Legitimate IPs acting like bad threat actors take this challenge one step further.

Read More

Share this:

Analysis Tools Special Feature: VirusTotal VT Graph

VirusTotal is a great analysis platform for enriching data on IOCs and finding related malicious infrastructure. VT inspects IOCs with over 70 antivirus scanners and URL/domain blacklisting services. The platform offers a search engine for previously scanned items, as well as a number of URL and file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API.

In our opinion, VT's holy grail is its awesome VT Graph - a dynamic threat relations visualization, allowing users to view information about each entity, pivot over data points, edit the graph, and add new nodes. Users can also save their graphs and download the node list.

Read More

Share this:

ThreatSTOP's New and Upgraded Check IOC Analysis Tool is Out!

Check IOC is a security research tool that provides rich metadata, passive DNS and aggregated threat intelligence on IPs and domains. Check IOC also shows exclusive threat intelligence data provided by ThreatSTOP on over 24 million known malicious indicators from our database. Using Check IOC, you can search IPs and domains to vet their maliciousness, get more information on suspicious IOCs, or even upload your logs to see if threat actors are communicating with your network.

We are glad to announce that we have just launched a new and upgraded Check IOC tool! Features that were previously reserved for our Premium Portal and API users now have been added to the free version. The new Check IOC also sports an updated interface, smoother UX, and a more generous limit of 25 free lookups a day.

Read More

Share this:

Bad IP of the Week: ThreatSTOP Blocks 2M+ Connections from Russian IP

Over the weekend, a Russian IP known to be malicious by a variety of threat intelligence vendors tried to communicate with our customers' networks over 2 million times. The IP is known to be malicious by DShield, CINS Army, AbuseIPDB, IPSum and Collective Intelligence. Malicious activity from this IP was also reported on Alienvault's Open Threat Exchange by two additional sources - the Louisiana Cyber Investigators Alliance (LCIA) who caught this IP using their honeypot, and the Internet Storm Center.

Read More

Share this:

Is DNS the Key to DGA Protection?

Command and control servers (C2s) are a central part of malware campaigns - almost all malware families communicate with C2 servers to receive orders from the attackers controlling them. Threat actors go to great lengths to keep these servers up and running while law enforcement attempts to shut them down and security vendors strive to protect their customers from them. When C2 addresses were hard coded into malware it wouldn’t take long before the address was found, published and taken down or blocked. Today's reality is much more complex.

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter