<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: iocs

Darkside RANSOMWARE Group domains fotoeuropa[.]ro and catsdegree[.]com

This week our Security Research team noticed loads of blocked traffic between ThreatSTOP customer machines and domains recently associated with DarkSide ransomware - the malware behind the Colonial Pipeline shutdown that forced the company to pay $5 million in ransom. The domains - fotoeuropa[.]ro and catsdegree[.]com – logged an accumulative 3.8 million blocked communication attempts in our systems over the last week alone. Almost nothing makes us happier than potential victims saved from malicious threat actors and cyberattack disasters. 

Read More

Share this:

ThreatSTOP Recommends: Free Open Source Analysis Tools

ThreatSTOP security analysts work around the clock to ensure our threat intelligence include the most relevant and critical indicators of compromise (IOCs). Their analysis and research ensures TS block these IOCs and by extension protect customers from the vast spectrum of cyber threats and related infrastructure. We've asked our analysts to share their favorite free analysis tools for every step of the threat analysis journey, as well as tips and analysis use cases on infamous malware variants. You can view all this awesome info in our Open Source Analysis Tools Infographic, or below in our more extensive blog series. 

Read More

Share this:

ThreatSTOP Managed Rules Now Available for AWS WAF

Good news for AWS customers (which is.... a lot of you!)! 

Read More

Share this:

Solarwinds, Fireeye, and You

The latest headliner in cybersecurity news is the recently disclosed compromise of FireEye, The US Government, and many others that was brought about by a backdoor discovered in a widely installed set of network tools from Solarwinds.

What we know so far reveals a sophisticated, long term, and well-funded campaign that was likely backed by a nation's resources rather than some run-of-the-mill cyber criminal enterprise.

Read More

Share this:

Using Threat Intelligence for Proactive Threat Protection

With ransomware and cyber-attack chaos these days, we find ourselves focusing on the rapid appearance of new and upcoming threats. Every day is a day of new threats, new attack headlines, and new worries. But, it’s important to keep in mind that with so many new attacks come so many researchers and organizations whose goal is to collect and update as much information as possible regarding these new threats. Security service providers, researchers, and security communities collect and publish a plethora of updated, actionable threat intelligence at every given moment. The big question is – how to make all that extremely useful (yet extremely scattered) intelligence actionable, and how to automatically integrate it on to your security solutions and devices.

Read More

Share this:

ThreatSTOP Free Open Source Analysis Tools Series. Part 4: Enrichments & Connecting the Dots

 

Making connections and finding new indicators is an important part of IOC analysis, and is probably the most enjoyable part as well. Blog posts and reports on new threats will usually mention the indicators seen to be used by the specific malware sample or attack vector analyzed, yet in many cases there is a larger malicious infrastructure behind them just waiting to be uncovered (and blocked!). Sometimes, a whole other malicious infrastructure can be revealed by examining IOCs related to malicious IPs and domains. There are a variety of tools out there that can help analysts investigate indicators of compromise and their infrastructure, and perform enrichment to shed light on related, malicious IOCs.

In this post, we will review some of our Security Research Team’s favorite connection and enrichment platforms.

 

Read More

Share this:

ThreatSTOP Free Open Source Analysis Tools Series. Part 1: Why Use IOCs?

Welcome To Our New Weekly Series, Free Open Source Analysis Tools.

This Week's Topic: Free Open-Source Analysis Tools, Why Use IOCs?

Throughout this series, we'll be talking about a Security Analyst’s IOC analysis journey. From discovering relevant indicators and performing the analysis, to finding enrichments and new IOCs. We will also share recommendations for free open-source analysis tools and use cases completed by ThreatSTOP's Security and Research Team, showing how to utilize the various platforms and tools. Let's get started.

Read More

Share this:

Bi-weekly Security Update

Bi-weekly Security Update

Malicious content identified and inserted:

  • IPs – 960
  • Domains – 1653
Read More

Share this:

Bi-weekly Security Update 12/21-1/3

Malicious content identified and inserted:

  • IPs – 1625
  • Domains – 4562

Target lists updated:

  • TSCritical (Domains and IPs)
  • TSRansomware (Domains and IPs)
  • TSPhishing (Domains and IPs) – New Targets added!
  • TSBanking (Domains and IPs) – New Targets added!
Read More

Share this:

Biweekly Security Update

Biweekly Security Update

Malicious content identified and inserted:

  • IPs – 232
  • Domains – 386

Target lists updated:

  • TS-CRIT
  • TS-RANS
Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter