Android threats feed
An Android threat refers to any malware or malicious activity targeting Android devices, including smartphones, tablets, and other devices running the Android OS. These threats are designed to exploit vulnerabilities, steal personal information, spy on user activities, display unwanted ads, or even lock the device for ransom. By utilizing the Android threats feed, you can stay informed about these evolving dangers and protect your devices from potential attacks. The feed provides real-time information on currently prevalent Android threats as well as on their characteristics and IoCs (Indicators of Compromise). The feed helps you understand which Android threats are being seen in the wild and enables you to proactively block them before they can cause any harm.
ESET ensures compatibility through using standards like TAXII 2.1 and STIX 2.1, which make the ESET threat intelligence data easily consumable across various TIP, XDR/EDR, SIEM, SOAR, and firewalls. Each of these feeds is created in near real time, and deduplication happens every 24 hours.
Android threats feed mainly utilizes the following STIX 2.1 SDO, SRO and SCO objects and related metadata:
Example data is directly available inside the ESET Threat Intelligence portal. To use the portal without the license in Demo mode, follow the steps in the Get started guide to create an account. Additionally, see the Demo mode topic.
ESET STIX 2.1 SDO Names and Labels
Indicator
•Name: "Malware variant"—file has shown malicious activity—High severity threat, High confidence
•Label: "malicious-activity"
Malware
•Name: name of the detection
•Labels:
o"trojan"
o"worm"
o"virus"
o"dropper"
o"adware"
o"rogue security software"
o"ransomware"
o"keylogger"
o"rootkit"
o"ddos"
o"bot"
o"spyware"