APT IoC feed
As the name suggests, this feed covers APTs from the research point of view, focusing mainly on IoCs (Indicators of Compromise) associated with APT groups' attacks. The feed enables you to conduct precise and reliable detection and response, prevent data exfiltration, and protect critical assets. It is based on data collected and produced directly by ESET research, and it comes as an export from the ESET internal MISP server. All of the information is shared as part of a detailed APT report in which it is presented in context and comprehensively explained, but the feed can also be purchased separately.
ESET ensures compatibility through using standards like TAXII 2.1 and STIX 2.1, which make the ESET threat intelligence data easily consumable across various TIP, XDR/EDR, SIEM, SOAR, and firewalls. Each of these feeds is created in near real time, and deduplication happens every 24 hours.
APT IoC feed mainly utilizes the following STIX 2.1 SDO, SRO and SCO objects and related metadata:
Example data is directly available inside the ESET Threat Intelligence portal. To use the portal without the license in Demo mode, follow the steps in the Get started guide to create an account. Additionally, see the Demo mode topic.