eCrime IoC feed
This feed covers eCrime from the research point of view, focusing mainly on IoCs associated with eCrime actors. The feed enables you to conduct precise and reliable detection and response, prevent data exfiltration, and protect critical assets. The eCrime IoC feed is based on data collected and produced directly by ESET research, and it is exported from the ESET internal MISP server. All of the information is shared as part of a detailed eCrime report in which they are presented in context and comprehensively explained, but the feed can also be purchased separately.
ESET ensures compatibility through using standards like TAXII 2.1 and STIX 2.1, which make the ESET threat intelligence data easily consumable across various TIP, XDR/EDR, SIEM, SOAR, and firewalls. Each of these feeds is created in near real time, and deduplication happens every 24 hours.
eCrime IoC feed mainly utilizes the following STIX 2.1 SDO, SRO and SCO objects and related metadata:
Example data is directly available inside the ESET Threat Intelligence portal. To use the portal without the subscription in Demo mode, follow the steps in the Get started guide to create an account. Additionally, see the Demo mode chapter.