PUA dual-use app files feed
PUA dual-use app files feed provides real-time information on the currently prevalent PUA dual-use applications. Dual-use apps, such as RMM or other multi-purpose tools, are legitimate (possibly commercial) software that attackers might misuse. The feed helps you understand which PUA dual-use files are being seen in the wild and enables you to proactively block them before they can cause any harm. It features the assessment of shared hashes of PUA executable files and associated data. The feed is updated frequently, and it comes with filtering so that customers only obtain relevant data with low levels of redundancy.
ESET ensures compatibility through using standards like TAXII 2.1 and STIX 2.1, which make the ESET threat intelligence data easily consumable across various TIP, XDR/EDR, SIEM, SOAR, and firewalls. Each of these feeds is created in near real time, and deduplication happens every 24 hours.
PUA dual-use app files feed mainly utilizes the following STIX 2.1 SDO, SRO and SCO objects and related metadata:
Example data is directly available inside the ESET Threat Intelligence portal. To use the portal without the license in Demo mode, follow the steps in the Get started guide to create an account. Additionally, see the Demo mode topic.