Ransomware feed

Ransomware feed provides real-time information on currently prevalent ransomware samples as well as on their characteristics and IoCs (Indicators of Compromise). The feed helps you understand which ransomware families are being seen in the wild and enables you to proactively block them before they can cause any harm. It includes hashes of ransomware samples and associated data. The feed is updated in real time and it is filtered so that you only obtain relevant data with low redundancy.

ESET ensures compatibility through using standards like TAXII 2.1 and STIX 2.1, which make the ESET threat intelligence data easily consumable across various TIP, XDR/EDR, SIEM, SOAR, and firewalls. Each of these feeds is created in near real time, and deduplication happens every 24 hours.

Ransomware feed mainly utilizes the following STIX 2.1 SDO, SRO and SCO objects and related metadata:

•Indicator

•Malware

•Observed Data

•Relationship

Example data is directly available inside the ESET Threat Intelligence portal. To use the portal without the license in Demo mode, follow the steps in the Get started guide to create an account. Additionally, see the Demo mode topic.

ESET STIX 2.1 SDO Names and Labels

Indicator

•Name: "Malware variant"—file has shown malicious activity—High severity threat, High confidence

•Label: "malicious-activity"

Malware

•Name: name of the detection

•Labels:

o"trojan"

o"worm"

o"virus"

o"dropper"

o"adware"

o"rogue security software"

o"ransomware"

o"keylogger"

o"rootkit"

o"ddos"

o"bot"

o"spyware"

˄˅