This section describes Kaspersky Threat Data Feeds available for Kaspersky CyberTrace.
Basics of Kaspersky Threat Data Feeds
First-tier security vendors and enterprises use time-tested and authoritative Kaspersky Threat Data Feeds to produce premium security solutions or to protect their business.
Cyber attacks happen every day. Cyber threats are constantly growing in frequency, complexity, and obfuscation, as they try to compromise your defenses. Adversaries currently use complicated intrusion kill chains, campaigns, and customized Tactics, Techniques, and Procedures (TTPs) to disrupt business or damage clients.
Kaspersky offers continuously updated Threat Data Feeds to inform your business or clients about risks and implications associated with cyber threats, helping you to mitigate threats more effectively and defend against attacks even before they are launched.
Information contained in Kaspersky Threat Data Feeds
Kaspersky Threat Data Feeds contain thoroughly vetted threat indicator data sourced from the real world in real time.
Every record in each feed is enriched with actionable context (threat names, time stamps, geolocation, resolved IPs, addresses of infected web resources, hashes, popularity, and so on). Contextual data helps to reveal the "big picture", further validating and supporting wide-ranging use of the data.
Set in context, the data can more readily be used to answer the who, what, where, and when questions that lead to the identification of adversaries, helping you make timely decisions and actions specific to your organization.
Available feed groups
Kaspersky Threat Data Feeds available for Kaspersky CyberTrace can be divided into the following major groups:
This group contains regular commercial feeds that can be accessed with a commercial certificate. Feeds from this group cover a wide variety of cyberthreats.
APT feeds are commercial feeds that contain information about cyber threats related to advanced persistent threat (APT) campaigns.
Demo feeds can be used for evaluation purposes. These feeds do not require a commercial certificate. Demo feeds provide lower detection rates in comparison with their corresponding commercial versions.
Commercial feeds
The following feeds are available in this group:
A set of URLs and hashes with context that cover desktop botnet C&C servers and related malicious objects. Masked and non-masked records are available.
A set of IP addresses with context that cover different categories of suspicious and malicious hosts.
A set of file hashes with context that cover the most dangerous, prevalent, or emerging malware.
A set of URLs with context that cover malicious websites and web pages. Masked and non-masked records are available.
A set of URLs with context that cover mobile botnet C&C servers.
A set of file hashes with context for detecting malicious objects that infect mobile Google™ Android™ and Apple® iPhone® devices.
A set of URLs with context that cover phishing websites and web pages. Masked and non-masked records are available.
A set of URLs, domains, and hosts with context that cover ransomware links and websites.
A set of file hashes with context that cover vulnerabilities in applications and cover exploits that use those vulnerabilities.
Kaspersky CyberTrace does not support the cpes
field of the Vulnerability Data Feed.
A set of URLs with context that cover malicious links used to download malware targeting Internet of Things-enabled devices.
A set of hashes of malicious applications that are used to attack the ICS (Industrial Control Systems) infrastructure.
APT Feeds
The following demo feeds are available in this group:
A set of hashes that cover malicious artifacts used by APT actors to conduct APT campaigns.
A set of IP addresses that belong to the infrastructure used in APT campaigns.
A set of domains that belong to the infrastructure used in APT campaigns.
Demo feeds
The following demo feeds are available in this group:
Provides lower detection rates in comparison with Botnet CnC URL Data Feed.
Provides lower detection rates in comparison with IP Reputation Data Feed.
Provides lower detection rates in comparison with Malicious Hash Data Feed.
Diff feeds
Diff versions are available for the following feeds:
Sorting order for records in feeds
Feed records are sorted as follows: