This section describes Kaspersky Threat Data Feeds that can be downloaded and processed by the application.
The feeds are available only after purchasing the license.
The following feeds are available:
APT Hash Data Feed—A set of hashes that cover malicious artifacts used by Advanced Persistent Threat (APT) actors to conduct APT campaigns.
APT IP Data Feed—A set of IP addresses that belong to an infrastructure used in APT campaigns.
APT URL Data Feed—A set of domains that are part of an infrastructure used in APT campaigns.
Botnet CnC URL Exact Data Feed—A set of exact URLs, hosts, domains and extra context containing information about desktop botnet C&C servers and related malicious objects.
Crimeware Hash Data Feed—A set of hashes and extra context that are described in Kaspersky Crimeware Reports and related to objects used to conduct fraudulent campaigns. The feed is used for investigation of cyber incidents.
Crimeware IP Data Feed—A set of IP addresses and extra context described in Kaspersky Crimeware Reports and related to objects used to conduct fraudulent campaigns. The feed is used for investigation of cyber incidents.
Crimeware URL Data Feed—A set of domains and extra context described in Kaspersky Crimeware Reports and belong to the infrastructure used in fraudulent campaigns. The feed is used for investigation of cyber incidents.
IoT URL Data Feed—A set of URLs with context covering malware that infects IoT (Internet of Things) devices, such as IP cameras, routers and dishwashers.
IP Reputation Data Feed—A set of IP addresses with context that cover different categories of suspicious and malicious hosts.
Malicious Hash Data Feed—A set of file hashes with corresponding context covering the most dangerous, prevalent and emerging malware.
Malicious URL Exact Data Feed—A set of exact URLs, hosts, domains and extra context for detecting malicious web resources.
Mobile Botnet CnC URL Data Feed—A set of URL masks and extra context for detecting C&C servers and web resources that are related to mobile botnets.
Mobile Malicious Hash Data Feed—A set of file hashes with corresponding context covering malicious objects that infect mobile Google™ Android™ and Apple iPhone devices.
Phishing URL Exact Data Feed—A set of exact URLs as well as hosts, domains and extra context for detecting phishing web resources.
Ransomware URL Data Feed—A set of URLs, domains, and hosts with context that cover web resources where ransomware is hosted.
Vulnerability Data Feed—A set of corporate security vulnerabilities with related threat intelligence (hashes of vulnerable apps/exploits, timestamps, CVEs, patches etc.).
Demo feeds are also available. Demo feeds provide lower detection rates in comparison with their corresponding commercial versions. The following demo feeds are available:
Demo Botnet CnC URL Data Feed—A set of exact URLs, hosts, domains and extra context containing information about desktop botnet C&C servers and related malicious objects.
This is a demo version of Botnet CnC URL Data Feed.
Demo IP Reputation Data Feed—A set of IP addresses with context that cover different categories of suspicious and malicious hosts.
This is a demo version of IP Reputation Data Feed.
Demo Malicious Hash Data Feed—A set of file hashes with corresponding context covering the most dangerous, prevalent and emerging malware.
This is a demo version of Malicious Hash Data Feed.