Threat Intelligence reports and feeds

Get unique intel, stronger defenses

Threat intelligence from ESET's world-renowned experts. Get a unique perspective on the threat landscape and improve your cybersecurity posture.

Get unique insights

ESET gathers threat intelligence from a unique range of sources and has unparalleled in-the-field experience that helps you fight increasingly sophisticated cybersecurity attacks.

Stay ahead of adversaries

ESET follows the money, specifically monitoring those places where we have detected APT groups that target Western companies: Russia, China, North Korea, Iran. You’ll know about new threats first.

Make crucial decisions, faster

Anticipate threats and make faster, better decisions thanks to comprehensive ESET reports and curated feeds. Reduce your exposure to prevailing threats, forewarned by experts.

Improve your security posture

Informed by ESET intelligence feeds, enhance your threat hunting and remediation capabilities, block APTs and ransomware, and improve your cybersecurity architecture.

Automate threat investigation

ESET technology searches for threats constantly, across multiple layers, from pre-boot to resting state. Benefit from telemetry on all countries where ESET detects emerging threats.

Access unparalleled expertise 

ESET has invested in building the world’s leading cybersecurity team, and 13 R&D centers worldwide. We use machine learning to help automate decisions, but our people stand behind threat evaluation.

1bn+
internet users protected
320k+
business customers
130
countries & territories
1
global R&D centers

Get APT reports you can act on – quickly and accurately

    With APT Reports, you get:

  • Access to private, in-depth technical analysis
  • APT activity summary reports
  • A monthly summary for your C-level executives
  • Direct access to an ESET cybersecurity professional 
  • Access to our MISP server

Putting our best research at your fingertips

Our research team is well known in the digital security environment, thanks to our award winning We Live Security blog. Their great research and APT activity summaries are available, with much more detailed information at your disposal.

Actionable, curated content

Reports provide a great deal of context to what is going on and why. Thanks to this, organizations can prepare in advance for what might be coming. It’s not just the reports themselves – they are curated by our experts who put them in a human-readable format.

Make crucial decisions fast

All this helps organizations to make crucial decisions and provides a strategic advantage in the fight against digital crime. It brings an understanding of what is happening on the ‘bad side of the internet’ and provides crucial context, so that your organization can make internal preparations quickly.

Access to ESET Analyst

Every customer ordering the APT Reports PREMIUM package will have also access to an ESET analyst for up to four hours each month. This provides the opportunity to discuss topics in greater detail and help resolve any outstanding issues.

In-depth analysis

The package includes in-depth technical analysis reports describing recent campaigns, new toolsets and related subjects, and activity summary reports. A monthly overview combines information from all Technical Analysis and Activity Summary reports released in the previous month into a shorter and more digestible form. 

Integrate ESET Threat Intelligence into your system

  • Integrating ESET telemetry is simple and will enrich your TIP, SIEM or SOAR.
  • We have a comprehensive API with full documentation.
  • We supply data in standardized formats - such as JSON and STIX feeds via TAXII – so that integration into any tool is possible.

We have step-by-step integration manuals for fast and easy implementation and we're continually adding others:

  • IBM QRadar
  • Anomali
  • MS Azure Sentinel
  • OpenCTI
  • ThreatQuotient

ESET proprietary intelligence feeds

Enrich your view of the worldwide threat landscape based on unique telemetry. ESET feeds come from our research centers around the globe, providing a holistic picture and enabling you to quickly block IoCs in your environment. Feeds are in the formats • JSON • STIX 2.1

    With ESET feeds, you get:

  • Highly curated data
  • Actionable content
  • Low false positives
  • Frequent updates
  • Comprehensive API
Malicious files feed

This feed provides real-time information on newly discovered malware samples, their characteristics, and IOCs. The feed helps you understand which malicious files are being seen in the wild and enables you to proactively block them before they can cause any harm.
It features malicious domains, including file hashes, timestamps, threat type detected, and other detailed information.

Domain feed

Block domains which are considered malicious including domain name, IP address, and the date associated with them. The feed ranks domains based on their severity, which lets you adjust your response accordingly, for example to only block high-severity domains.

Botnet feed

Based on ESET's proprietary botnet tracker network, Botnet feed features three types of sub-feeds – botnet, C&C and targets. Data provided includes items such as detection, hash, last alive, files downloaded, IP addresses, protocols, targets and other information.

URL feed

Similar to Domain feed, the URL feed looks at specific addresses. It includes detailed information on data related to the URL, as well as information about the domains which host them. All the information is filtered to show only high confidence results and includes human-readable information on why the URL was flagged.

APT IoC

This feed consists of APT information produced by ESET research. In general, the feed is an export from the ESET internal MISP server. All the data that is shared is also explained in greater detail in APT reports. The APT feed is also part of APT reports offering, but the feed can also be purchased separately.

IP feed

This feed shares IPs considered to be malicious and the data associated with them. The structure of the data is very similar to that used for the domain and URL feeds. The main use-case here is to understand which malicious IPs are currently prevalent in the wild, block those IPs which are of high severity, spot those that are less severe, and investigate further, based on additional data, to see if they have already caused harm.

protected by ESET since 2017
more than 9,000 endpoints

protected by ESET since 2016
more than 4,000 mailboxes

protected by ESET since 2016
more than 32,000 endpoints

ISP security partner since 2008
2 milion customer base

One of the most referenced and active contributors to MITRE ATT&CK®

ESET continues to be one of the most referenced and active contributors to the MITRE ATT&CK® knowledge base of adversary tactics and techniques. In doing so, ESET confirms its commitment to proactively share targeted intelligence with the security community and provide our customers with the best protection possible.

Find the complete list of ESET contributions here (type ESET in the upper left search button).

ESET is a regular participant in MITRE Engenuity ATT&CK® Evaluations. In the latest round against well-known cybercrime actors, Sandworm and Wizard Spider, ESET has scored high again, with 100% (15/15) of applicable steps detected for the second consecutive year.

Visit our website, where you can find new and previous ATT&CK® Evaluations, read a comprehensive analysis of the latest ATT&CK® Evaluations, and other essential research blogs and additional MITRE-related information.

Explore our customized solutions

Please leave your contact details so we can design a personalized offer to fit your requirements.

Committed to the highest industry standards

ESET is one of the very few vendors who have shaped the industry in 2022 According to IDC, ESET is one of the very few vendors who have shaped the industry in 2022 thanks to its industry longevity, technical prowess, research excellence and financial stability.

Learn more

ESET was awarded in multiple independent tests

See test results

ESET is a ‘Top Player’ in Advanced Persistent Threat protection ESET has been recognized as a ‘Top Player’ for the fourth year in a row in Radicati’s 2023 Advanced Persistent Threat Market Quadrant

Learn more

ESET is appreciated by customers worldwide


Read full reviews

ESET among Market & Overall leaders in MDR MDR Leadership Compass 2023

Get the report

ESET is recognized for over 700 reviews collected on Gartner Peer Insights © 2022 Gartner, Inc. Gartner® and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Related business solutions

Security solution

ESET PROTECT MDR Ultimate


The ultimate fusion of cutting-edge security tools and top of the line human expertise.

Learn more

Security solution

ESET PROTECT Elite


Extended detection and response (XDR) that delivers enterprise-grade visibility, threat hunting and response options.

Learn more

Protection category

Advanced Threat Defense


Proactive cloud-based prevention against ransomware or never-before-seen threat types with autonomous remediation capabilities.

Learn more

Related resources and documents

Security Overview

Download full solution overview of ESET Threat Intelligence.

See solution overview

APT Reports

Prepared by ESET's world-leading malware experts, APT reports analyze specific, current advanced persistent threats.

Download sample report (PDF)

Ransomware

A look at the criminal art of malicious code, pressure and manipulation.

Learn more

Threat research

ESET has been a global leader in cyber threat research for more than 30 years. 

Read the latest report

Stay on top of cybersecurity news

Brought to you by awarded and recognized security researchers from ESET's 13 global R&D centers.

Corporate blog

Cyber insurance, human risk, and the potential for cyber-ratings

Explore the future of cybersecurity with the concept of cyber-ratings, where human behavior meets advanced risk management. Could cyber insurance evolve to predict and mitigate risks posed by…

Understanding cyber-incident disclosure

Navigate the complexities of cyber-incident disclosure and discover how preparation, legal advice, and cyber insurance can protect your organization. Learn why proactive planning is key to managing…

We Live Security blog

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)

As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks

Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost