Give your team clarity – not just more data. Backed by global telemetry and expert analysis,
ESET Threat Intelligence Feeds deliver timely, high-confidence intel that helps you reduce
dwell time, strengthen detection and anticipate targeted threats.
Elevated risk profile
Reputation is your currency. A single incident can erode trust, drive customers away and damage brand equity. How prepared is your organization to prevent such breaches?
Limited visibility from lack of CTI diversity
Relying on a small number of generic or low-quality feeds creates blind spots. Without diverse, high-fidelity CTI, attackers exploit what you don’t see. Is your SOC equipped to keep an eye on the entire landscape?
Too much noise, not enough signal
Overloaded analysts spend hours filtering duplicate, low-value alerts, while manual post-processing delays investigation and response, increasing dwell time and burnout. How much time is your team losing just to separate noise from real intelligence?
Inconsistent quality and false positives
High false-positive rates undermine confidence. Poorly validated indicators waste effort, slow decisions and weaken trust in your threat intel — so how do you ensure the data behind your defense strategy is truly credible?
SEE THREATS OTHERS MISS
ESET collects intelligence from diverse, hard-to-reach sources and real-world incident response, giving teams unique visibility into emerging and sophisticated attacks.
DECIDE FASTER, WITH CONFIDENCE
Highly curated feeds cut through the noise so analysts can anticipate threats, reduce exposure to prevailing campaigns and make faster, better-informed decisions.
RELY ON HUMAN-BACKED EXPERTISE
Global R&D centers and expert researchers validate and enrich machine-learning detections, ensuring indicators and context you can actually trust.
STRENGTHEN YOUR WHOLE SECURITY STACK
Seamless integration with CTI platforms, SIEM and SOAR simplifies ingestion and correlation, boosting automated workflows and sharpening detection across your defenses.
Threat intelligence isn’t just raw data – it’s foresight. At ESET, advanced technology and expert research turn telemetry into enriched indicators and deep analysis. Every sample becomes valuable intelligence, helping your team anticipate and outsmart evolving threats.
USE CASE
PUAs, such as remote management tools, hack tools or adware are often exploited by ransomware gangs and other adversaries. Even storing these tools can violate company policies and increase risk exposure. As a cybersecurity vendor, ESET has extensive knowledge on PUAs and can tell right from wrong at an unmatched level.
SOLUTION
ESET’s PUA Feed delivers visibility into semi-legitimate tools that may have valid uses but also pose security risks. Integrate it with EDRs, firewalls, SIEMs and mail gateways to block or signal PUA activity.
VALUE
USE CASE
Botnets and infostealers are often precursors to advanced attack chains. Detecting and blocking them early is critical to prevent lateral movement and post-compromise activity.
SOLUTION
ESET’s Botnet Feed delivers high-quality IoCs for botnet payloads, C&C URLs and related metadata. It helps you stop potential malicious activity by blocking the related hashes or URLs in your XDR, NDR, firewall, SIEM or mail gateway, preventing threats and flagging suspicious behavior.
VALUE
Explore our diverse threat intelligence feed portfolio, from
broad foundational intel to highly specialized streams.
MALICIOUS DATA FEED
Real-time insights on newly discovered malware samples, their characteristics and IoCs. Includes file hashes timestamps and threat types to help you block malicious files before they cause harm.
RANSOMWARE FEED
Real-time data on active ransomware families and prevalent samples. Enables proactive blocking to prevent breaches and costly disruptions.
BOTNET FEED
Powered by ESET’s botnet tracker, this feed includes three sub-feeds: botnet, C&C and targets. Provides detection details, file hashes, last communication timestamps, downloaded files, IPs, protocols and target information.
APT IOC FEED
Insights into Advanced Persistent Threats based on ESET research. Exported from ESET’s internal MISP server and aligned with APT reports. Available as part of reports or as a standalone feed.
URL FEED
A curated feed of specific URLs with detailed information on each address and its hosting domains. Includes only high-confidence findings, supported by clear, human-readable explanations for flagged URLs.
IP FEED
Receive actionable data on malicious IPs. The structure mirrors domain and URL feeds. Use it to identify common threats, block high-severity IPs, monitor lower-risk ones and investigate further using additional data to assess potential harm.
DOMAIN FEED
Provides data on malicious domains, including domain name, IP address and associated date. Domains are ranked by severity, allowing you to prioritize actions such as blocking high-risk domains.
ANDROID THREATS FEED
Provide real-time information on prevalent Android threats and their IoCs, enabling proactive blocking. Created from ESET telemetry, it updates in near real-time with daily deduplication.
ANDROID INFOSTEALER FEED
A specialized feed within Android threats, offering details on current infostealer samples and related data. Gain insight into active families and proactively block them before they cause harm.
SCAM URL FEED
Stay ahead of scams with real-time data on fraudulent URLs. It covers electronic shops, investment scams, dating scams, and cryptocurrency scams. Created from all ESET URL sources in near real-time; deduplication happens every 24 hours.
CRYPTOSCAM FEED
Stay ahead of crypto scams with real-time updates on scam domains, URLs, and associated data. Sourced from ESET's extensive telemetry, it provides early, targeted information to help you proactively block threats and protect your assets.
MALICIOUS EMAIL ATTACHMENTS FEED
Email is a prime target for attacks. This feed provides real-time data on malicious email attachments sourced from ESET’s extensive email scanning telemetry.
PHISHING URL FEED
Delivers real-time intelligence on active phishing URLs from ESET’s dedicated database. Updated continuously with daily deduplication, this feed helps you detect and block fraudulent sites before they compromise sensitive data.
SMISHING FEED
Provides timely insights into SMS-based phishing (smishing), including domains, URLs and related indicators. Sourced from ESET’s extensive telemetry, it updates in near real time with daily deduplication.
SMS SCAM FEED
Protect against SMS scams with real-time feed on malicious domains and URLs. Continuously updated from ESET’s extensive telemetry and deduplicated daily, it helps you identify and block sophisticated threats.
ECRIME FEED
Get clear, actionable data on cybercrime operations and malware-enabled eCrime, monitoring everything from ransomware gangs and their affiliates to infostealer campaigns, so your team can move from reacting to proactively defending your organization.
eCrime Reports
Clear, actionable intelligence on financially motivated cybercrime operations and malware ecosystems.
APT Reports
With millions of sensors and strong visibility into hard-to-see regions, ESET delivers clear insight into global and emerging cyber threats.
ESET THREAT REPORT H2 2025
An in-depth look at global threat trends, regional APT activity and malware developments observed through ESET telemetry.
APT Activity Summary
Latest insights into active APT campaigns across the globe.
WeLiveSecurity: Top stories and research
Expert analysis and commentary from ESET researchers on the latest cyber threats, discoveries and security trends.
ESET Research Podcast: Exploring the global threat landscape
Join our analysts as they discuss attribution, tooling and global activity shifts
ESET Threat Intelligence Feeds datasheet
Get an overview of the wide range of feeds available.
LET’S CONNECT
Curious to learn more? Share your contact details and we’ll follow up with more information.
We can walk you through a demo, discuss a proof of concept or answer any questions you may have.