Skip to content

Commit c177068

Browse files
laciKElaciKE
committed
Add ESET Threat Intelligence feeds
ETI feeds with URLs, domains and IP addresses, which can be collected by TaxiiCollectorBot and parsed by ESETStixParserBot
1 parent 15b6789 commit c177068

File tree

1 file changed

+228
-0
lines changed

1 file changed

+228
-0
lines changed

intelmq/etc/feeds.yaml

Lines changed: 228 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1802,6 +1802,234 @@ providers:
18021802
revision: 2020-06-30
18031803
documentation: https://www.eset.com/int/business/services/threat-intelligence/
18041804
public: false
1805+
APT IoC:
1806+
description: Indicators of Compromise associated with APT groups' attacks.
1807+
additional_information:
1808+
documentation: https://help.eset.com/eti_portal/en-US/apt-feed.html
1809+
revision: 2025-05-01
1810+
public: false
1811+
bots:
1812+
collector:
1813+
module: intelmq.bots.collectors.taxii.collector
1814+
parameters:
1815+
name: __FEED__
1816+
provider: __PROVIDER__
1817+
username: <username>
1818+
password: <password>
1819+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/97e3eb74ae5f46dd9e22f677a6938ee7/
1820+
time_delta: 3600
1821+
parser:
1822+
module: intelmq.bots.parsers.stix.parser_eset
1823+
parameters:
1824+
Botnet:
1825+
description: Data from automated botnet tracking system. Indicators of Compromise include C&Cs (URLs) and MD5, SHA-1, SHA-256 (currently not implemented in TStixParserBot).
1826+
additional_information:
1827+
documentation: https://help.eset.com/eti_portal/en-US/botnet-feed.html
1828+
revision: 2025-05-01
1829+
public: false
1830+
bots:
1831+
collector:
1832+
module: intelmq.bots.collectors.taxii.collector
1833+
parameters:
1834+
name: __FEED__
1835+
provider: __PROVIDER__
1836+
username: <username>
1837+
password: <password>
1838+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/0abb06690b0b47e49cd7794396b76b20/
1839+
time_delta: 3600
1840+
parser:
1841+
module: intelmq.bots.parsers.stix.parser_eset
1842+
parameters:
1843+
Botnet C&C:
1844+
description: Subset of a Botnet feed, provides information about URLs of Command and Control (C&C) servers and associated data.
1845+
additional_information:
1846+
documentation: https://help.eset.com/eti_portal/en-US/cc-feed.html
1847+
revision: 2025-05-01
1848+
public: false
1849+
bots:
1850+
collector:
1851+
module: intelmq.bots.collectors.taxii.collector
1852+
parameters:
1853+
name: __FEED__
1854+
provider: __PROVIDER__
1855+
username: <username>
1856+
password: <password>
1857+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/d1923a526e8f400dbb301259240ee3d5/
1858+
time_delta: 3600
1859+
parser:
1860+
module: intelmq.bots.parsers.stix.parser_eset
1861+
parameters:
1862+
Botnet Target:
1863+
description: Subset of a Botnet feed, provides information about the targets.
1864+
additional_information:
1865+
documentation: https://help.eset.com/eti_portal/en-US/target-feed.html
1866+
revision: 2025-05-01
1867+
public: false
1868+
bots:
1869+
collector:
1870+
module: intelmq.bots.collectors.taxii.collector
1871+
parameters:
1872+
name: __FEED__
1873+
provider: __PROVIDER__
1874+
username: <username>
1875+
password: <password>
1876+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/61b6e4f9153e411ca7a9982a2c6ae788/
1877+
time_delta: 3600
1878+
parser:
1879+
module: intelmq.bots.parsers.stix.parser_eset
1880+
parameters:
1881+
Cryptoscam:
1882+
description: Subset of scam domains and URLs that contain targeted information about the current and prevalent crypto scam domains, URLs, and associated data.
1883+
additional_information:
1884+
documentation: https://help.eset.com/eti_portal/en-US/cryptoscam_feed.html
1885+
revision: 2025-05-01
1886+
public: false
1887+
bots:
1888+
collector:
1889+
module: intelmq.bots.collectors.taxii.collector
1890+
parameters:
1891+
name: __FEED__
1892+
provider: __PROVIDER__
1893+
username: <username>
1894+
password: <password>
1895+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/2c183ce9551a43338c6cc2ed7c2a704d/
1896+
time_delta: 3600
1897+
parser:
1898+
module: intelmq.bots.parsers.stix.parser_eset
1899+
parameters:
1900+
Domain:
1901+
description: The feed covers the domain name, the data associated with it, and respective malicious activity.
1902+
additional_information:
1903+
documentation: https://help.eset.com/eti_portal/en-US/domain-feed.html
1904+
revision: 2025-05-01
1905+
public: false
1906+
bots:
1907+
collector:
1908+
module: intelmq.bots.collectors.taxii.collector
1909+
parameters:
1910+
name: __FEED__
1911+
provider: __PROVIDER__
1912+
username: <username>
1913+
password: <password>
1914+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/a34aa0a4f9de419582a883863503f9c4/
1915+
time_delta: 3600
1916+
parser:
1917+
module: intelmq.bots.parsers.stix.parser_eset
1918+
parameters:
1919+
IP:
1920+
description: Current and prevalent malicious and abusive IPs and some data associated with them.
1921+
additional_information:
1922+
documentation: https://help.eset.com/eti_portal/en-US/ip-feed.html
1923+
revision: 2025-05-01
1924+
public: false
1925+
bots:
1926+
collector:
1927+
module: intelmq.bots.collectors.taxii.collector
1928+
parameters:
1929+
name: __FEED__
1930+
provider: __PROVIDER__
1931+
username: <username>
1932+
password: <password>
1933+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/baaed2a92335418aa753fe944e13c23a/
1934+
time_delta: 3600
1935+
parser:
1936+
module: intelmq.bots.parsers.stix.parser_eset
1937+
parameters:
1938+
Phishing URL:
1939+
description: Phishing URLs direct recipients to fake websites and attempt to entice them into divulging sensitive data such as login credentials or financial information.
1940+
additional_information:
1941+
documentation: https://help.eset.com/eti_portal/en-US/phishing_url_feed.html
1942+
revision: 2025-05-01
1943+
public: false
1944+
bots:
1945+
collector:
1946+
module: intelmq.bots.collectors.taxii.collector
1947+
parameters:
1948+
name: __FEED__
1949+
provider: __PROVIDER__
1950+
username: <username>
1951+
password: <password>
1952+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/d0a6c0f962dd4dd2b3eeb96b18612584/
1953+
time_delta: 3600
1954+
parser:
1955+
module: intelmq.bots.parsers.stix.parser_eset
1956+
parameters:
1957+
Scam URL:
1958+
description: This feed covers fraudulent electronic shops, investment scams, dating scams.
1959+
additional_information:
1960+
documentation: https://help.eset.com/eti_portal/en-US/scam_url_feed.html
1961+
revision: 2025-05-01
1962+
public: false
1963+
bots:
1964+
collector:
1965+
module: intelmq.bots.collectors.taxii.collector
1966+
parameters:
1967+
name: __FEED__
1968+
provider: __PROVIDER__
1969+
username: <username>
1970+
password: <password>
1971+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/2130adc3c67c43f9a3664b187931375e/
1972+
time_delta: 3600
1973+
parser:
1974+
module: intelmq.bots.parsers.stix.parser_eset
1975+
parameters:
1976+
Smishing:
1977+
description: The Smishing feed works exactly the same as the SMS Scam feed except that the fraudulent activity utilizes smishing.
1978+
additional_information:
1979+
documentation: https://help.eset.com/eti_portal/en-US/smishing_feed.html
1980+
revision: 2025-05-01
1981+
public: false
1982+
bots:
1983+
collector:
1984+
module: intelmq.bots.collectors.taxii.collector
1985+
parameters:
1986+
name: __FEED__
1987+
provider: __PROVIDER__
1988+
username: <username>
1989+
password: <password>
1990+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/330ad7d0c736476babe5e49077b96c95/
1991+
time_delta: 3600
1992+
parser:
1993+
module: intelmq.bots.parsers.stix.parser_eset
1994+
parameters:
1995+
SMS scam:
1996+
description: This feed contains targeted information about the current and prevalent SMS scam domains, URLs, and associated data.
1997+
additional_information:
1998+
documentation: https://help.eset.com/eti_portal/en-US/sms_scam_feed.html
1999+
revision: 2025-05-01
2000+
public: false
2001+
bots:
2002+
collector:
2003+
module: intelmq.bots.collectors.taxii.collector
2004+
parameters:
2005+
name: __FEED__
2006+
provider: __PROVIDER__
2007+
username: <username>
2008+
password: <password>
2009+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/6e20217a2e1246b8ab11be29f759f716/
2010+
time_delta: 3600
2011+
parser:
2012+
module: intelmq.bots.parsers.stix.parser_eset
2013+
parameters:
2014+
URL:
2015+
description: URL feed provides information about current and prevalent malicious URLs and associated data. The feed is created from all URL sources every five minutes, deduplication happens every 24 hours.
2016+
additional_information:
2017+
documentation: https://help.eset.com/eti_portal/en-US/url-feed.html
2018+
revision: 2025-05-01
2019+
public: false
2020+
bots:
2021+
collector:
2022+
module: intelmq.bots.collectors.taxii.collector
2023+
parameters:
2024+
name: __FEED__
2025+
provider: __PROVIDER__
2026+
username: <username>
2027+
password: <password>
2028+
collection: https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/1d3208c143be49da8130f5a66fd3a0fa/
2029+
time_delta: 3600
2030+
parser:
2031+
module: intelmq.bots.parsers.stix.parser_eset
2032+
parameters:
18052033
Shodan:
18062034
Country Stream:
18072035
description: Collects the Shodan stream for one or multiple countries from the Shodan API.

0 commit comments

Comments
 (0)