Kaspersky Threat Intelligence
Overview
The Kaspersky Threat Intelligence CDF ingests threat intelligence data from Kaspersky Threat Intelligence.
The CDF ingests threat data from the following feeds:
The CDF ingests threat data from the following feeds:
- Kaspersky Botnet C&C URL Exact - ingests indicators and malware together with their attributes.
- Kaspersky Phishing URL Exact - ingests sets of web address masks covering phishing websites and web pages.
- Kaspersky Malicious URL Exact - ingests sets of web address masks covering malicious websites and web pages..
- Kaspersky Ransomware URL - ingests sets of web addresses, domains, and hosts covering ransomware links and websites.
- Kaspersky IoT URL - ingests sets of web addresses covering websites used to host malware that infect Internet of Things (IoT) devices. Hashes of the malware are also provided.
- Kaspersky Mobile Botnet C&C URL - ingests set of web addresses covering mobile botnet C&C servers.
- Kaspersky Malicious Hash - returns a list of STIX bundles, each of them containing Indicators related in TAXII_Malicious_Hash_Data_Feed_Indicators (stix2) collection.
- Kaspersky Mobile Malicious Hash - ingests sets of file hashes covering the detection of malicious objects that infect mobile Android and iPhone platforms.
- Kaspersky ICS Hash - ingests sets of file hashes with corresponding context covering the most dangerous, prevalent, or emerging malware that infect devices used in ICS.
- Kaspersky IP Reputation - ingests sets of IP addresses covering malicious hosts.
- Kaspersky APT IPs - ingests sets of IP addresses that are part of infrastructure used in malicious APT campaigns.
- Kaspersky APT URLs - ingests sets of domains that are part of an infrastructure used in malicious APT campaigns.
- Kaspersky APT Hashes - ingests sets of hashes covering malicious artifacts used by APT actors to conduct APT campaigns.
The integration ingests the following system objects:
- Indicators
- Indicator Attributes
- Malware
- Malware Attributes
- Signatures