The botvrij.eu data
The information contains network info (IPs), file hashes, file paths, domain names, URLs.
It is free!
The datasets are always available in two formats
The content of both datasets is identical. The .raw contains the data without comment. These datasets can be used if you want to automate inclusion in your detection systems.
All the datasets are stored in the folder /data/. For example the network IOC with possible malicious destination IPs is available via http://www.botvrij.eu/data/ioclist.ip-dst.
A JSON feed provided from the data in MISP is available via /data/feed-osint.
Note that current datasets in /data/ are still
limited and part of
PoC. Expect more useful data once the whole process has been tuned.
The directory /data/ has been set to allow 'directory listing' so it's easier for you to check which IOC files are available.
The datasets are updated regularly whenever new APT writeups or descriptions of exploit campaigns become available. Do take into account that this remains a volunteer project.