The botvrij.eu data
The information contains network info (IPs), file hashes, file paths, domain names, URLs.
This feed is also integrated as an OSINT feed within MISP.
It is free!
The datasets are available in two formats
The content of both datasets is identical. The .raw contains the data without comment. These datasets can be used if you want to automate inclusion in your detection systems.
All the datasets are stored in the folder /data/. For example the network IOC with possible malicious destination IPs is available via https://www.botvrij.eu/data/ioclist.ip-dst.
The directory /data/ has been set to allow 'directory listing' so it's easier for you to check which IOC files are available.
The easiest way to make use of the dataset is to activate the OSINT feed of botvrij.eu in your own local MISP instance. See this post for more information https://www.vanimpe.eu/2016/03/23/using-open-source-intelligence-osint-with-misp/.
The datasets are updated regularly whenever new APT writeups or descriptions of exploit campaigns become available. Do take into account that this remains a volunteer project.