The botvrij.eu data
IOCs
The information contains network info (IPs), file hashes, file paths, domain names, URLs.
Datasource
MISP
This feed is also integrated as an OSINT feed within MISP.
It is free!
Content
The datasets are available in two formats
ioclist.<TYPE>
- ioclist.<TYPE>.md5
ioclist.<TYPE>.raw
- ioclist.<TYPE>.raw.md5
The content of both datasets is identical. The .raw contains the data without comment. These datasets can be used if you want to automate inclusion in your detection systems.
All the datasets are stored in the folder /data/. For example the network IOC with possible malicious destination IPs is available via https://www.botvrij.eu/data/ioclist.ip-dst.
The directory /data/ has been set to allow 'directory listing' so it's easier for you to check which IOC files are available.
The easiest way to make use of the dataset is to activate the OSINT feed of botvrij.eu in your own local MISP instance. See this post for more information https://www.vanimpe.eu/2016/03/23/using-open-source-intelligence-osint-with-misp/.
Dataset types
Network IOCs
- ioclist.ip-dst
- ioclist.domain
- ioclist.url
File details
- ioclist.filename
- ioclist.md5
- ioclist.sha1
- ioclist.sha256
Other IOCs
- ioclist.email-src
- ioclist.regkey
Updates
The datasets are updated regularly whenever new APT writeups or descriptions of exploit campaigns become available. Do take into account that this remains a volunteer project.