攻防对抗·蓝队之威胁情报数据源

IOC Repositories

These repo’s contain threat intelligence generally updated manually when the respective orgs publish threat reports.

https://github.com/aptnotes/data

https://github.com/citizenlab/malware-indicators

https://github.com/da667/667s_Shitlist

https://github.com/eset/malware-ioc

https://github.com/fireeye/iocs

https://github.com/Neo23x0/signature-base/tree/master/iocs

https://github.com/pan-unit42/iocs

https://github.com/stamparm/maltrail/tree/master/trails/static/malware

https://github.com/stamparm/maltrail/tree/master/trails/static/suspicious

IOC Feeds

These URLs are data feeds of various types from scanning IPs from honeypots to C2 domains from malware sandboxes, and many other types. They were compiled from several sources, including (but not limited to): 1, 2, 3, 4, 5, 6. They are in alphabetical order.

http://antispam.imp.ch/wormlist

http://app.webinspector.com/recent_detections

http://atrack.h3x.eu/api/asprox_suspected.php

http://autoshun.org/files/shunlist.csv

http://blocklist.greensnow.co/greensnow.txt

http://botscout.com/last.htm

http://botscout.com/last_caught_cache.htm

http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt

http://cinsscore.com/list/ci-badguys.txt

http://cybercrime-tracker.net/all.php

http://cybercrime-tracker.net/ccam.php

http://cybercrime-tracker.net/ccpmgate.php

http://danger.rulez.sk/projects/bruteforceblocker/blist.php

http://data.netlab.360.com/feeds/dga/dga.txt

http://data.netlab.360.com/feeds/ek/magnitude.txt

http://data.netlab.360.com/feeds/ek/neutrino.txt

http://data.netlab.360.com/feeds/mirai-scanner/scanner.list

http://data.phishtank.com/data/online-valid.csv

http://dns-bh.sagadc.org/dynamic_dns.txt

http://feeds.dshield.org/top10-2.txt

http://hosts-file.net/?s=Browse&f=2014

http://labs.snort.org/feeds/ip-filter.blf

http://labs.sucuri.net/?malware

http://lists.blocklist.de/lists/all.txt

http://malc0de.com/bl/BOOT

http://malc0de.com/bl/IP_Blacklist.txt

http://malc0de.com/rss/

http://malwaredb.malekal.com/

http://malwaredomains.lehigh.edu/files/domains.txt

http://malwareurls.joxeankoret.com/normal.txt

http://mirror2.malwaredomains.com/files/immortal_domains.txt

http://mirror2.malwaredomains.com/files/justdomains

http://multiproxy.org/txt_all/proxy.txt

http://openphish.com/feed.txt

http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt

http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt

http://osint.bambenekconsulting.com/feeds/c2-masterlist.txt

http://osint.bambenekconsulting.com/feeds/dga-feed.txt

http://ransomwaretracker.abuse.ch

http://report.rutgers.edu/DROP/attackers

http://reputation.alienvault.com/reputation.data

http://rules.emergingthreats.net/blockrules/emerging-ciarmy.rules

http://rules.emergingthreats.net/blockrules/emerging-compromised.rules

http://rules.emergingthreats.net/fwrules/emerging-PF-CC.rules

http://rules.emergingthreats.net/open/suricata/rules/botcc.rules

http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt

http://sblam.com/blacklist.txt

http://support.clean-mx.de/clean-mx/xmlviruses.php

http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv

http://tracker.h3x.eu/api/sites_1day.php

http://virbl.org/download/virbl.dnsbl.bit.nl.txt

http://vmx.yourcmc.ru/BAD_HOSTS.IP4

http://vxvault.net/URL_List.php

http://vxvault.siri-urz.net/URL_List.php

http://vxvault.siri-urz.net/ViriList.php

http://www.autoshun.org/files/shunlist.csv

http://www.blocklist.de/lists/apache.txt

http://www.blocklist.de/lists/asterisk.txt

http://www.blocklist.de/lists/bots.txt

http://www.blocklist.de/lists/courierimap.txt

http://www.blocklist.de/lists/courierpop3.txt

http://www.blocklist.de/lists/email.txt

http://www.blocklist.de/lists/ftp.txt

http://www.blocklist.de/lists/imap.txt

http://www.blocklist.de/lists/ircbot.txt

http://www.blocklist.de/lists/pop3.txt

http://www.blocklist.de/lists/postfix.txt

http://www.blocklist.de/lists/proftpd.txt

http://www.blocklist.de/lists/sip.txt

http://www.blocklist.de/lists/ssh.txt

http://www.botvrij.eu/data/ioclist.url

http://www.ciarmy.com/list/ci-badguys.txt

http://www.dshield.org/ipsascii.html?limit=10000

http://www.falconcrest.eu/IPBL.aspx

http://www.joewein.net/dl/bl/dom-bl-base.txt

http://www.joewein.net/dl/bl/dom-bl.txt

http://www.malware-traffic-analysis.net

http://www.malwareblacklist.com/showAllMalwareURL.php?userName=Guest&sessionID=&downloadOption=0

http://www.malwaredomainlist.com/hostslist/ip.txt

http://www.malwaredomainlist.com/updatescsv.php

http://www.malwaregroup.com/ipaddresses

http://www.michaelbrentecklund.com/whm-cpanel-cphulk-banlist-whm-cpanel-cphulk-blacklist/

http://www.mirc.com/servers.ini

http://www.nothink.org/blacklist/blacklist_malware_dns.txt

http://www.nothink.org/blacklist/blacklist_malware_http.txt

http://www.nothink.org/blacklist/blacklist_malware_irc.txt

http://www.nothink.org/blacklist/blacklist_snmp_2015.txt

http://www.nothink.org/blacklist/blacklist_ssh_day.txt

http://www.projecthoneypot.org/list_of_ips.php

http://www.spamhaus.org/drop/drop.txt

http://www.spamhaus.org/drop/edrop.txt

http://www.stopforumspam.com/downloads/listed_ip_1_all.zip

http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt

http://www.urlvir.com/export-hosts/

http://www.voipbl.org/update/

https://atlas.arbor.net/summary/domainlist

https://dataplane.org/sshclient.txt

https://dataplane.org/sshpwauth.txt

https://disconnect.me/lists/malvertising

https://disconnect.me/lists/malwarefilter

https://dragonresearchgroup.org/insight/sshpwauth.txt

https://dragonresearchgroup.org/insight/vncprobe.txt

https://feodotracker.abuse.ch

https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt

https://gitlab.com/ZeroDot1/CoinBlockerLists/blob/master/list.txt

https://isc.sans.edu/feeds/daily_sources

https://isc.sans.edu/feeds/suspiciousdomains_High.txt

https://isc.sans.edu/feeds/suspiciousdomains_Low.txt

https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt

https://isc.sans.edu/feeds/topips.txt

https://isc.sans.edu/ipsascii.html

https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian

https://malc0de.com/bl/ZONES

https://malsilo.gitlab.io/feeds/dumps/url_list.txt

https://malwared.malwaremustdie.org/rss.php

https://malwared.malwaremustdie.org/rss_bin.php

https://malwared.malwaremustdie.org/rss_ssh.php

https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt

https://onionoo.torproject.org/details?type=relay&running=true

https://palevotracker.abuse.ch

https://paste.cryptolaemus.com/feed.xml

https://raw.githubusercontent.com/botherder/targetedthreats/master/targetedthreats.csv

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset

https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt

https://raw.githubusercontent.com/Neo23x0/signature-base/master/iocs/otx-c2-iocs.txt

https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules

https://secure.dshield.org/ipsascii.html?limit=1000

https://sslbl.abuse.ch

https://techhelplist.com/maltlqr/reports/dyreza.txt

https://techhelplist.com/pastes

https://techhelplist.com/spam-list

https://threatfeeds.io/

https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv

https://urlhaus.abuse.ch/downloads/csv/

https://www.badips.com/get/list/any/2?age=7d

https://www.circl.lu/doc/misp/feed-osint/

https://www.dan.me.uk/torlist/

https://www.hidemyass.com/vpn-config/l2tp/

https://www.malwaredomainlist.com/hostslist/hosts.txt

https://www.maxmind.com/en/anonymous_proxies

https://www.maxmind.com/en/high-risk-ip-sample-list

https://www.openbl.org/lists/base.txt

https://www.openbl.org/lists/base_all_ftp-only.txt

https://www.openbl.org/lists/base_all_http-only.txt

https://www.openbl.org/lists/base_all_smtp-only.txt

https://www.openbl.org/lists/base_all_ssh-only.txt

https://www.packetmail.net/iprep.txt

https://www.packetmail.net/iprep_CARISIRT.txt

https://www.packetmail.net/iprep_ramnode.txt

https://www.trustedsec.com/banlist.txt

https://www.turris.cz/greylist-data/greylist-latest.csv

https://zeustracker.abuse.ch

原文始发于微信公众号（威胁猎人）：攻防对抗·蓝队之威胁情报数据源