AWS WAF Managed Rules - Government Issued Malicious IP Addresses

The AWS Security Automations solution (https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/source-code.html) contains a set of protections (https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/capabilities.html) including "Known attacker origins (IP reputation lists): "

Known attacker origins (IP reputation lists): A number of organizations maintain reputation lists of IP addresses operated by known attackers, such as spammers, malware distributors, and botnets. This solution leverages the information in these reputation lists to help you block requests from malicious IP addresses.

A look at the source code for the solution (https://github.com/awslabs/aws-waf-security-automations/blob/master/source/custom-resource/custom-resource.py) reveals that is uses the following reputation list sources

"https://www.spamhaus.org/drop/drop.txt" "https://www.spamhaus.org/drop/edrop.txt" "https://check.torproject.org/exit-addresses", "prefix": "ExitAddress " "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"

Spamhouse appears to primarily focus on reputation lists built upon hosts engaged in email spamming. The torproject list appears to identify anonymous connections, entry/exit nodes of the TOR (The Onion Router) anonymization network.
Proofpoint appear to manage the emerging threats list.

More details on how that is maintained here : https://tools.emergingthreats.net/docs/ET%20Intelligence%20Rep%20List%20Tech%20Description.pdf

You could adapt the solution to grab different lists.