Merge branch 'master' of github.com:MISP/misp-warninglists

pull/84/head
Alexandre Dulaunoy 2018-09-07 20:52:47 +02:00
commit 2ec8d2eb3a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
5 changed files with 2880 additions and 1003 deletions

View File

@ -24,7 +24,7 @@ are available in one of the list. The list can be globally enabled or disabled i
- [lists/microsoft-office365](lists/microsoft-office365) - known Office 365 URLs and IP address ranges - [lists/microsoft-office365](lists/microsoft-office365) - known Office 365 URLs and IP address ranges
- [lists/microsoft-office365-cn](lists/microsoft-office365-cn) - known Office 365 IP address ranges in China - [lists/microsoft-office365-cn](lists/microsoft-office365-cn) - known Office 365 IP address ranges in China
- [lists/microsoft-attack-simulator](lists/microsoft-attack-simulator/) - known Office 365 hostnames and IP address used for Microsoft "Attack Simulator" - [lists/microsoft-attack-simulator](lists/microsoft-attack-simulator/) - known Office 365 hostnames and IP address used for Microsoft "Attack Simulator"
- [lists/microsoft-win10-connection-endpoints](lists/microsoft-win10-connection-endpoints]) - known Windows 10 connection endpoints - [lists/microsoft-win10-connection-endpoints](lists/microsoft-win10-connection-endpoints/) - known Windows 10 connection endpoints
- [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks - [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks
- [lists/ovh-cluster](lists/ovh-cluster) - List of known OVH Cluster IP - [lists/ovh-cluster](lists/ovh-cluster) - List of known OVH Cluster IP
- [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver - [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver

1720
lists/bank-website/list.json Normal file

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,157 @@
{
"name": "List of known Windows 10 connection endpoints",
"version": 1,
"description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)",
"type": "hostname",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"list": [
".1.msftsrvcs.vo.llnwi.net",
"2.dl.delivery.mp.microsoft.com",
"2.tlu.dl.delivery.mp.microsoft.com",
"3.dl.delivery.mp.microsoft.com",
"3.dl.delivery.mp.microsoft.com.c.footprint.net",
"3.tlu.dl.delivery.mp.microsoft.com",
"3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
"a122.dscd.akamai.net",
"a1621.g.akamai.net",
".akamaiedge.net",
".akamai.net",
".a-msedge.net",
"arc.msn.com",
"arc.msn.com.nsatc.net",
"a-ring.msedge.net",
"au.download.windowsupdate.com",
"auth.gfx.ms",
".b.akamaiedge.net",
"bing.com",
".blob.core.windows.net",
"blob.weather.microsoft.com",
"b-ring.msedge.net",
"candycrushsoda.king.com",
"cdn.content.prod.cms.msn.com",
"cdn.onenote.net",
"cds.d2s7q6s2.hwcdn.net",
"client-office365-tas.msedge.net",
".c-msedge.net",
"co4.telecommand.telemetry.microsoft.com.akadns.net",
"config.edge.skype.com",
"cs12.wpc.v0cdn.net",
"ctldl.windowsupdate.com",
"cy2.displaycatalog.md.mp.microsoft.com.akadns.net",
"cy2.licensing.md.mp.microsoft.com.akadns.net",
"cy2.purchase.md.mp.microsoft.com.akadns.net",
"cy2.settings.data.microsoft.com.akadns.net",
"cy2.vortex.data.microsoft.com.akadns.net",
"definitionupdates.microsoft.com",
".delivery.dsp.mp.microsoft.com.nsatc.net",
"displaycatalog.mp.microsoft.com",
".dl.delivery.mp.microsoft.com",
"dl.delivery.mp.microsoft.com",
"dm3p.wns.notify.windows.com.akadns.net",
"dmd.metaservices.microsoft.com",
"dmd.metaservices.microsoft.com.akadns.net",
"download.windowsupdate.com",
".dscb1.akamaiedge.net",
".dscd.akamai.net",
".dspb.akamaiedge.net",
".dspg.akamaiedge.net",
".dspw65.akamai.net",
"dual-a-0001.a-msedge.net",
"emdl.ws.microsoft.com",
".e-msedge.net",
"evoke-windowsservices-tas.msedge.net",
"fe2.update.microsoft.com",
"fe2.update.microsoft.com.nsatc.net",
"fe3.delivery.dsp.mp.microsoft.com.nsatc.net",
"fe3.delivery.mp.microsoft.com",
"fg.download.windowsupdate.com.c.footprint.net",
"fp.msedge.net",
"fs.microsoft.com",
".g.akamaiedge.net",
"g.akamaiedge.net",
".g.akamai.net",
"geo-prod.do.dsp.mp.microsoft.com",
"geo-prod.do.dsp.mp.microsoft.com.nsatc.net",
"geo-prod.dodsp.mp.microsoft.com.nsatc.net",
"geover-prod.do.dsp.mp.microsoft.com",
"g.live.com",
"g.msn.com",
"g.msn.com.nsatc.net",
"go.microsoft.com",
"gpla1.wac.v2cdn.net",
".hwcdn.net",
"img-prod-cms-rt-microsoft-com.akamaized.net",
"ip5.afdorigin-prod-am02.afdogw.com",
"ipv4.login.msa.akadns6.net",
"licensing.mp.microsoft.com",
"location-inference-westus.cloudapp.net",
"login.live.com",
".login.msa.akadns6.net",
"login.msa.akadns6.net",
"l-ring.msedge.net",
".l.windowsupdate.com",
".m1-msedge.net",
"maps.windows.com",
"mediaredirect.microsoft.com",
"modern.watson.data.microsoft.com.akadns.net",
"msftconnecttest.com",
"msftsrvcs.vo.llnwd.net",
"msnbot-65-52-108-198.search.msn.com",
"msnbot-.search.msn.com",
"ocos-office365-s2s.msedge.net",
"ocsp.digicert.com",
"oem.twimg.com",
"oneclient.sfx.ms",
"outlook.office365.com",
"peer1-wst.msedge.net",
"peer4-wst.msedge.net",
".prod.do.dsp.mp.microsoft.com",
"prod.do.dsp.mp.microsoft.com",
"prod.do.dsp.mp.microsoft.com.nsatc.net",
"pti.store.microsoft.com",
"pti.store.microsoft.com.unistore.akadns.net",
"purchase.mp.microsoft.com",
"query.prod.cms.rt.microsoft.com",
"ris.api.iris.microsoft.com",
"ris.api.iris.microsoft.com.akadns.net",
".search.msn.com",
"settings.data.microsoft.com",
"settings-win.data.microsoft.com",
"sls.update.microsoft.com",
"sls.update.microsoft.com.nsatc.net",
".s-msedge.net",
"star-mini.c10r.facebook.com",
"storecatalogrevocation.storequality.microsoft.com",
"storeedgefd.dsx.mp.microsoft.com",
"store-images.microsoft.com",
"store-images.s-microsoft.com",
"telecommand.telemetry.microsoft.com",
".telecommand.telemetry.microsoft.com.akadns.net",
"tile-service.weather.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
"tsfe.trafficshaping.dsp.mp.microsoft.com",
"v10.vortex-win.data.microsoft.com",
"vip5.afdorigin-prod-am02.afdogw.com",
"vip5.afdorigin-prod-ch02.afdogw.com",
".wac.edgecastcdn.net",
"wac.edgecastcdn.net",
".wac.phicdn.net",
"wac.phicdn.net",
"wallet-frontend-prod-westus.cloudapp.net",
"wallet.microsoft.com",
"watson.telemetry.microsoft.com",
"wdcp.microsoft.akadns.net",
"wdcp.microsoft.com",
"wildcard.twimg.com",
".windowsupdate.com",
".wns.windows.com",
"www.bing.com",
"www.microsoft.com",
"www.msftconnecttest.com"
]
}

View File

@ -35,6 +35,6 @@ cisco_warninglist['list'] = []
for site in top1000: for site in top1000:
v = str(site).split(',')[1] v = str(site).split(',')[1]
cisco_warninglist['list'].append(v[:-6]) cisco_warninglist['list'].append(v[:-5])
cisco_warninglist['list'] = sorted(set(cisco_warninglist['list'])) cisco_warninglist['list'] = sorted(set(cisco_warninglist['list']))
print(json.dumps(cisco_warninglist)) print(json.dumps(cisco_warninglist))