Merge branch 'master' of github.com:MISP/misp-warninglists
commit
2ec8d2eb3a
|
@ -24,7 +24,7 @@ are available in one of the list. The list can be globally enabled or disabled i
|
||||||
- [lists/microsoft-office365](lists/microsoft-office365) - known Office 365 URLs and IP address ranges
|
- [lists/microsoft-office365](lists/microsoft-office365) - known Office 365 URLs and IP address ranges
|
||||||
- [lists/microsoft-office365-cn](lists/microsoft-office365-cn) - known Office 365 IP address ranges in China
|
- [lists/microsoft-office365-cn](lists/microsoft-office365-cn) - known Office 365 IP address ranges in China
|
||||||
- [lists/microsoft-attack-simulator](lists/microsoft-attack-simulator/) - known Office 365 hostnames and IP address used for Microsoft "Attack Simulator"
|
- [lists/microsoft-attack-simulator](lists/microsoft-attack-simulator/) - known Office 365 hostnames and IP address used for Microsoft "Attack Simulator"
|
||||||
- [lists/microsoft-win10-connection-endpoints](lists/microsoft-win10-connection-endpoints]) - known Windows 10 connection endpoints
|
- [lists/microsoft-win10-connection-endpoints](lists/microsoft-win10-connection-endpoints/) - known Windows 10 connection endpoints
|
||||||
- [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks
|
- [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks
|
||||||
- [lists/ovh-cluster](lists/ovh-cluster) - List of known OVH Cluster IP
|
- [lists/ovh-cluster](lists/ovh-cluster) - List of known OVH Cluster IP
|
||||||
- [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver
|
- [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,157 @@
|
||||||
|
{
|
||||||
|
"name": "List of known Windows 10 connection endpoints",
|
||||||
|
"version": 1,
|
||||||
|
"description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)",
|
||||||
|
"type": "hostname",
|
||||||
|
"matching_attributes": [
|
||||||
|
"domain",
|
||||||
|
"hostname",
|
||||||
|
"domain|ip"
|
||||||
|
],
|
||||||
|
"list": [
|
||||||
|
".1.msftsrvcs.vo.llnwi.net",
|
||||||
|
"2.dl.delivery.mp.microsoft.com",
|
||||||
|
"2.tlu.dl.delivery.mp.microsoft.com",
|
||||||
|
"3.dl.delivery.mp.microsoft.com",
|
||||||
|
"3.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||||
|
"3.tlu.dl.delivery.mp.microsoft.com",
|
||||||
|
"3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||||
|
"a122.dscd.akamai.net",
|
||||||
|
"a1621.g.akamai.net",
|
||||||
|
".akamaiedge.net",
|
||||||
|
".akamai.net",
|
||||||
|
".a-msedge.net",
|
||||||
|
"arc.msn.com",
|
||||||
|
"arc.msn.com.nsatc.net",
|
||||||
|
"a-ring.msedge.net",
|
||||||
|
"au.download.windowsupdate.com",
|
||||||
|
"auth.gfx.ms",
|
||||||
|
".b.akamaiedge.net",
|
||||||
|
"bing.com",
|
||||||
|
".blob.core.windows.net",
|
||||||
|
"blob.weather.microsoft.com",
|
||||||
|
"b-ring.msedge.net",
|
||||||
|
"candycrushsoda.king.com",
|
||||||
|
"cdn.content.prod.cms.msn.com",
|
||||||
|
"cdn.onenote.net",
|
||||||
|
"cds.d2s7q6s2.hwcdn.net",
|
||||||
|
"client-office365-tas.msedge.net",
|
||||||
|
".c-msedge.net",
|
||||||
|
"co4.telecommand.telemetry.microsoft.com.akadns.net",
|
||||||
|
"config.edge.skype.com",
|
||||||
|
"cs12.wpc.v0cdn.net",
|
||||||
|
"ctldl.windowsupdate.com",
|
||||||
|
"cy2.displaycatalog.md.mp.microsoft.com.akadns.net",
|
||||||
|
"cy2.licensing.md.mp.microsoft.com.akadns.net",
|
||||||
|
"cy2.purchase.md.mp.microsoft.com.akadns.net",
|
||||||
|
"cy2.settings.data.microsoft.com.akadns.net",
|
||||||
|
"cy2.vortex.data.microsoft.com.akadns.net",
|
||||||
|
"definitionupdates.microsoft.com",
|
||||||
|
".delivery.dsp.mp.microsoft.com.nsatc.net",
|
||||||
|
"displaycatalog.mp.microsoft.com",
|
||||||
|
".dl.delivery.mp.microsoft.com",
|
||||||
|
"dl.delivery.mp.microsoft.com",
|
||||||
|
"dm3p.wns.notify.windows.com.akadns.net",
|
||||||
|
"dmd.metaservices.microsoft.com",
|
||||||
|
"dmd.metaservices.microsoft.com.akadns.net",
|
||||||
|
"download.windowsupdate.com",
|
||||||
|
".dscb1.akamaiedge.net",
|
||||||
|
".dscd.akamai.net",
|
||||||
|
".dspb.akamaiedge.net",
|
||||||
|
".dspg.akamaiedge.net",
|
||||||
|
".dspw65.akamai.net",
|
||||||
|
"dual-a-0001.a-msedge.net",
|
||||||
|
"emdl.ws.microsoft.com",
|
||||||
|
".e-msedge.net",
|
||||||
|
"evoke-windowsservices-tas.msedge.net",
|
||||||
|
"fe2.update.microsoft.com",
|
||||||
|
"fe2.update.microsoft.com.nsatc.net",
|
||||||
|
"fe3.delivery.dsp.mp.microsoft.com.nsatc.net",
|
||||||
|
"fe3.delivery.mp.microsoft.com",
|
||||||
|
"fg.download.windowsupdate.com.c.footprint.net",
|
||||||
|
"fp.msedge.net",
|
||||||
|
"fs.microsoft.com",
|
||||||
|
".g.akamaiedge.net",
|
||||||
|
"g.akamaiedge.net",
|
||||||
|
".g.akamai.net",
|
||||||
|
"geo-prod.do.dsp.mp.microsoft.com",
|
||||||
|
"geo-prod.do.dsp.mp.microsoft.com.nsatc.net",
|
||||||
|
"geo-prod.dodsp.mp.microsoft.com.nsatc.net",
|
||||||
|
"geover-prod.do.dsp.mp.microsoft.com",
|
||||||
|
"g.live.com",
|
||||||
|
"g.msn.com",
|
||||||
|
"g.msn.com.nsatc.net",
|
||||||
|
"go.microsoft.com",
|
||||||
|
"gpla1.wac.v2cdn.net",
|
||||||
|
".hwcdn.net",
|
||||||
|
"img-prod-cms-rt-microsoft-com.akamaized.net",
|
||||||
|
"ip5.afdorigin-prod-am02.afdogw.com",
|
||||||
|
"ipv4.login.msa.akadns6.net",
|
||||||
|
"licensing.mp.microsoft.com",
|
||||||
|
"location-inference-westus.cloudapp.net",
|
||||||
|
"login.live.com",
|
||||||
|
".login.msa.akadns6.net",
|
||||||
|
"login.msa.akadns6.net",
|
||||||
|
"l-ring.msedge.net",
|
||||||
|
".l.windowsupdate.com",
|
||||||
|
".m1-msedge.net",
|
||||||
|
"maps.windows.com",
|
||||||
|
"mediaredirect.microsoft.com",
|
||||||
|
"modern.watson.data.microsoft.com.akadns.net",
|
||||||
|
"msftconnecttest.com",
|
||||||
|
"msftsrvcs.vo.llnwd.net",
|
||||||
|
"msnbot-65-52-108-198.search.msn.com",
|
||||||
|
"msnbot-.search.msn.com",
|
||||||
|
"ocos-office365-s2s.msedge.net",
|
||||||
|
"ocsp.digicert.com",
|
||||||
|
"oem.twimg.com",
|
||||||
|
"oneclient.sfx.ms",
|
||||||
|
"outlook.office365.com",
|
||||||
|
"peer1-wst.msedge.net",
|
||||||
|
"peer4-wst.msedge.net",
|
||||||
|
".prod.do.dsp.mp.microsoft.com",
|
||||||
|
"prod.do.dsp.mp.microsoft.com",
|
||||||
|
"prod.do.dsp.mp.microsoft.com.nsatc.net",
|
||||||
|
"pti.store.microsoft.com",
|
||||||
|
"pti.store.microsoft.com.unistore.akadns.net",
|
||||||
|
"purchase.mp.microsoft.com",
|
||||||
|
"query.prod.cms.rt.microsoft.com",
|
||||||
|
"ris.api.iris.microsoft.com",
|
||||||
|
"ris.api.iris.microsoft.com.akadns.net",
|
||||||
|
".search.msn.com",
|
||||||
|
"settings.data.microsoft.com",
|
||||||
|
"settings-win.data.microsoft.com",
|
||||||
|
"sls.update.microsoft.com",
|
||||||
|
"sls.update.microsoft.com.nsatc.net",
|
||||||
|
".s-msedge.net",
|
||||||
|
"star-mini.c10r.facebook.com",
|
||||||
|
"storecatalogrevocation.storequality.microsoft.com",
|
||||||
|
"storeedgefd.dsx.mp.microsoft.com",
|
||||||
|
"store-images.microsoft.com",
|
||||||
|
"store-images.s-microsoft.com",
|
||||||
|
"telecommand.telemetry.microsoft.com",
|
||||||
|
".telecommand.telemetry.microsoft.com.akadns.net",
|
||||||
|
"tile-service.weather.microsoft.com",
|
||||||
|
".tlu.dl.delivery.mp.microsoft.com",
|
||||||
|
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||||
|
"tsfe.trafficshaping.dsp.mp.microsoft.com",
|
||||||
|
"v10.vortex-win.data.microsoft.com",
|
||||||
|
"vip5.afdorigin-prod-am02.afdogw.com",
|
||||||
|
"vip5.afdorigin-prod-ch02.afdogw.com",
|
||||||
|
".wac.edgecastcdn.net",
|
||||||
|
"wac.edgecastcdn.net",
|
||||||
|
".wac.phicdn.net",
|
||||||
|
"wac.phicdn.net",
|
||||||
|
"wallet-frontend-prod-westus.cloudapp.net",
|
||||||
|
"wallet.microsoft.com",
|
||||||
|
"watson.telemetry.microsoft.com",
|
||||||
|
"wdcp.microsoft.akadns.net",
|
||||||
|
"wdcp.microsoft.com",
|
||||||
|
"wildcard.twimg.com",
|
||||||
|
".windowsupdate.com",
|
||||||
|
".wns.windows.com",
|
||||||
|
"www.bing.com",
|
||||||
|
"www.microsoft.com",
|
||||||
|
"www.msftconnecttest.com"
|
||||||
|
]
|
||||||
|
}
|
|
@ -35,6 +35,6 @@ cisco_warninglist['list'] = []
|
||||||
|
|
||||||
for site in top1000:
|
for site in top1000:
|
||||||
v = str(site).split(',')[1]
|
v = str(site).split(',')[1]
|
||||||
cisco_warninglist['list'].append(v[:-6])
|
cisco_warninglist['list'].append(v[:-5])
|
||||||
cisco_warninglist['list'] = sorted(set(cisco_warninglist['list']))
|
cisco_warninglist['list'] = sorted(set(cisco_warninglist['list']))
|
||||||
print(json.dumps(cisco_warninglist))
|
print(json.dumps(cisco_warninglist))
|
||||||
|
|
Loading…
Reference in New Issue