Merge branch 'master' of github.com:MISP/misp-warninglists
commit
2ec8d2eb3a
|
@ -24,7 +24,7 @@ are available in one of the list. The list can be globally enabled or disabled i
|
|||
- [lists/microsoft-office365](lists/microsoft-office365) - known Office 365 URLs and IP address ranges
|
||||
- [lists/microsoft-office365-cn](lists/microsoft-office365-cn) - known Office 365 IP address ranges in China
|
||||
- [lists/microsoft-attack-simulator](lists/microsoft-attack-simulator/) - known Office 365 hostnames and IP address used for Microsoft "Attack Simulator"
|
||||
- [lists/microsoft-win10-connection-endpoints](lists/microsoft-win10-connection-endpoints]) - known Windows 10 connection endpoints
|
||||
- [lists/microsoft-win10-connection-endpoints](lists/microsoft-win10-connection-endpoints/) - known Windows 10 connection endpoints
|
||||
- [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks
|
||||
- [lists/ovh-cluster](lists/ovh-cluster) - List of known OVH Cluster IP
|
||||
- [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,157 @@
|
|||
{
|
||||
"name": "List of known Windows 10 connection endpoints",
|
||||
"version": 1,
|
||||
"description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)",
|
||||
"type": "hostname",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"list": [
|
||||
".1.msftsrvcs.vo.llnwi.net",
|
||||
"2.dl.delivery.mp.microsoft.com",
|
||||
"2.tlu.dl.delivery.mp.microsoft.com",
|
||||
"3.dl.delivery.mp.microsoft.com",
|
||||
"3.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
"3.tlu.dl.delivery.mp.microsoft.com",
|
||||
"3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
"a122.dscd.akamai.net",
|
||||
"a1621.g.akamai.net",
|
||||
".akamaiedge.net",
|
||||
".akamai.net",
|
||||
".a-msedge.net",
|
||||
"arc.msn.com",
|
||||
"arc.msn.com.nsatc.net",
|
||||
"a-ring.msedge.net",
|
||||
"au.download.windowsupdate.com",
|
||||
"auth.gfx.ms",
|
||||
".b.akamaiedge.net",
|
||||
"bing.com",
|
||||
".blob.core.windows.net",
|
||||
"blob.weather.microsoft.com",
|
||||
"b-ring.msedge.net",
|
||||
"candycrushsoda.king.com",
|
||||
"cdn.content.prod.cms.msn.com",
|
||||
"cdn.onenote.net",
|
||||
"cds.d2s7q6s2.hwcdn.net",
|
||||
"client-office365-tas.msedge.net",
|
||||
".c-msedge.net",
|
||||
"co4.telecommand.telemetry.microsoft.com.akadns.net",
|
||||
"config.edge.skype.com",
|
||||
"cs12.wpc.v0cdn.net",
|
||||
"ctldl.windowsupdate.com",
|
||||
"cy2.displaycatalog.md.mp.microsoft.com.akadns.net",
|
||||
"cy2.licensing.md.mp.microsoft.com.akadns.net",
|
||||
"cy2.purchase.md.mp.microsoft.com.akadns.net",
|
||||
"cy2.settings.data.microsoft.com.akadns.net",
|
||||
"cy2.vortex.data.microsoft.com.akadns.net",
|
||||
"definitionupdates.microsoft.com",
|
||||
".delivery.dsp.mp.microsoft.com.nsatc.net",
|
||||
"displaycatalog.mp.microsoft.com",
|
||||
".dl.delivery.mp.microsoft.com",
|
||||
"dl.delivery.mp.microsoft.com",
|
||||
"dm3p.wns.notify.windows.com.akadns.net",
|
||||
"dmd.metaservices.microsoft.com",
|
||||
"dmd.metaservices.microsoft.com.akadns.net",
|
||||
"download.windowsupdate.com",
|
||||
".dscb1.akamaiedge.net",
|
||||
".dscd.akamai.net",
|
||||
".dspb.akamaiedge.net",
|
||||
".dspg.akamaiedge.net",
|
||||
".dspw65.akamai.net",
|
||||
"dual-a-0001.a-msedge.net",
|
||||
"emdl.ws.microsoft.com",
|
||||
".e-msedge.net",
|
||||
"evoke-windowsservices-tas.msedge.net",
|
||||
"fe2.update.microsoft.com",
|
||||
"fe2.update.microsoft.com.nsatc.net",
|
||||
"fe3.delivery.dsp.mp.microsoft.com.nsatc.net",
|
||||
"fe3.delivery.mp.microsoft.com",
|
||||
"fg.download.windowsupdate.com.c.footprint.net",
|
||||
"fp.msedge.net",
|
||||
"fs.microsoft.com",
|
||||
".g.akamaiedge.net",
|
||||
"g.akamaiedge.net",
|
||||
".g.akamai.net",
|
||||
"geo-prod.do.dsp.mp.microsoft.com",
|
||||
"geo-prod.do.dsp.mp.microsoft.com.nsatc.net",
|
||||
"geo-prod.dodsp.mp.microsoft.com.nsatc.net",
|
||||
"geover-prod.do.dsp.mp.microsoft.com",
|
||||
"g.live.com",
|
||||
"g.msn.com",
|
||||
"g.msn.com.nsatc.net",
|
||||
"go.microsoft.com",
|
||||
"gpla1.wac.v2cdn.net",
|
||||
".hwcdn.net",
|
||||
"img-prod-cms-rt-microsoft-com.akamaized.net",
|
||||
"ip5.afdorigin-prod-am02.afdogw.com",
|
||||
"ipv4.login.msa.akadns6.net",
|
||||
"licensing.mp.microsoft.com",
|
||||
"location-inference-westus.cloudapp.net",
|
||||
"login.live.com",
|
||||
".login.msa.akadns6.net",
|
||||
"login.msa.akadns6.net",
|
||||
"l-ring.msedge.net",
|
||||
".l.windowsupdate.com",
|
||||
".m1-msedge.net",
|
||||
"maps.windows.com",
|
||||
"mediaredirect.microsoft.com",
|
||||
"modern.watson.data.microsoft.com.akadns.net",
|
||||
"msftconnecttest.com",
|
||||
"msftsrvcs.vo.llnwd.net",
|
||||
"msnbot-65-52-108-198.search.msn.com",
|
||||
"msnbot-.search.msn.com",
|
||||
"ocos-office365-s2s.msedge.net",
|
||||
"ocsp.digicert.com",
|
||||
"oem.twimg.com",
|
||||
"oneclient.sfx.ms",
|
||||
"outlook.office365.com",
|
||||
"peer1-wst.msedge.net",
|
||||
"peer4-wst.msedge.net",
|
||||
".prod.do.dsp.mp.microsoft.com",
|
||||
"prod.do.dsp.mp.microsoft.com",
|
||||
"prod.do.dsp.mp.microsoft.com.nsatc.net",
|
||||
"pti.store.microsoft.com",
|
||||
"pti.store.microsoft.com.unistore.akadns.net",
|
||||
"purchase.mp.microsoft.com",
|
||||
"query.prod.cms.rt.microsoft.com",
|
||||
"ris.api.iris.microsoft.com",
|
||||
"ris.api.iris.microsoft.com.akadns.net",
|
||||
".search.msn.com",
|
||||
"settings.data.microsoft.com",
|
||||
"settings-win.data.microsoft.com",
|
||||
"sls.update.microsoft.com",
|
||||
"sls.update.microsoft.com.nsatc.net",
|
||||
".s-msedge.net",
|
||||
"star-mini.c10r.facebook.com",
|
||||
"storecatalogrevocation.storequality.microsoft.com",
|
||||
"storeedgefd.dsx.mp.microsoft.com",
|
||||
"store-images.microsoft.com",
|
||||
"store-images.s-microsoft.com",
|
||||
"telecommand.telemetry.microsoft.com",
|
||||
".telecommand.telemetry.microsoft.com.akadns.net",
|
||||
"tile-service.weather.microsoft.com",
|
||||
".tlu.dl.delivery.mp.microsoft.com",
|
||||
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
"tsfe.trafficshaping.dsp.mp.microsoft.com",
|
||||
"v10.vortex-win.data.microsoft.com",
|
||||
"vip5.afdorigin-prod-am02.afdogw.com",
|
||||
"vip5.afdorigin-prod-ch02.afdogw.com",
|
||||
".wac.edgecastcdn.net",
|
||||
"wac.edgecastcdn.net",
|
||||
".wac.phicdn.net",
|
||||
"wac.phicdn.net",
|
||||
"wallet-frontend-prod-westus.cloudapp.net",
|
||||
"wallet.microsoft.com",
|
||||
"watson.telemetry.microsoft.com",
|
||||
"wdcp.microsoft.akadns.net",
|
||||
"wdcp.microsoft.com",
|
||||
"wildcard.twimg.com",
|
||||
".windowsupdate.com",
|
||||
".wns.windows.com",
|
||||
"www.bing.com",
|
||||
"www.microsoft.com",
|
||||
"www.msftconnecttest.com"
|
||||
]
|
||||
}
|
|
@ -35,6 +35,6 @@ cisco_warninglist['list'] = []
|
|||
|
||||
for site in top1000:
|
||||
v = str(site).split(',')[1]
|
||||
cisco_warninglist['list'].append(v[:-6])
|
||||
cisco_warninglist['list'].append(v[:-5])
|
||||
cisco_warninglist['list'] = sorted(set(cisco_warninglist['list']))
|
||||
print(json.dumps(cisco_warninglist))
|
||||
|
|
Loading…
Reference in New Issue