chg: Add script to make lists unique, and sort the keys.

Update covid lists.
pull/145/head
Raphaël Vinot 2020-04-03 13:37:17 +02:00
parent bad8b17fff
commit 300d823638
49 changed files with 17726 additions and 17726 deletions

View File

@ -7,7 +7,7 @@ set -x
for dir in lists/*/list.json for dir in lists/*/list.json
do do
cat ${dir} | jq . | sponge ${dir} cat ${dir} | jq -S . | sponge ${dir}
done done
cat schema.json | jq . | sponge schema.json cat schema.json | jq -S . | sponge schema.json

View File

@ -1,8 +1,5 @@
{ {
"description": "Event contains one or more entries from the top 1000 of the most used website (Alexa).", "description": "Event contains one or more entries from the top 1000 of the most used website (Alexa).",
"version": 20190424,
"name": "Top 1000 website from Alexa",
"type": "hostname",
"list": [ "list": [
"104.com.tw", "104.com.tw",
"11st.co.kr", "11st.co.kr",
@ -1008,5 +1005,8 @@
"matching_attributes": [ "matching_attributes": [
"hostname", "hostname",
"domain" "domain"
] ],
"name": "Top 1000 website from Alexa",
"type": "hostname",
"version": 20190424
} }

View File

@ -1,8 +1,5 @@
{ {
"name": "List of known Amazon AWS IP address ranges",
"version": 20200210,
"description": "Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)", "description": "Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)",
"type": "cidr",
"list": [ "list": [
"100.20.0.0/14", "100.20.0.0/14",
"100.24.0.0/13", "100.24.0.0/13",
@ -1695,5 +1692,8 @@
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
] ],
"name": "List of known Amazon AWS IP address ranges",
"type": "cidr",
"version": 20200210
} }

View File

@ -1,40 +1,40 @@
{ {
"name": "List of known domains used by automated malware analysis services & security vendors",
"version": 5,
"description": "Domains used by automated malware analysis services & security vendors", "description": "Domains used by automated malware analysis services & security vendors",
"type": "substring", "list": [
"akana.mobiseclab.org",
"analyze.intezer.com",
"anlyz.io",
"app.any.run",
"app.sndbox.com",
"cape.contextis.com",
"capesandbox.com",
"carbonblack.com",
"detux.org",
"emergingthreats.net",
"hybrid-analysis.com",
"jevereg.amnpardaz.com",
"joesandbox.com",
"koodous.com",
"malwr.com",
"mcafee.com",
"reverse.it",
"sandbox.pikker.ee",
"sanddroid.xjtu.edu.cn",
"securelist.com",
"symantec.com",
"tria.ge",
"undroid.av-comparatives.org",
"virustotal.com",
"www.threatexpert.com",
"www.vicheck.ca"
],
"matching_attributes": [ "matching_attributes": [
"domain", "domain",
"hostname", "hostname",
"domain|ip", "domain|ip",
"url" "url"
], ],
"list": [ "name": "List of known domains used by automated malware analysis services & security vendors",
"virustotal.com", "type": "substring",
"malwr.com", "version": 5
"hybrid-analysis.com",
"emergingthreats.net",
"joesandbox.com",
"anlyz.io",
"detux.org",
"akana.mobiseclab.org",
"sandbox.pikker.ee",
"www.threatexpert.com",
"www.vicheck.ca",
"reverse.it",
"mcafee.com",
"symantec.com",
"securelist.com",
"carbonblack.com",
"app.any.run",
"cape.contextis.com",
"tria.ge",
"koodous.com",
"undroid.av-comparatives.org",
"sanddroid.xjtu.edu.cn",
"jevereg.amnpardaz.com",
"analyze.intezer.com",
"app.sndbox.com",
"capesandbox.com"
]
} }

View File

@ -1,13 +1,5 @@
{ {
"name": "List of known bank domains",
"version": 2,
"description": "Event contains one or more entries of known banking website", "description": "Event contains one or more entries of known banking website",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"type": "hostname",
"list": [ "list": [
".02bancorp.com", ".02bancorp.com",
".1822direkt.com", ".1822direkt.com",
@ -1501,8 +1493,8 @@
".spk-suedholstein.de", ".spk-suedholstein.de",
".spk-vorpommern.de", ".spk-vorpommern.de",
".spk-westholstein.de", ".spk-westholstein.de",
".spkhb.de",
".spkef.is", ".spkef.is",
".spkhb.de",
".ssbia.com", ".ssbia.com",
".ssbnd.com", ".ssbnd.com",
".ssbnet.com", ".ssbnet.com",
@ -1763,5 +1755,13 @@
".zionsbank.com", ".zionsbank.com",
".ziraatbank.de", ".ziraatbank.de",
".zvezabank.at" ".zvezabank.at"
] ],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known bank domains",
"type": "hostname",
"version": 2
} }

View File

@ -1,9 +1,4 @@
{ {
"matching_attributes": [
"hostname",
"domain",
"domain|ip"
],
"description": "Event contains one or more entries from the top 1000 of the most used website (Cisco Umbrella).", "description": "Event contains one or more entries from the top 1000 of the most used website (Cisco Umbrella).",
"list": [ "list": [
"0.client-channel.google.com", "0.client-channel.google.com",
@ -1007,7 +1002,12 @@
"z.moatads.com", "z.moatads.com",
"zemanta.com" "zemanta.com"
], ],
"version": 20190309, "matching_attributes": [
"hostname",
"domain",
"domain|ip"
],
"name": "Top 1000 website from Cisco Umbrella",
"type": "hostname", "type": "hostname",
"name": "Top 1000 website from Cisco Umbrella" "version": 20190309
} }

View File

@ -1,34 +1,34 @@
{ {
"description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)",
"list": [ "list": [
"188.114.96.0/20",
"2405:8100::/32",
"2c0f:f248::/32",
"190.93.240.0/20",
"173.245.48.0/20",
"103.21.244.0/22", "103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"104.16.0.0/12", "104.16.0.0/12",
"108.162.192.0/18",
"131.0.72.0/22",
"141.101.64.0/18",
"162.158.0.0/15",
"172.64.0.0/13",
"173.245.48.0/20",
"188.114.96.0/20",
"190.93.240.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"2400:cb00::/32",
"2405:8100::/32",
"2405:b500::/32",
"2606:4700::/32", "2606:4700::/32",
"2803:f800::/32", "2803:f800::/32",
"2400:cb00::/32",
"141.101.64.0/18",
"198.41.128.0/17",
"172.64.0.0/13",
"108.162.192.0/18",
"197.234.240.0/22",
"2405:b500::/32",
"103.31.4.0/22",
"131.0.72.0/22",
"2a06:98c0::/29", "2a06:98c0::/29",
"162.158.0.0/15", "2c0f:f248::/32"
"103.22.200.0/22"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-dst", "ip-dst",
"ip-src", "ip-src",
"domain|ip" "domain|ip"
], ],
"name": "List of known Cloudflare IP ranges", "name": "List of known Cloudflare IP ranges",
"version": 20200210, "type": "cidr",
"description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)" "version": 20200210
} }

View File

@ -1,8 +1,5 @@
{ {
"name": "Common contact e-mail addresses",
"version": 20200226,
"description": "A list of commonly used abuse and contact e-mail addresses, including the ones denoted in RFC2142.", "description": "A list of commonly used abuse and contact e-mail addresses, including the ones denoted in RFC2142.",
"type": "regex",
"list": [ "list": [
"/^(security|noc|soc|abuse)\\@.*\\..*$/i" "/^(security|noc|soc|abuse)\\@.*\\..*$/i"
], ],
@ -10,5 +7,8 @@
"email-dst", "email-dst",
"email-src", "email-src",
"target-email" "target-email"
] ],
"name": "Common contact e-mail addresses",
"type": "regex",
"version": 20200226
} }

View File

@ -1,7 +1,76 @@
{ {
"name": "List of known hashes with common false-positives (based on Florian Roth input list)",
"version": 2,
"description": "Event contains one or more entries with common false-positives", "description": "Event contains one or more entries with common false-positives",
"list": [
"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
"048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d",
"06f7826c2862d184a49e3672c0aa6097b11e7771a4bf613ec37941236c1a8e20",
"07c4c7ae2c4c7cb3ccd2ba9cd70a94382395ca8e2b0312c1631d09d790b6db33",
"0f343b0931126a20f133d67c2b018a3b",
"10400c6faf166902b52fb97042f1e0eb",
"125da188e26bd119ce8cad7eeb1fc2dfa147ad47",
"16e8e953c65d610c3bfc595240f3f5b7",
"183d0929423da2aa83441ee625de92b213f33948",
"1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d",
"200ceb26807d6bf99fd6f4f0d1ca54d4",
"231a802e6ff1fae42f2b12561fff2767d473210b",
"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
"325472601571f31e1bf00674c368d335",
"4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9",
"41f958d2d3e9ed4504b6a8863fd72b49",
"4a15a6777284035dfd8df4ecf496b4f0557a9cc4ffaaf5887659031e843865e1",
"4b298058e1d5fd3f2fa20ead21773912a5dc38da3c0da0bbc7de1adfb6011f1c",
"4b6c7f3146f86136507497232d2f04a0",
"4dde54cfc600dbd9a610645d197a632e064115ffaa3a1b595c3a23036e501678",
"5ba93c9db0cff93f52b521d7420e43f6eda2784f",
"5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
"605db3fdbaff4ba13729371ad0c4fbab3889378e",
"60cacbf3d72e1e7834203da608037b1bf83b40e8",
"620f0b67a91f7f74151bc5be745b7110",
"68b329da9893e34099c7d8ad5cb9c940",
"6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
"72c2dbbb1fe642073002b30987fcd68921a6b140",
"7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6",
"8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe",
"81051bcc2cf1bedf378224b0a93e2877",
"86f1895ae8c5e8b17d99ece768a70732",
"8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d",
"93b885adfe0da089cdf634904fd59f71",
"995c770caeb45f7f0c1bc3affc60f11d8c40e16027df2cf711f95824f3534b6f",
"a11a2f0cfe6d0b4c50945989db6360cd",
"a6105c0a611b41b08f1209506350279e",
"ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7",
"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
"b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3",
"b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"b6f9aa44c5f0565b5deb761b1926e9b6",
"ba8ab5a0280b953aa97435ff8946cbcbb2755a27",
"c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102",
"c5e389341a0b19b6f045823abffc9814",
"c82cee5f957ad01068f487eecd430a1389e0d922",
"c929701c67a05f90827563eedccf5eba8e65b2da970189a0371f28cd896708b8",
"c99a74c555371a433d121f551d6c6398",
"d378bffb70923139d6a4f546864aa61c",
"d3b07384d113edec49eaa6238ad5ff00",
"d41d8cd98f00b204e9800998ecf8427e",
"d5502a1d00787d68f548ddeebbde1eca5e2b38ca",
"d583c3aa489ed954df3be71e71deae3a9895857e",
"d991c16949bd5e85e768385440e18d493ce3aa46",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"deabe082bc0f0f503292e537b2675c7c93dca40f",
"df4e26a04a444901b95afef44e4a96cfae34690fff2ad2c66389c70079cdff2b",
"e24133dd836d99182a6227dcf6613d08",
"e2516fcd1573e70334c8f50bee5241cdfdf48a00",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad",
"e617348b8947f28e2a280dd93c75a6ad",
"f00aa51c2ed8b2f656318fdc01ee1cf5441011a4",
"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"f6d380b256b0e66ef347adc78195fd0f228b3e33",
"fa8715078d45101200a6e2bf7321aa04",
"fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0",
"fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de"
],
"matching_attributes": [ "matching_attributes": [
"md5", "md5",
"sha1", "sha1",
@ -14,76 +83,7 @@
"filename|sha256", "filename|sha256",
"filename|sha512" "filename|sha512"
], ],
"name": "List of known hashes with common false-positives (based on Florian Roth input list)",
"type": "string", "type": "string",
"list": [ "version": 2
"d41d8cd98f00b204e9800998ecf8427e",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"68b329da9893e34099c7d8ad5cb9c940",
"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
"81051bcc2cf1bedf378224b0a93e2877",
"ba8ab5a0280b953aa97435ff8946cbcbb2755a27",
"7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6",
"93b885adfe0da089cdf634904fd59f71",
"5ba93c9db0cff93f52b521d7420e43f6eda2784f",
"6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
"0f343b0931126a20f133d67c2b018a3b",
"60cacbf3d72e1e7834203da608037b1bf83b40e8",
"5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
"c99a74c555371a433d121f551d6c6398",
"605db3fdbaff4ba13729371ad0c4fbab3889378e",
"e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad",
"fa8715078d45101200a6e2bf7321aa04",
"d991c16949bd5e85e768385440e18d493ce3aa46",
"4b298058e1d5fd3f2fa20ead21773912a5dc38da3c0da0bbc7de1adfb6011f1c",
"620f0b67a91f7f74151bc5be745b7110",
"1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d",
"ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7",
"c5e389341a0b19b6f045823abffc9814",
"c82cee5f957ad01068f487eecd430a1389e0d922",
"995c770caeb45f7f0c1bc3affc60f11d8c40e16027df2cf711f95824f3534b6f",
"325472601571f31e1bf00674c368d335",
"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
"e617348b8947f28e2a280dd93c75a6ad",
"125da188e26bd119ce8cad7eeb1fc2dfa147ad47",
"06f7826c2862d184a49e3672c0aa6097b11e7771a4bf613ec37941236c1a8e20",
"200ceb26807d6bf99fd6f4f0d1ca54d4",
"b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3",
"4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9",
"d3b07384d113edec49eaa6238ad5ff00",
"fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0",
"b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"a6105c0a611b41b08f1209506350279e",
"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d",
"10400c6faf166902b52fb97042f1e0eb",
"d583c3aa489ed954df3be71e71deae3a9895857e",
"df4e26a04a444901b95afef44e4a96cfae34690fff2ad2c66389c70079cdff2b",
"4b6c7f3146f86136507497232d2f04a0",
"deabe082bc0f0f503292e537b2675c7c93dca40f",
"4a15a6777284035dfd8df4ecf496b4f0557a9cc4ffaaf5887659031e843865e1",
"a11a2f0cfe6d0b4c50945989db6360cd",
"e2516fcd1573e70334c8f50bee5241cdfdf48a00",
"fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de",
"16e8e953c65d610c3bfc595240f3f5b7",
"231a802e6ff1fae42f2b12561fff2767d473210b",
"048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d",
"e24133dd836d99182a6227dcf6613d08",
"72c2dbbb1fe642073002b30987fcd68921a6b140",
"4dde54cfc600dbd9a610645d197a632e064115ffaa3a1b595c3a23036e501678",
"41f958d2d3e9ed4504b6a8863fd72b49",
"f6d380b256b0e66ef347adc78195fd0f228b3e33",
"c929701c67a05f90827563eedccf5eba8e65b2da970189a0371f28cd896708b8",
"d378bffb70923139d6a4f546864aa61c",
"f00aa51c2ed8b2f656318fdc01ee1cf5441011a4",
"c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102",
"86f1895ae8c5e8b17d99ece768a70732",
"d5502a1d00787d68f548ddeebbde1eca5e2b38ca",
"8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe",
"b6f9aa44c5f0565b5deb761b1926e9b6",
"183d0929423da2aa83441ee625de92b213f33948",
"07c4c7ae2c4c7cb3ccd2ba9cd70a94382395ca8e2b0312c1631d09d790b6db33"
]
} }

File diff suppressed because it is too large Load Diff

View File

@ -3,7 +3,6 @@
"list": [ "list": [
"akkure4covid.com", "akkure4covid.com",
"bag-coronavirus.ch", "bag-coronavirus.ch",
"bag-coronavirus.ch",
"co19.oracle.com", "co19.oracle.com",
"corona-data.ch", "corona-data.ch",
"coronamadrid.com", "coronamadrid.com",
@ -36,6 +35,5 @@
], ],
"name": "Covid-19 Krassi's Whitelist", "name": "Covid-19 Krassi's Whitelist",
"type": "hostname", "type": "hostname",
"uuid": "b600900c-aacc-4860-acf4-7e24a1b08202",
"version": 20200403 "version": 20200403
} }

View File

@ -1,9 +1,8 @@
{ {
"name": "Valid covid-19 related domains",
"version": 7,
"description": "Maintained using different lists (such as Jaime Blasco's and Krassimir's lists).", "description": "Maintained using different lists (such as Jaime Blasco's and Krassimir's lists).",
"list": [ "list": [
"3d.nicovideo.jp", "3d.nicovideo.jp",
"aatishb.com",
"account.nicovideo.jp", "account.nicovideo.jp",
"ads.nicovideo.jp", "ads.nicovideo.jp",
"againstcovid19.com", "againstcovid19.com",
@ -17,8 +16,13 @@
"api.nicovideo.jp", "api.nicovideo.jp",
"arcgis.com", "arcgis.com",
"asuntosdelsur.org", "asuntosdelsur.org",
"bag-coronavirus.ch",
"balad.ir", "balad.ir",
"basemaps.arcgis.com",
"bestcoronavirusprotect.tk",
"bgvfr.coronavirusware.xyz",
"blog.nicovideo.jp", "blog.nicovideo.jp",
"blogcoronacl.canalcero.digital",
"bnnrc.net", "bnnrc.net",
"bnpb-inacovid19.hub.arcgis.com", "bnpb-inacovid19.hub.arcgis.com",
"boisestate-covid-19.slack.com", "boisestate-covid-19.slack.com",
@ -27,6 +31,7 @@
"cas.dev.nicovideo.jp", "cas.dev.nicovideo.jp",
"cas.nicovideo.jp", "cas.nicovideo.jp",
"cdc-covid19-healthbot.azurefd.net", "cdc-covid19-healthbot.azurefd.net",
"cdn.arcgis.com",
"cdtcovid.akstd.azureedge.net", "cdtcovid.akstd.azureedge.net",
"ch.nicovideo.jp", "ch.nicovideo.jp",
"checkupcovid19.jatimprov.go.id", "checkupcovid19.jatimprov.go.id",
@ -34,6 +39,7 @@
"cluster.covid19india.org", "cluster.covid19india.org",
"commons.nicovideo.jp", "commons.nicovideo.jp",
"corona helden", "corona helden",
"corona-data.ch",
"corona.cloud", "corona.cloud",
"corona.gov.bd", "corona.gov.bd",
"corona.help", "corona.help",
@ -51,14 +57,17 @@
"coronavirus-dashboard.utah.gov", "coronavirus-dashboard.utah.gov",
"coronavirus-disasterresponse.hub.arcgis.com", "coronavirus-disasterresponse.hub.arcgis.com",
"coronavirus-map.com", "coronavirus-map.com",
"coronavirus-realtime.com",
"coronavirus-vulnerable-people.service.gov.uk", "coronavirus-vulnerable-people.service.gov.uk",
"coronavirus-wvgovstatus-cdn.afd.azureedge.net", "coronavirus-wvgovstatus-cdn.afd.azureedge.net",
"coronavirus.app", "coronavirus.app",
"coronavirus.cc",
"coronavirus.datafree.co", "coronavirus.datafree.co",
"coronavirus.dc.gov", "coronavirus.dc.gov",
"coronavirus.delaware.gov", "coronavirus.delaware.gov",
"coronavirus.fairwork.gov.au", "coronavirus.fairwork.gov.au",
"coronavirus.gob.mx", "coronavirus.gob.mx",
"coronavirus.gouvernement.lu",
"coronavirus.gov", "coronavirus.gov",
"coronavirus.health.ny.gov", "coronavirus.health.ny.gov",
"coronavirus.health.ok.gov", "coronavirus.health.ok.gov",
@ -74,16 +83,20 @@
"coronavirus.wa.gov", "coronavirus.wa.gov",
"coronavirus.wvgovstatus.com", "coronavirus.wvgovstatus.com",
"coronavirus.zone", "coronavirus.zone",
"coronavirusaware.xyz",
"coronavirusecuador.com", "coronavirusecuador.com",
"coronavirusinfections.org", "coronavirusinfections.org",
"coronaviruslive.it", "coronaviruslive.it",
"coronavirusnow.com", "coronavirusnow.com",
"coronavirusstatus.space",
"coronavirusupdate.tk",
"covid-19-assets.htvtools.us", "covid-19-assets.htvtools.us",
"covid-19.alibabacloud.com", "covid-19.alibabacloud.com",
"covid-19.bccdc.ca", "covid-19.bccdc.ca",
"covid-19.chinadaily.com.cn", "covid-19.chinadaily.com.cn",
"covid-19.chinatimes.com", "covid-19.chinatimes.com",
"covid-19.direct", "covid-19.direct",
"covid-19.iglocska.eu",
"covid-19.kapook.com", "covid-19.kapook.com",
"covid-19.livephotos.my", "covid-19.livephotos.my",
"covid-19.ontario.ca", "covid-19.ontario.ca",
@ -96,6 +109,7 @@
"covid-19training.gov.au", "covid-19training.gov.au",
"covid-api.com", "covid-api.com",
"covid-global-hackathon.devpost.com", "covid-global-hackathon.devpost.com",
"covid-misp.ncsc.gov.ie",
"covid-monitoring.kemkes.go.id", "covid-monitoring.kemkes.go.id",
"covid-response-moa-muniorg.hub.arcgis.com", "covid-response-moa-muniorg.hub.arcgis.com",
"covid-sheets-mirror.web.app", "covid-sheets-mirror.web.app",
@ -129,7 +143,9 @@
"covid19.jogjaprov.go.id", "covid19.jogjaprov.go.id",
"covid19.kedirikab.go.id", "covid19.kedirikab.go.id",
"covid19.kemkes.go.id", "covid19.kemkes.go.id",
"covid19.lu",
"covid19.mathdro.id", "covid19.mathdro.id",
"covid19.min-saude.pt",
"covid19.moph.go.th", "covid19.moph.go.th",
"covid19.mt.gov", "covid19.mt.gov",
"covid19.nashville.gov", "covid19.nashville.gov",
@ -153,6 +169,7 @@
"covid19india.github.io", "covid19india.github.io",
"covid19india.org", "covid19india.org",
"covid19info.live", "covid19info.live",
"covid19japan.com",
"covid19japan.s3.ap-northeast-1.amazonaws.com", "covid19japan.s3.ap-northeast-1.amazonaws.com",
"covid19musicrelief.byspotify.com", "covid19musicrelief.byspotify.com",
"covid19ph.com", "covid19ph.com",
@ -161,6 +178,7 @@
"covid19stats.live", "covid19stats.live",
"covid19tracker.ca", "covid19tracker.ca",
"covid19vm01.azurewebsites.net", "covid19vm01.azurewebsites.net",
"covid3d.fr",
"covidabruzzo.it", "covidabruzzo.it",
"covidactnow.org", "covidactnow.org",
"covideo.com", "covideo.com",
@ -201,6 +219,7 @@
"ichiba.nicovideo.jp", "ichiba.nicovideo.jp",
"inacovid19.maps.arcgis.com", "inacovid19.maps.arcgis.com",
"indonesia-covid-19.mathdro.id", "indonesia-covid-19.mathdro.id",
"info-coronavirus.be",
"infocovid19.jatimprov.go.id", "infocovid19.jatimprov.go.id",
"italy.coronavirusinfections.org", "italy.coronavirusinfections.org",
"jabarprov-covid19.netlify.com", "jabarprov-covid19.netlify.com",
@ -240,6 +259,7 @@
"seiga.dev.nicovideo.jp", "seiga.dev.nicovideo.jp",
"seiga.nicovideo.jp", "seiga.nicovideo.jp",
"servicecovid.tpasaigon.vn", "servicecovid.tpasaigon.vn",
"services9.arcgis.com",
"sgwuhan.xose.net", "sgwuhan.xose.net",
"shiny.john-coene.com", "shiny.john-coene.com",
"site.nicovideo.jp", "site.nicovideo.jp",
@ -262,13 +282,16 @@
"stopcov.ge", "stopcov.ge",
"stopcovid19.metro.tokyo.lg.jp", "stopcovid19.metro.tokyo.lg.jp",
"sug.search.nicovideo.jp", "sug.search.nicovideo.jp",
"survivecoronavirus.org",
"talksub.com", "talksub.com",
"test.nicovideo.jp", "test.nicovideo.jp",
"the2019ncov.com", "the2019ncov.com",
"thewuhanvirus.com", "thewuhanvirus.com",
"tiles.arcgis.com",
"trackcorona-images.s3.amazonaws.com", "trackcorona-images.s3.amazonaws.com",
"trackcorona.live", "trackcorona.live",
"us-central1-covid-19-live.cloudfunctions.net", "us-central1-covid-19-live.cloudfunctions.net",
"vaccine-coronavirus.com",
"veille-coronavirus.fr", "veille-coronavirus.fr",
"verificovid.mx", "verificovid.mx",
"wirvsvirushackathon.org", "wirvsvirushackathon.org",
@ -290,47 +313,19 @@
"www.covideo.com", "www.covideo.com",
"www.covidvisualizer.com", "www.covidvisualizer.com",
"www.dev.nicovideo.jp", "www.dev.nicovideo.jp",
"www.info-coronavirus.be",
"www.internet-covid19.com", "www.internet-covid19.com",
"www.kycovid19.ky.gov", "www.kycovid19.ky.gov",
"www.nicovideo.jp", "www.nicovideo.jp",
"www.test.nicovideo.jp", "www.test.nicovideo.jp",
"www.voluntarioscoronavirus.rj.gov.br", "www.voluntarioscoronavirus.rj.gov.br"
"bag-coronavirus.ch",
"bestcoronavirusprotect.tk",
"bgvfr.coronavirusware.xyz",
"blogcoronacl.canalcero.digital",
"corona-data.ch",
"coronavirus-map.com",
"coronavirus-realtime.com",
"coronavirus.app",
"coronavirus.cc",
"coronavirus.zone",
"coronavirusaware.xyz",
"coronavirusstatus.space",
"coronavirusupdate.tk",
"covid-19.iglocska.eu",
"covid-misp.ncsc.gov.ie",
"covid.apollo247.com",
"covid19india.org",
"covid19japan.com",
"survivecoronavirus.org",
"vaccine-coronavirus.com",
"covid19.min-saude.pt",
"www.info-coronavirus.be",
"info-coronavirus.be",
"coronavirus.gouvernement.lu",
"covid19.lu",
"covid3d.fr",
"aatishb.com",
"basemaps.arcgis.com",
"services9.arcgis.com",
"cdn.arcgis.com",
"tiles.arcgis.com"
], ],
"type": "hostname",
"matching_attributes": [ "matching_attributes": [
"domain", "domain",
"hostname", "hostname",
"url" "url"
] ],
"name": "Valid covid-19 related domains",
"type": "hostname",
"version": 8
} }

View File

@ -1,5 +1,383 @@
{ {
"type": "substring", "description": "CRL Warninglist from threatstop (https://github.com/threatstop/crl-ocsp-whitelist/)",
"list": [
"104.16.89.188",
"104.16.90.188",
"104.16.91.188",
"104.16.92.188",
"104.16.93.188",
"104.17.102.175",
"104.17.103.175",
"104.17.104.175",
"104.17.105.175",
"104.17.106.175",
"104.215.29.84",
"104.215.54.174",
"104.41.179.244",
"104.91.166.106",
"104.91.166.112",
"104.91.166.82",
"104.91.166.89",
"104.91.166.96",
"104.91.166.98",
"109.70.240.114",
"113.52.156.18",
"116.92.128.12",
"116.92.128.34",
"119.145.171.206",
"119.145.171.215",
"121.50.63.210",
"121.50.63.211",
"13.114.126.114",
"13.33.164.100",
"13.33.164.105",
"13.33.164.164",
"13.33.164.223",
"13.33.164.236",
"13.33.164.37",
"13.33.164.7",
"13.33.164.93",
"13.78.114.232",
"133.242.48.24",
"133.242.50.38",
"133.242.68.56",
"151.101.46.133",
"153.120.128.154",
"153.127.215.13",
"153.127.216.172",
"153.149.154.120",
"153.149.17.219",
"153.149.96.48",
"153.149.98.42",
"155.207.94.23",
"155.207.94.25",
"172.217.1.46",
"172.217.4.243",
"178.255.83.1",
"18.194.140.191",
"184.73.226.63",
"185.102.40.212",
"185.102.40.23",
"185.33.53.5",
"185.62.162.144",
"185.62.162.145",
"185.69.225.3",
"185.69.225.4",
"192.35.177.117",
"192.35.177.153",
"192.35.177.155",
"193.104.0.178",
"193.104.0.210",
"193.140.71.141",
"193.140.71.35",
"193.27.6.240",
"193.42.222.125",
"194.140.12.241",
"194.140.59.23",
"194.145.83.75",
"194.145.83.79",
"194.30.48.30",
"195.77.23.39",
"195.77.23.49",
"195.80.175.18",
"195.80.175.39",
"195.80.175.7",
"195.95.167.129",
"195.95.167.162",
"195.95.167.163",
"2001:4420:aa01:ff01:210:241:69:194",
"2001:4542:2064:7::1010",
"2001:4542:2064:7::1013",
"2001:559:19:5400::173e:e30b",
"2001:559:19:5400::173e:e319",
"2001:559:19:5400::173e:e361",
"2001:559:19:5400::173e:e36a",
"2001:559:19:5400::173e:e378",
"2001:559:19:5400::173e:e380",
"2001:559:19:5c96::201a",
"2001:559:19:5c98::201a",
"2001:559:19:6483::201a",
"2001:559:19:648f::201a",
"2001:559:19:e000::b854:f46a",
"2001:b031:1306:ff00::1010",
"2001:b031:1306:ff00::1013",
"202.32.255.81",
"202.32.255.82",
"210.151.42.156",
"210.241.69.194",
"210.71.154.56",
"210.74.41.123",
"210.74.41.181",
"212.142.249.49",
"212.175.187.26",
"212.175.187.27",
"212.175.187.59",
"212.31.61.102",
"212.31.61.106",
"213.162.193.244",
"213.162.193.245",
"213.229.84.216",
"213.61.227.196",
"216.58.216.78",
"217.150.144.194",
"217.150.144.200",
"217.150.144.202",
"217.170.186.113",
"217.170.186.115",
"219.127.237.69",
"219.87.64.165",
"219.87.64.186",
"23.215.104.10",
"23.215.104.113",
"23.215.104.16",
"23.215.104.19",
"23.215.104.27",
"23.215.104.35",
"23.215.104.49",
"23.215.104.65",
"23.215.105.96",
"23.34.78.114",
"23.4.43.27",
"23.5.251.27",
"23.54.187.27",
"23.62.227.64",
"23.62.227.72",
"23.62.227.9",
"2600:1407:21:2a1::1b01",
"2600:1407:21:2b3::1b01",
"2600:9000:2044:4800:3:6aa6:6180:21",
"2600:9000:2044:a200:3:6aa6:6180:21",
"2600:9000:2044:ae00:3:6aa6:6180:21",
"2600:9000:2044:bc00:3:6aa6:6180:21",
"2600:9000:2044:e200:3:6aa6:6180:21",
"2600:9000:2044:ec00:3:6aa6:6180:21",
"2600:9000:2044:f800:3:6aa6:6180:21",
"2600:9000:2044:fc00:3:6aa6:6180:21",
"2606:4700::6810:59bc",
"2606:4700::6810:5abc",
"2606:4700::6810:5bbc",
"2606:4700::6810:5cbc",
"2606:4700::6810:5dbc",
"2606:4700::6811:66af",
"2606:4700::6811:67af",
"2606:4700::6811:68af",
"2606:4700::6811:69af",
"2606:4700::6811:6aaf",
"2607:f8b0:4009:80d::200e",
"2607:f8b0:4009:815::2013",
"2607:f8b0:4009:816::200e",
"2620:108:700f::22d4:f675",
"2620:108:700f::22d6:45ab",
"2620:108:700f::3426:765e",
"2a00:17f0:1300:3285::2",
"2a00:17f0:1300:3285::3",
"2a02:1788:2fd::b2ff:5301",
"2a04:4e42:2c::645",
"2a04:4e42:b::645",
"35.163.43.72",
"46.137.168.218",
"46.137.183.10",
"46.29.101.81",
"46.29.101.82",
"46.29.101.83",
"46.29.101.84",
"50.63.243.228",
"50.63.243.229",
"50.63.243.230",
"52.207.77.222",
"52.219.73.78",
"52.222.217.106",
"52.222.217.144",
"52.222.217.59",
"52.222.217.88",
"52.239.142.228",
"54.199.233.192",
"59.106.216.193",
"60.250.3.135",
"60.250.3.156",
"61.114.186.157",
"61.203.134.55",
"62.96.224.138",
"66.225.197.197",
"72.21.91.29",
"80.79.96.210",
"80.79.96.44",
"82.223.54.157",
"86.109.121.18",
"88.87.212.233",
"88.87.212.243",
"91.120.239.74",
"91.121.147.17",
"91.194.146.110",
"91.198.11.52",
"91.198.11.79",
"91.198.11.87",
"91.83.236.157",
"93.92.105.115",
"93.92.105.23",
"aces.ocsp.identrust.com",
"cdn.d-trust-cloudcrl.net",
"cdp.elektronicznypodpis.pl",
"cdp1.disig.sk",
"cdp2.disig.sk",
"commercial.ocsp.identrust.com",
"crl-ssl.certificat2.com",
"crl.affirmtrust.com",
"crl.buypass.no",
"crl.camerfirma.com",
"crl.certsign.ro",
"crl.cfca.com.cn",
"crl.comodoca.com",
"crl.d-trust.net",
"crl.e-tugra.com",
"crl.entrust.net",
"crl.firmaprofesional.com",
"crl.gdca.com.cn",
"crl.globalsign.com",
"crl.godaddy.com",
"crl.igc-g3.certinomis.com",
"crl.infocert.it",
"crl.izenpe.com",
"crl.luxtrust.lu",
"crl.managedpki.com",
"crl.netsolssl.com",
"crl.pki.goog",
"crl.quovadisglobal.com",
"crl.sbca.telesec.de",
"crl.serverpass.telesec.de",
"crl.starfieldtech.com",
"crl.swisssign.net",
"crl.trust-provider.com",
"crl.trustcor.ca",
"crl.trustwave.com",
"crl.usertrust.com",
"crl09.actalis.it",
"crl1.camerfirma.com",
"crl1.e-tugra.com",
"crl1.hongkongpost.gov.hk",
"crl1.netlock.hu",
"crl2.firmaprofesional.com",
"crl2.netlock.hu",
"crl3.digicert.com",
"crl3.netlock.hu",
"crl4.digicert.com",
"crls.ssl.com",
"crlv1.harica.gr",
"depo.kamusm.gov.tr",
"epscd.catcert.net",
"ev.ocsp.quovadisglobal.com",
"ev2.ocsp.secomtrust.net",
"evcrl1.managedpki.com",
"evocsp1.managedpki.com",
"evsslocsp.twca.com.tw",
"fe.symcb.com",
"fe.symcd.com",
"fi.symcb.com",
"fi.symcd.com",
"fj.symcb.com",
"fj.symcd.com",
"g2ocsp.managedpki.com",
"g3ocsp.managedpki.com",
"gca.nat.gov.tw",
"gk.symcb.com",
"gk.symcd.com",
"gm.symcb.com",
"gm.symcd.com",
"gn.symcb.com",
"gn.symcd.com",
"gold-ev-g2.ocsp.swisssign.net",
"igc-g3.certinomis.com",
"jcsitlssignpublicca-ocsp.managedpki.ne.jp",
"ocsp-ssl.certificat2.com",
"ocsp.accv.es",
"ocsp.affirmtrust.com",
"ocsp.buypass.com",
"ocsp.buypass.no",
"ocsp.camerfirma.com",
"ocsp.catcert.cat",
"ocsp.certsign.ro",
"ocsp.cfca.com.cn",
"ocsp.comodoca.com",
"ocsp.digicert.com",
"ocsp.e-tugra.com",
"ocsp.entrust.net",
"ocsp.epki.external.trustcor.ca",
"ocsp.ev.hinet.net",
"ocsp.firmaprofesional.com",
"ocsp.godaddy.com",
"ocsp.harica.gr",
"ocsp.int-x3.letsencrypt.org",
"ocsp.izenpe.com",
"ocsp.netsolssl.com",
"ocsp.ovcf.ca3.infocert.it",
"ocsp.pki.goog",
"ocsp.quovadisglobal.com",
"ocsp.sca0a.amazontrust.com",
"ocsp.sca1a.amazontrust.com",
"ocsp.sca2a.amazontrust.com",
"ocsp.sca3a.amazontrust.com",
"ocsp.sca4a.amazontrust.com",
"ocsp.serverpass.telesec.de",
"ocsp.starfieldtech.com",
"ocsp.trust-provider.com",
"ocsp.trustcor.ca",
"ocsp.trustwave.com",
"ocsp.usertrust.com",
"ocsp.wisekey.com",
"ocsp03.sbca.telesec.de",
"ocsp09.actalis.it",
"ocsp1.hongkongpost.gov.hk",
"ocsp1.netlock.hu",
"ocsp1.trustisfps.com",
"ocsp2.globalsign.com",
"ocsp2.netlock.hu",
"ocsp2.wisekey.com",
"ocsp3.gdca.com.cn",
"ocsp3.netlock.hu",
"ocspap.cert.fnmt.es",
"ocsps.ssl.com",
"ocspssls1.kamusm.gov.tr",
"pki-crl.atos.net",
"pki-ocsp.atos.net",
"public.wisekey.com",
"repo1.secomtrust.net",
"repository.ev.hinet.net",
"rtcrl.managedpki.ne.jp",
"sh.symcb.com",
"sh.symcd.com",
"silver-server-g2.ocsp.swisssign.net",
"sn.symcb.com",
"sn.symcd.com",
"sr.symcb.com",
"sr.symcd.com",
"ss.symcb.com",
"ss.symcd.com",
"ssl-c3-ca1-2009.ocsp.d-trust.net",
"ssl-c3-ca1-ev-2009.ocsp.d-trust.net",
"ssl.ocsp.luxtrust.lu",
"sslca2014-crl1.e-szigno.hu",
"sslca2014-crl2.e-szigno.hu",
"sslca2014-crl3.e-szigno.hu",
"sslca2014-ocsp1.e-szigno.hu",
"sslca2014-ocsp2.e-szigno.hu",
"sslca2014-ocsp3.e-szigno.hu",
"sslserver.twca.com.tw",
"subcar2i2-ocsp.disig.sk",
"sureseries-crl.cybertrust.ne.jp",
"sureseries-ocsp.cybertrust.ne.jp",
"tf.symcb.com",
"tf.symcd.com",
"ti.symcb.com",
"ti.symcd.com",
"tq.symcb.com",
"tq.symcd.com",
"validation.identrust.com",
"www.accv.es",
"www.cert.fnmt.es",
"www.certinomis.com",
"www.certsign.ro",
"www.trustis.com"
],
"matching_attributes": [ "matching_attributes": [
"hostname", "hostname",
"domain", "domain",
@ -9,384 +387,6 @@
"domain|ip" "domain|ip"
], ],
"name": "CRL Warninglist", "name": "CRL Warninglist",
"version": 20190301, "type": "substring",
"description": "CRL Warninglist from threatstop (https://github.com/threatstop/crl-ocsp-whitelist/)", "version": 20190301
"list": [
"subcar2i2-ocsp.disig.sk",
"ocsp3.gdca.com.cn",
"ocsp.godaddy.com",
"crl.quovadisglobal.com",
"66.225.197.197",
"2001:4420:aa01:ff01:210:241:69:194",
"sslserver.twca.com.tw",
"2606:4700::6811:66af",
"104.16.92.188",
"ssl-c3-ca1-ev-2009.ocsp.d-trust.net",
"91.198.11.52",
"61.114.186.157",
"public.wisekey.com",
"18.194.140.191",
"tq.symcd.com",
"crl.trustcor.ca",
"epscd.catcert.net",
"fi.symcd.com",
"crl.cfca.com.cn",
"ss.symcd.com",
"60.250.3.156",
"sr.symcb.com",
"2620:108:700f::22d4:f675",
"ocsp.cfca.com.cn",
"195.77.23.49",
"ocsp1.trustisfps.com",
"crl.igc-g3.certinomis.com",
"104.16.93.188",
"184.73.226.63",
"ocsp2.globalsign.com",
"ev.ocsp.quovadisglobal.com",
"185.69.225.3",
"23.215.104.19",
"crl.camerfirma.com",
"ocsp.certsign.ro",
"153.149.96.48",
"crl.luxtrust.lu",
"104.91.166.98",
"2600:9000:2044:a200:3:6aa6:6180:21",
"crl1.netlock.hu",
"104.215.54.174",
"54.199.233.192",
"23.215.104.16",
"193.140.71.141",
"sslca2014-crl2.e-szigno.hu",
"tf.symcd.com",
"crl.firmaprofesional.com",
"crl3.digicert.com",
"2001:b031:1306:ff00::1010",
"ocsp.serverpass.telesec.de",
"2600:1407:21:2b3::1b01",
"13.33.164.100",
"72.21.91.29",
"2001:559:19:5400::173e:e378",
"ocsp.sca0a.amazontrust.com",
"93.92.105.23",
"194.140.59.23",
"gn.symcd.com",
"2606:4700::6811:69af",
"192.35.177.117",
"217.170.186.115",
"ssl.ocsp.luxtrust.lu",
"13.78.114.232",
"ocsp.camerfirma.com",
"crl.gdca.com.cn",
"2a00:17f0:1300:3285::3",
"cdn.d-trust-cloudcrl.net",
"crl.izenpe.com",
"2001:4542:2064:7::1013",
"ocsp.catcert.cat",
"silver-server-g2.ocsp.swisssign.net",
"210.151.42.156",
"153.149.98.42",
"2606:4700::6811:6aaf",
"ti.symcd.com",
"194.140.12.241",
"sr.symcd.com",
"202.32.255.81",
"2a00:17f0:1300:3285::2",
"213.61.227.196",
"evocsp1.managedpki.com",
"219.87.64.165",
"52.222.217.106",
"23.215.104.49",
"172.217.4.243",
"193.104.0.210",
"crl.swisssign.net",
"23.215.104.10",
"ocsp2.wisekey.com",
"tf.symcb.com",
"185.102.40.212",
"2600:9000:2044:4800:3:6aa6:6180:21",
"23.34.78.114",
"212.142.249.49",
"193.104.0.178",
"ocsp-ssl.certificat2.com",
"crlv1.harica.gr",
"23.5.251.27",
"sslca2014-ocsp2.e-szigno.hu",
"109.70.240.114",
"crl09.actalis.it",
"185.62.162.145",
"13.114.126.114",
"88.87.212.233",
"gk.symcd.com",
"104.16.91.188",
"195.80.175.39",
"2001:559:19:5400::173e:e380",
"crls.ssl.com",
"crl1.camerfirma.com",
"evsslocsp.twca.com.tw",
"91.198.11.87",
"ocsp03.sbca.telesec.de",
"104.16.90.188",
"23.215.104.65",
"60.250.3.135",
"2001:559:19:5c96::201a",
"13.33.164.164",
"www.certsign.ro",
"sslca2014-ocsp1.e-szigno.hu",
"212.31.61.106",
"46.29.101.84",
"jcsitlssignpublicca-ocsp.managedpki.ne.jp",
"crl.starfieldtech.com",
"185.62.162.144",
"104.91.166.112",
"2600:9000:2044:fc00:3:6aa6:6180:21",
"cdp2.disig.sk",
"crl.comodoca.com",
"104.91.166.89",
"153.149.17.219",
"ocsp.buypass.com",
"ocsp.int-x3.letsencrypt.org",
"2607:f8b0:4009:815::2013",
"fi.symcb.com",
"178.255.83.1",
"ev2.ocsp.secomtrust.net",
"52.222.217.144",
"104.17.106.175",
"194.145.83.79",
"216.58.216.78",
"192.35.177.155",
"50.63.243.229",
"ocsps.ssl.com",
"13.33.164.93",
"212.175.187.59",
"113.52.156.18",
"www.certinomis.com",
"116.92.128.12",
"23.215.104.27",
"sslca2014-crl3.e-szigno.hu",
"82.223.54.157",
"ssl-c3-ca1-2009.ocsp.d-trust.net",
"crl.sbca.telesec.de",
"193.42.222.125",
"depo.kamusm.gov.tr",
"ocsp1.netlock.hu",
"sh.symcb.com",
"gk.symcb.com",
"133.242.68.56",
"ocspap.cert.fnmt.es",
"2600:9000:2044:ae00:3:6aa6:6180:21",
"ocsp.sca1a.amazontrust.com",
"46.29.101.83",
"ocsp.sca4a.amazontrust.com",
"2001:559:19:5400::173e:e30b",
"46.29.101.81",
"23.4.43.27",
"ocsp2.netlock.hu",
"crl.trustwave.com",
"www.cert.fnmt.es",
"195.77.23.39",
"crl3.netlock.hu",
"219.127.237.69",
"46.137.183.10",
"ss.symcb.com",
"crl2.netlock.hu",
"195.95.167.129",
"23.215.104.35",
"80.79.96.210",
"crl.entrust.net",
"194.145.83.75",
"crl.godaddy.com",
"www.accv.es",
"crl1.e-tugra.com",
"91.120.239.74",
"153.127.215.13",
"ocsp.wisekey.com",
"crl.globalsign.com",
"91.194.146.110",
"cdp.elektronicznypodpis.pl",
"217.150.144.200",
"153.120.128.154",
"crl-ssl.certificat2.com",
"13.33.164.37",
"210.74.41.181",
"23.62.227.64",
"www.trustis.com",
"ocsp.izenpe.com",
"13.33.164.105",
"62.96.224.138",
"g2ocsp.managedpki.com",
"121.50.63.210",
"ocsp.usertrust.com",
"fe.symcb.com",
"193.140.71.35",
"185.33.53.5",
"sslca2014-ocsp3.e-szigno.hu",
"52.222.217.59",
"ti.symcb.com",
"195.80.175.7",
"13.33.164.7",
"2001:559:19:6483::201a",
"46.137.168.218",
"121.50.63.211",
"ocsp.digicert.com",
"119.145.171.215",
"50.63.243.228",
"ocsp.affirmtrust.com",
"crl.managedpki.com",
"59.106.216.193",
"crl.trust-provider.com",
"2606:4700::6811:68af",
"217.150.144.194",
"ocsp.accv.es",
"ocsp09.actalis.it",
"2001:559:19:5400::173e:e361",
"igc-g3.certinomis.com",
"23.215.104.113",
"cdp1.disig.sk",
"23.215.105.96",
"195.95.167.162",
"commercial.ocsp.identrust.com",
"91.83.236.157",
"crl1.hongkongpost.gov.hk",
"crl.certsign.ro",
"86.109.121.18",
"202.32.255.82",
"fj.symcd.com",
"sh.symcd.com",
"104.91.166.106",
"ocsp.ev.hinet.net",
"fj.symcb.com",
"185.69.225.4",
"52.207.77.222",
"sureseries-crl.cybertrust.ne.jp",
"crl.pki.goog",
"119.145.171.206",
"219.87.64.186",
"gold-ev-g2.ocsp.swisssign.net",
"crl.usertrust.com",
"133.242.50.38",
"2620:108:700f::3426:765e",
"ocsp.harica.gr",
"192.35.177.153",
"sn.symcd.com",
"ocsp.netsolssl.com",
"crl.netsolssl.com",
"52.222.217.88",
"91.121.147.17",
"ocspssls1.kamusm.gov.tr",
"217.170.186.113",
"2606:4700::6810:5abc",
"185.102.40.23",
"93.92.105.115",
"ocsp.ovcf.ca3.infocert.it",
"gn.symcb.com",
"ocsp.starfieldtech.com",
"116.92.128.34",
"ocsp.entrust.net",
"212.31.61.102",
"crl2.firmaprofesional.com",
"ocsp.buypass.no",
"104.91.166.82",
"212.175.187.26",
"ocsp.trustwave.com",
"fe.symcd.com",
"104.17.104.175",
"23.62.227.72",
"217.150.144.202",
"ocsp.comodoca.com",
"2620:108:700f::22d6:45ab",
"sslca2014-crl1.e-szigno.hu",
"ocsp.pki.goog",
"ocsp.e-tugra.com",
"gm.symcd.com",
"2606:4700::6810:5dbc",
"212.175.187.27",
"crl.serverpass.telesec.de",
"pki-crl.atos.net",
"13.33.164.223",
"104.17.102.175",
"193.27.6.240",
"210.241.69.194",
"2001:b031:1306:ff00::1013",
"50.63.243.230",
"46.29.101.82",
"ocsp.trust-provider.com",
"213.162.193.244",
"crl.e-tugra.com",
"ocsp.epki.external.trustcor.ca",
"155.207.94.23",
"23.62.227.9",
"ocsp.firmaprofesional.com",
"133.242.48.24",
"tq.symcb.com",
"104.16.89.188",
"2606:4700::6810:59bc",
"validation.identrust.com",
"ocsp.sca3a.amazontrust.com",
"91.198.11.79",
"sureseries-ocsp.cybertrust.ne.jp",
"153.127.216.172",
"2600:9000:2044:f800:3:6aa6:6180:21",
"61.203.134.55",
"2607:f8b0:4009:816::200e",
"210.74.41.123",
"crl.affirmtrust.com",
"104.17.105.175",
"155.207.94.25",
"52.219.73.78",
"2600:9000:2044:bc00:3:6aa6:6180:21",
"104.215.29.84",
"ocsp3.netlock.hu",
"repository.ev.hinet.net",
"2600:9000:2044:e200:3:6aa6:6180:21",
"151.101.46.133",
"2a04:4e42:2c::645",
"195.80.175.18",
"evcrl1.managedpki.com",
"194.30.48.30",
"2607:f8b0:4009:80d::200e",
"213.162.193.245",
"35.163.43.72",
"2001:559:19:5c98::201a",
"104.41.179.244",
"88.87.212.243",
"g3ocsp.managedpki.com",
"2a02:1788:2fd::b2ff:5301",
"210.71.154.56",
"13.33.164.236",
"52.239.142.228",
"2606:4700::6811:67af",
"104.91.166.96",
"23.54.187.27",
"ocsp1.hongkongpost.gov.hk",
"2001:4542:2064:7::1010",
"crl.buypass.no",
"pki-ocsp.atos.net",
"195.95.167.163",
"crl.d-trust.net",
"2606:4700::6810:5cbc",
"crl4.digicert.com",
"crl.infocert.it",
"2a04:4e42:b::645",
"213.229.84.216",
"2600:9000:2044:ec00:3:6aa6:6180:21",
"ocsp.sca2a.amazontrust.com",
"sn.symcb.com",
"2606:4700::6810:5bbc",
"2001:559:19:e000::b854:f46a",
"2600:1407:21:2a1::1b01",
"repo1.secomtrust.net",
"rtcrl.managedpki.ne.jp",
"172.217.1.46",
"ocsp.quovadisglobal.com",
"104.17.103.175",
"2001:559:19:5400::173e:e36a",
"aces.ocsp.identrust.com",
"gm.symcb.com",
"2001:559:19:5400::173e:e319",
"2001:559:19:648f::201a",
"gca.nat.gov.tw",
"80.79.96.44",
"ocsp.trustcor.ca",
"153.149.154.120"
]
} }

View File

@ -1,26 +1,26 @@
{ {
"name": "List of known dax30 webpages",
"version": 1,
"description": "Event contains one or more entries of known dax30 webpages", "description": "Event contains one or more entries of known dax30 webpages",
"list": [
".bmw.de",
".deutsche-boerse.com",
".innogy.com",
".linde.de",
".lufthansa.com",
".rwe.com",
".siemens.com",
".t-mobile.de",
".t-systems.com",
".telekom.com",
".telekom.de",
".the-linde-group.com",
".volkswagen.de"
],
"matching_attributes": [ "matching_attributes": [
"domain", "domain",
"hostname", "hostname",
"domain|ip" "domain|ip"
], ],
"name": "List of known dax30 webpages",
"type": "hostname", "type": "hostname",
"list": [ "version": 1
".telekom.com",
".telekom.de",
".t-systems.com",
".t-mobile.de",
".innogy.com",
".linde.de",
".the-linde-group.com",
".deutsche-boerse.com",
".lufthansa.com",
".rwe.com",
".siemens.com",
".volkswagen.de",
".bmw.de"
]
} }

View File

@ -1,7 +1,22 @@
{ {
"name": "List of hashes for EICAR test virus",
"version": 2,
"description": "Event contains one or more entries based on hashes for EICAR test virus", "description": "Event contains one or more entries based on hashes for EICAR test virus",
"list": [
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"3395856ce81f2b7382dee72602f798b642f14140",
"44d88612fea8a8f36de82e1278abb02f",
"6ce6f415d8475545be5ba114f208b0ff",
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe",
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
"e4968ef99266df7c9a1f0637d2389dab"
],
"matching_attributes": [ "matching_attributes": [
"md5", "md5",
"sha1", "sha1",
@ -12,22 +27,7 @@
"filename|sha256", "filename|sha256",
"filename|sha512" "filename|sha512"
], ],
"name": "List of hashes for EICAR test virus",
"type": "string", "type": "string",
"list": [ "version": 2
"44d88612fea8a8f36de82e1278abb02f",
"6ce6f415d8475545be5ba114f208b0ff",
"e4968ef99266df7c9a1f0637d2389dab",
"3395856ce81f2b7382dee72602f798b642f14140",
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe"
]
} }

View File

@ -1,7 +1,13 @@
{ {
"name": "List of known hashes for empty files",
"version": 3,
"description": "Event contains one or more entries of empty files based on known hashed", "description": "Event contains one or more entries of empty files based on known hashed",
"list": [
"3::",
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
"d41d8cd98f00b204e9800998ecf8427e",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"matching_attributes": [ "matching_attributes": [
"md5", "md5",
"sha1", "sha1",
@ -16,13 +22,7 @@
"ssdeep", "ssdeep",
"filename|ssdeep" "filename|ssdeep"
], ],
"name": "List of known hashes for empty files",
"type": "string", "type": "string",
"list": [ "version": 3
"d41d8cd98f00b204e9800998ecf8427e",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"3::"
]
} }

View File

@ -1,32 +1,32 @@
{ {
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )",
"list": [ "list": [
"108.177.8.0/21",
"172.217.0.0/19",
"173.194.0.0/16",
"2001:4860:4000::/36",
"207.126.144.0/20",
"209.85.128.0/17",
"216.239.32.0/19",
"216.58.192.0/19",
"2404:6800:4000::/36",
"2607:f8b0:4000::/36",
"2800:3f0:4000::/36",
"2a00:1450:4000::/36",
"2c0f:fb50:4000::/36",
"64.18.0.0/20", "64.18.0.0/20",
"64.233.160.0/19", "64.233.160.0/19",
"66.102.0.0/20", "66.102.0.0/20",
"66.249.80.0/20", "66.249.80.0/20",
"72.14.192.0/18", "72.14.192.0/18",
"74.125.0.0/16", "74.125.0.0/16"
"108.177.8.0/21",
"172.217.0.0/19",
"173.194.0.0/16",
"207.126.144.0/20",
"209.85.128.0/17",
"216.58.192.0/19",
"216.239.32.0/19",
"2001:4860:4000::/36",
"2404:6800:4000::/36",
"2607:f8b0:4000::/36",
"2800:3f0:4000::/36",
"2a00:1450:4000::/36",
"2c0f:fb50:4000::/36"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-dst", "ip-dst",
"ip-src", "ip-src",
"domain|ip" "domain|ip"
], ],
"name": "List of known gmail sending IP ranges", "name": "List of known gmail sending IP ranges",
"version": 20190809, "type": "cidr",
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )" "version": 20190809
} }

View File

@ -1,131 +1,36 @@
{ {
"name": "List of known google domains",
"version": 4,
"description": "Event contains one or more entries of known google domains", "description": "Event contains one or more entries of known google domains",
"type": "hostname",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"list": [ "list": [
"1e100.net",
"466453.com",
"abc.xyz",
"admob.com",
"adsense.com",
"advertisercommunity.com",
"adwords.com",
"ai.google",
"android.com",
"blogger.com",
"blog.google",
"blogspot.com",
"capitalg.com",
"chromebook.com",
"chromecast.com",
"chrome.com",
"chromium.org",
"cobrasearch.com",
"com.google",
"domains.google",
"doubleclickbygoogle.com",
"doubleclick.com",
"duck.com",
"elgoog.im",
"feedburner.com",
"foofle.com",
"froogle.com",
"g.co",
"ggpht.com",
"gmail.com",
"gmodules.com",
"gogle.com",
"gogole.com",
"googel.com",
"googil.com",
"goo.gl",
"googl.com",
"google.ac",
".google.ad", ".google.ad",
"google.ad",
"googleadservices.com",
".google.ae", ".google.ae",
"google.ae",
"google.af",
"google.ag",
"google.ai",
".google.al", ".google.al",
"google.al",
".google.am", ".google.am",
"google.am",
"google-analytics.com",
"google.ao",
"googleapis.com",
"googleapps.com",
"google.ar",
"googlearth.com",
".google.as", ".google.as",
"google.as",
".google.at", ".google.at",
"google.at",
"google.au",
".google.az", ".google.az",
"google.az",
".google.ba", ".google.ba",
"google.ba",
"google.bd",
".google.be", ".google.be",
"google.be",
".google.bf", ".google.bf",
"google.bf",
".google.bg", ".google.bg",
"google.bg",
"google.bh",
".google.bi", ".google.bi",
"google.bi",
".google.bj", ".google.bj",
"google.bj",
"google.bn",
"google.bo",
"googlebot.com",
"google.br",
".google.bs", ".google.bs",
"google.bs",
".google.bt", ".google.bt",
"google.bt",
"google.bw",
".google.by", ".google.by",
"google.by",
"google.bz",
".google.ca", ".google.ca",
"google.ca",
".google.cat", ".google.cat",
"google.cat",
"google.cc",
".google.cd", ".google.cd",
"google.cd",
".google.cf", ".google.cf",
"google.cf",
".google.cg", ".google.cg",
"google.cg",
".google.ch", ".google.ch",
"google.ch",
".google.ci", ".google.ci",
"google.ci",
"google.ck",
".google.cl", ".google.cl",
"google.cl",
".google.cm", ".google.cm",
"google.cm",
".google.cn", ".google.cn",
"google.cn",
"google.co",
".google.co.ao", ".google.co.ao",
".google.co.bw", ".google.co.bw",
".google.co.ck", ".google.co.ck",
".google.co.cr", ".google.co.cr",
"googlecode.com",
".google.co.id", ".google.co.id",
".google.co.il", ".google.co.il",
".google.co.in", ".google.co.in",
@ -133,9 +38,20 @@
".google.co.ke", ".google.co.ke",
".google.co.kr", ".google.co.kr",
".google.co.ls", ".google.co.ls",
".google.com",
"google.com",
".google.co.ma", ".google.co.ma",
".google.co.mz",
".google.co.nz",
".google.co.th",
".google.co.tz",
".google.co.ug",
".google.co.uk",
".google.co.uz",
".google.co.ve",
".google.co.vi",
".google.co.za",
".google.co.zm",
".google.co.zw",
".google.com",
".google.com.af", ".google.com.af",
".google.com.ag", ".google.com.ag",
".google.com.ai", ".google.com.ai",
@ -164,7 +80,6 @@
".google.com.kw", ".google.com.kw",
".google.com.lb", ".google.com.lb",
".google.com.ly", ".google.com.ly",
"googlecommerce.com",
".google.com.mm", ".google.com.mm",
".google.com.mt", ".google.com.mt",
".google.com.mx", ".google.com.mx",
@ -195,249 +110,312 @@
".google.com.uy", ".google.com.uy",
".google.com.vc", ".google.com.vc",
".google.com.vn", ".google.com.vn",
".google.co.mz", ".google.cv",
".google.co.nz", ".google.cz",
".google.co.th", ".google.de",
".google.co.tz", ".google.dj",
".google.co.ug", ".google.dk",
".google.co.uk", ".google.dm",
".google.co.uz", ".google.dz",
".google.co.ve", ".google.ee",
".google.co.vi", ".google.es",
".google.co.za", ".google.fi",
".google.co.zm", ".google.fm",
".google.co.zw", ".google.fr",
".google.ga",
".google.ge",
".google.gg",
".google.gl",
".google.gm",
".google.gp",
".google.gr",
".google.gy",
".google.hn",
".google.hr",
".google.ht",
".google.hu",
".google.ie",
".google.im",
".google.iq",
".google.is",
".google.it",
".google.je",
".google.jo",
".google.kg",
".google.ki",
".google.kz",
".google.la",
".google.li",
".google.lk",
".google.lt",
".google.lu",
".google.lv",
".google.md",
".google.me",
".google.mg",
".google.mk",
".google.ml",
".google.mn",
".google.ms",
".google.mu",
".google.mv",
".google.mw",
".google.ne",
".google.nl",
".google.no",
".google.nr",
".google.nu",
".google.pl",
".google.pn",
".google.ps",
".google.pt",
".google.ro",
".google.rs",
".google.ru",
".google.rw",
".google.sc",
".google.se",
".google.sh",
".google.si",
".google.sk",
".google.sm",
".google.sn",
".google.so",
".google.sr",
".google.st",
".google.td",
".google.tg",
".google.tk",
".google.tl",
".google.tm",
".google.tn",
".google.to",
".google.tt",
".google.vg",
".google.vu",
".google.ws",
"1e100.net",
"466453.com",
"abc.xyz",
"admob.com",
"adsense.com",
"advertisercommunity.com",
"adwords.com",
"ai.google",
"android.com",
"blog.google",
"blogger.com",
"blogspot.com",
"capitalg.com",
"chrome.com",
"chromebook.com",
"chromecast.com",
"chromium.org",
"cobrasearch.com",
"com.google",
"domains.google",
"doubleclick.com",
"doubleclickbygoogle.com",
"duck.com",
"elgoog.im",
"feedburner.com",
"foofle.com",
"froogle.com",
"g.co",
"ggpht.com",
"gmail.com",
"gmodules.com",
"gogle.com",
"gogole.com",
"goo.gl",
"googel.com",
"googil.com",
"googl.com",
"google-analytics.com",
"google.ac",
"google.ad",
"google.ae",
"google.af",
"google.ag",
"google.ai",
"google.al",
"google.am",
"google.ao",
"google.ar",
"google.as",
"google.at",
"google.au",
"google.az",
"google.ba",
"google.bd",
"google.be",
"google.bf",
"google.bg",
"google.bh",
"google.bi",
"google.bj",
"google.bn",
"google.bo",
"google.br",
"google.bs",
"google.bt",
"google.bw",
"google.by",
"google.bz",
"google.ca",
"google.cat",
"google.cc",
"google.cd",
"google.cf",
"google.cg",
"google.ch",
"google.ci",
"google.ck",
"google.cl",
"google.cm",
"google.cn",
"google.co",
"google.com",
"google.cr", "google.cr",
"google.cu", "google.cu",
".google.cv",
"google.cv", "google.cv",
"google.cx", "google.cx",
"google.cy", "google.cy",
".google.cz",
"google.cz", "google.cz",
".google.de",
"google.de", "google.de",
".google.dj",
"google.dj", "google.dj",
".google.dk",
"google.dk", "google.dk",
".google.dm",
"google.dm", "google.dm",
"google.do", "google.do",
"googledrive.com",
".google.dz",
"google.dz", "google.dz",
"googleearth.com",
"google.ec", "google.ec",
"googlee.com",
".google.ee",
"google.ee", "google.ee",
"google.eg", "google.eg",
".google.es",
"google.es", "google.es",
"google.et", "google.et",
"google.eu", "google.eu",
".google.fi",
"google.fi", "google.fi",
"google.fj", "google.fj",
".google.fm",
"google.fm", "google.fm",
".google.fr",
"google.fr", "google.fr",
".google.ga",
"google.ga", "google.ga",
".google.ge",
"google.ge", "google.ge",
"google.gf", "google.gf",
".google.gg",
"google.gg", "google.gg",
"google.gh", "google.gh",
"google.gi", "google.gi",
".google.gl",
"google.gl", "google.gl",
".google.gm",
"google.gm", "google.gm",
".google.gp",
"google.gp", "google.gp",
".google.gr",
"google.gr", "google.gr",
"google.gt", "google.gt",
".google.gy",
"google.gy", "google.gy",
"google.hk", "google.hk",
".google.hn",
"google.hn", "google.hn",
".google.hr",
"google.hr", "google.hr",
".google.ht",
"google.ht", "google.ht",
".google.hu",
"google.hu", "google.hu",
"google.id", "google.id",
".google.ie",
"google.ie", "google.ie",
"google.il", "google.il",
".google.im",
"google.im", "google.im",
"google.in", "google.in",
"google.io", "google.io",
".google.iq",
"google.iq", "google.iq",
".google.is",
"google.is", "google.is",
".google.it",
"google.it", "google.it",
".google.je",
"google.je", "google.je",
"google.jm", "google.jm",
".google.jo",
"google.jo", "google.jo",
"google.jp", "google.jp",
"google.ke", "google.ke",
".google.kg",
"google.kg", "google.kg",
"google.kh", "google.kh",
".google.ki",
"google.ki", "google.ki",
"google.kr", "google.kr",
"google.kw", "google.kw",
".google.kz",
"google.kz", "google.kz",
".google.la",
"google.la", "google.la",
"google.lb", "google.lb",
"google.lc", "google.lc",
".google.li",
"google.li", "google.li",
".google.lk",
"google.lk", "google.lk",
"google.ls", "google.ls",
".google.lt",
"google.lt", "google.lt",
".google.lu",
"google.lu", "google.lu",
".google.lv",
"google.lv", "google.lv",
"google.ly", "google.ly",
"google.ma", "google.ma",
"googlemail.com",
"googlemaps.com",
".google.md",
"google.md", "google.md",
".google.me",
"google.me", "google.me",
".google.mg",
"google.mg", "google.mg",
".google.mk",
"google.mk", "google.mk",
".google.ml",
"google.ml", "google.ml",
"google.mm", "google.mm",
".google.mn",
"google.mn", "google.mn",
".google.ms",
"google.ms", "google.ms",
"google.mt", "google.mt",
".google.mu",
"google.mu", "google.mu",
".google.mv",
"google.mv", "google.mv",
".google.mw",
"google.mw", "google.mw",
"google.mx", "google.mx",
"google.my", "google.my",
"google.mz", "google.mz",
"google.na", "google.na",
".google.ne",
"google.ne", "google.ne",
"google.net", "google.net",
"google.nf", "google.nf",
"google.ng", "google.ng",
"google.ni", "google.ni",
".google.nl",
"google.nl", "google.nl",
".google.no",
"google.no", "google.no",
"google.np", "google.np",
".google.nr",
"google.nr", "google.nr",
".google.nu",
"google.nu", "google.nu",
"google.nz", "google.nz",
"google.om", "google.om",
"google.org", "google.org",
"google.pa", "google.pa",
"googlepagecreator.com",
"google.pe", "google.pe",
"google.pg", "google.pg",
"google.ph", "google.ph",
"google.pk", "google.pk",
".google.pl",
"google.pl", "google.pl",
".google.pn",
"google.pn", "google.pn",
"google.pr", "google.pr",
".google.ps",
"google.ps", "google.ps",
".google.pt",
"google.pt", "google.pt",
"google.py", "google.py",
"google.qa", "google.qa",
".google.ro",
"google.ro", "google.ro",
".google.rs",
"google.rs", "google.rs",
".google.ru",
"google.ru", "google.ru",
".google.rw",
"google.rw", "google.rw",
"google.sa", "google.sa",
"google.sb", "google.sb",
".google.sc",
"google.sc", "google.sc",
"googlescholar.com",
".google.se",
"google.se", "google.se",
"google.sg", "google.sg",
".google.sh",
"google.sh", "google.sh",
".google.si",
"google.si", "google.si",
".google.sk",
"google.sk", "google.sk",
"google.sl", "google.sl",
".google.sm",
"google.sm", "google.sm",
".google.sn",
"google.sn", "google.sn",
".google.so",
"google.so", "google.so",
"googlesource.com",
".google.sr",
"google.sr", "google.sr",
".google.st",
"google.st", "google.st",
"google.sv", "google.sv",
"googlesyndication.com",
"googletagmanager.com",
".google.td",
"google.td", "google.td",
".google.tg",
"google.tg", "google.tg",
"google.th", "google.th",
"google.tj", "google.tj",
".google.tk",
"google.tk", "google.tk",
".google.tl",
"google.tl", "google.tl",
".google.tm",
"google.tm", "google.tm",
".google.tn",
"google.tn", "google.tn",
".google.to",
"google.to", "google.to",
"google.tr", "google.tr",
".google.tt",
"google.tt", "google.tt",
"google.tw", "google.tw",
"google.tz", "google.tz",
@ -445,22 +423,36 @@
"google.ug", "google.ug",
"google.uk", "google.uk",
"google.us", "google.us",
"googleusercontent.com",
"google.uy", "google.uy",
"google.uz", "google.uz",
"google.vc", "google.vc",
"google.ve", "google.ve",
".google.vg",
"google.vg", "google.vg",
"google.vi", "google.vi",
"google.vn", "google.vn",
".google.vu",
"google.vu", "google.vu",
".google.ws",
"google.ws", "google.ws",
"google.za", "google.za",
"google.zm", "google.zm",
"google.zw", "google.zw",
"googleadservices.com",
"googleapis.com",
"googleapps.com",
"googlearth.com",
"googlebot.com",
"googlecode.com",
"googlecommerce.com",
"googledrive.com",
"googlee.com",
"googleearth.com",
"googlemail.com",
"googlemaps.com",
"googlepagecreator.com",
"googlescholar.com",
"googlesource.com",
"googlesyndication.com",
"googletagmanager.com",
"googleusercontent.com",
"googlr.com", "googlr.com",
"goolge.com", "goolge.com",
"gooogle.com", "gooogle.com",
@ -511,8 +503,20 @@
"www.google.co.ke", "www.google.co.ke",
"www.google.co.kr", "www.google.co.kr",
"www.google.co.ls", "www.google.co.ls",
"www.google.com",
"www.google.co.ma", "www.google.co.ma",
"www.google.co.mz",
"www.google.co.nz",
"www.google.co.th",
"www.google.co.tz",
"www.google.co.ug",
"www.google.co.uk",
"www.google.co.uz",
"www.google.co.ve",
"www.google.co.vi",
"www.google.co.za",
"www.google.co.zm",
"www.google.co.zw",
"www.google.com",
"www.google.com.af", "www.google.com.af",
"www.google.com.ag", "www.google.com.ag",
"www.google.com.ai", "www.google.com.ai",
@ -571,18 +575,6 @@
"www.google.com.uy", "www.google.com.uy",
"www.google.com.vc", "www.google.com.vc",
"www.google.com.vn", "www.google.com.vn",
"www.google.co.mz",
"www.google.co.nz",
"www.google.co.th",
"www.google.co.tz",
"www.google.co.ug",
"www.google.co.uk",
"www.google.co.uz",
"www.google.co.ve",
"www.google.co.vi",
"www.google.co.za",
"www.google.co.zm",
"www.google.co.zw",
"www.google.cv", "www.google.cv",
"www.google.cz", "www.google.cz",
"www.google.de", "www.google.de",
@ -668,11 +660,19 @@
"www.google.vu", "www.google.vu",
"www.google.ws", "www.google.ws",
"youtu.be", "youtu.be",
"youtube-nocookie.com",
"youtube.com", "youtube.com",
"youtubeeducation.com", "youtubeeducation.com",
"youtubegaming.com", "youtubegaming.com",
"youtube-nocookie.com",
"yt.be", "yt.be",
"ytimg.com" "ytimg.com"
] ],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known google domains",
"type": "hostname",
"version": 4
} }

View File

@ -1,26 +1,8 @@
{ {
"description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )",
"list": [ "list": [
"64.68.90.0/24",
"64.233.173.193/32",
"64.233.173.194/31",
"64.233.173.196/30",
"64.233.173.200/29",
"64.233.173.208/28",
"64.233.173.224/27",
"66.249.64.1/32",
"66.249.64.2/31",
"66.249.64.4/30",
"66.249.64.8/29",
"66.249.64.16/28",
"66.249.64.32/27",
"66.249.64.64/26",
"66.249.64.128/25",
"66.249.65.0/24",
"66.249.66.0/23",
"66.249.68.0/22",
"66.249.72.0/21",
"216.239.33.96/27",
"216.239.33.128/25", "216.239.33.128/25",
"216.239.33.96/27",
"216.239.34.0/23", "216.239.34.0/23",
"216.239.36.0/22", "216.239.36.0/22",
"216.239.40.0/21", "216.239.40.0/21",
@ -28,15 +10,33 @@
"216.239.56.0/23", "216.239.56.0/23",
"216.239.58.0/24", "216.239.58.0/24",
"216.239.59.0/25", "216.239.59.0/25",
"216.239.59.128/32" "216.239.59.128/32",
"64.233.173.193/32",
"64.233.173.194/31",
"64.233.173.196/30",
"64.233.173.200/29",
"64.233.173.208/28",
"64.233.173.224/27",
"64.68.90.0/24",
"66.249.64.1/32",
"66.249.64.128/25",
"66.249.64.16/28",
"66.249.64.2/31",
"66.249.64.32/27",
"66.249.64.4/30",
"66.249.64.64/26",
"66.249.64.8/29",
"66.249.65.0/24",
"66.249.66.0/23",
"66.249.68.0/22",
"66.249.72.0/21"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-dst", "ip-dst",
"ip-src", "ip-src",
"domain|ip" "domain|ip"
], ],
"name": "List of known Googlebot IP ranges", "name": "List of known Googlebot IP ranges",
"version": 20190724, "type": "cidr",
"description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )" "version": 20190724
} }

View File

@ -1,14 +1,14 @@
{ {
"description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
"list": [ "list": [
"FE80::/10" "FE80::/10"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)", "name": "List of IPv6 link local blocks",
"version": 2, "type": "cidr",
"name": "List of IPv6 link local blocks" "version": 2
} }

View File

@ -1,12 +1,5 @@
{ {
"name": "Top 10K websites from Majestic Million",
"version": 20200203,
"description": "Event contains one or more entries from the top 10K of the most used websites (Majestic Million - 10K).", "description": "Event contains one or more entries from the top 10K of the most used websites (Majestic Million - 10K).",
"matching_attributes": [
"hostname",
"domain"
],
"type": "hostname",
"list": [ "list": [
"00-tv.com", "00-tv.com",
"000webhost.com", "000webhost.com",
@ -10008,5 +10001,12 @@
"zyxel.com", "zyxel.com",
"zzu.edu.cn", "zzu.edu.cn",
"zzz.com.ua" "zzz.com.ua"
] ],
"matching_attributes": [
"hostname",
"domain"
],
"name": "Top 10K websites from Majestic Million",
"type": "hostname",
"version": 20200203
} }

View File

@ -1,4 +1,18 @@
{ {
"description": "Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence",
"list": [
"52.168.52.134",
"portal.docdeliveryapp.com",
"portal.docdeliveryapp.net",
"portal.docstoreinternal.com",
"portal.hardwarecheck.net",
"portal.hrsupportint.com",
"portal.payrolltooling.com",
"portal.payrolltooling.net",
"portal.prizegiveaway.net",
"portal.prizesforall.com",
"securescore-user-prod.cloudapp.net"
],
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
@ -6,21 +20,7 @@
"domain|ip", "domain|ip",
"hostname" "hostname"
], ],
"version": 20180711,
"list": [
"52.168.52.134",
"securescore-user-prod.cloudapp.net",
"portal.docdeliveryapp.com",
"portal.hardwarecheck.net",
"portal.payrolltooling.com",
"portal.docdeliveryapp.net",
"portal.docstoreinternal.com",
"portal.prizesforall.com",
"portal.payrolltooling.net",
"portal.prizegiveaway.net",
"portal.hrsupportint.com"
],
"name": "List of known Office 365 Attack Simulator used for phishing awareness campaigns", "name": "List of known Office 365 Attack Simulator used for phishing awareness campaigns",
"description": "Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence", "type": "substring",
"type": "substring" "version": 20180711
} }

View File

@ -1,6 +1,5 @@
{ {
"description": "Microsoft Azure Datacenter IP Ranges", "description": "Microsoft Azure Datacenter IP Ranges",
"type": "cidr",
"list": [ "list": [
"104.208.0.0/19", "104.208.0.0/19",
"104.208.128.0/17", "104.208.128.0/17",
@ -1956,6 +1955,7 @@
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"version": 20171229, "name": "List of known Microsoft Azure Datacenter IP Ranges",
"name": "List of known Microsoft Azure Datacenter IP Ranges" "type": "cidr",
"version": 20171229
} }

View File

@ -1,6 +1,5 @@
{ {
"type": "cidr", "description": "Office 365 IP address ranges in China",
"name": "List of known Office 365 IP address ranges in China",
"list": [ "list": [
"139.217.0.0/19", "139.217.0.0/19",
"139.217.128.0/19", "139.217.128.0/19",
@ -76,11 +75,12 @@
"42.159.80.0/20", "42.159.80.0/20",
"42.159.96.0/19" "42.159.96.0/19"
], ],
"description": "Office 365 IP address ranges in China",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"name": "List of known Office 365 IP address ranges in China",
"type": "cidr",
"version": 20171229 "version": 20171229
} }

View File

@ -1,42 +1,58 @@
{ {
"name": "List of known Windows 10 connection endpoints",
"version": 1,
"description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)", "description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)",
"type": "hostname",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"list": [ "list": [
".1.msftsrvcs.vo.llnwi.net", ".1.msftsrvcs.vo.llnwi.net",
".a-msedge.net",
".akamai.net",
".akamaiedge.net",
".b.akamaiedge.net",
".blob.core.windows.net",
".c-msedge.net",
".delivery.dsp.mp.microsoft.com.nsatc.net",
".dl.delivery.mp.microsoft.com",
".dscb1.akamaiedge.net",
".dscd.akamai.net",
".dspb.akamaiedge.net",
".dspg.akamaiedge.net",
".dspw65.akamai.net",
".e-msedge.net",
".g.akamai.net",
".g.akamaiedge.net",
".hwcdn.net",
".l.windowsupdate.com",
".login.msa.akadns6.net",
".m1-msedge.net",
".prod.do.dsp.mp.microsoft.com",
".s-msedge.net",
".search.msn.com",
".telecommand.telemetry.microsoft.com.akadns.net",
".tlu.dl.delivery.mp.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
".wac.edgecastcdn.net",
".wac.phicdn.net",
".windowsupdate.com",
".wns.windows.com",
"2.dl.delivery.mp.microsoft.com", "2.dl.delivery.mp.microsoft.com",
"2.tlu.dl.delivery.mp.microsoft.com", "2.tlu.dl.delivery.mp.microsoft.com",
"3.dl.delivery.mp.microsoft.com", "3.dl.delivery.mp.microsoft.com",
"3.dl.delivery.mp.microsoft.com.c.footprint.net", "3.dl.delivery.mp.microsoft.com.c.footprint.net",
"3.tlu.dl.delivery.mp.microsoft.com", "3.tlu.dl.delivery.mp.microsoft.com",
"3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net", "3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
"a-ring.msedge.net",
"a122.dscd.akamai.net", "a122.dscd.akamai.net",
"a1621.g.akamai.net", "a1621.g.akamai.net",
".akamaiedge.net",
".akamai.net",
".a-msedge.net",
"arc.msn.com", "arc.msn.com",
"arc.msn.com.nsatc.net", "arc.msn.com.nsatc.net",
"a-ring.msedge.net",
"au.download.windowsupdate.com", "au.download.windowsupdate.com",
"auth.gfx.ms", "auth.gfx.ms",
".b.akamaiedge.net",
"bing.com",
".blob.core.windows.net",
"blob.weather.microsoft.com",
"b-ring.msedge.net", "b-ring.msedge.net",
"bing.com",
"blob.weather.microsoft.com",
"candycrushsoda.king.com", "candycrushsoda.king.com",
"cdn.content.prod.cms.msn.com", "cdn.content.prod.cms.msn.com",
"cdn.onenote.net", "cdn.onenote.net",
"cds.d2s7q6s2.hwcdn.net", "cds.d2s7q6s2.hwcdn.net",
"client-office365-tas.msedge.net", "client-office365-tas.msedge.net",
".c-msedge.net",
"co4.telecommand.telemetry.microsoft.com.akadns.net", "co4.telecommand.telemetry.microsoft.com.akadns.net",
"config.edge.skype.com", "config.edge.skype.com",
"cs12.wpc.v0cdn.net", "cs12.wpc.v0cdn.net",
@ -47,22 +63,14 @@
"cy2.settings.data.microsoft.com.akadns.net", "cy2.settings.data.microsoft.com.akadns.net",
"cy2.vortex.data.microsoft.com.akadns.net", "cy2.vortex.data.microsoft.com.akadns.net",
"definitionupdates.microsoft.com", "definitionupdates.microsoft.com",
".delivery.dsp.mp.microsoft.com.nsatc.net",
"displaycatalog.mp.microsoft.com", "displaycatalog.mp.microsoft.com",
".dl.delivery.mp.microsoft.com",
"dl.delivery.mp.microsoft.com", "dl.delivery.mp.microsoft.com",
"dm3p.wns.notify.windows.com.akadns.net", "dm3p.wns.notify.windows.com.akadns.net",
"dmd.metaservices.microsoft.com", "dmd.metaservices.microsoft.com",
"dmd.metaservices.microsoft.com.akadns.net", "dmd.metaservices.microsoft.com.akadns.net",
"download.windowsupdate.com", "download.windowsupdate.com",
".dscb1.akamaiedge.net",
".dscd.akamai.net",
".dspb.akamaiedge.net",
".dspg.akamaiedge.net",
".dspw65.akamai.net",
"dual-a-0001.a-msedge.net", "dual-a-0001.a-msedge.net",
"emdl.ws.microsoft.com", "emdl.ws.microsoft.com",
".e-msedge.net",
"evoke-windowsservices-tas.msedge.net", "evoke-windowsservices-tas.msedge.net",
"fe2.update.microsoft.com", "fe2.update.microsoft.com",
"fe2.update.microsoft.com.nsatc.net", "fe2.update.microsoft.com.nsatc.net",
@ -71,37 +79,31 @@
"fg.download.windowsupdate.com.c.footprint.net", "fg.download.windowsupdate.com.c.footprint.net",
"fp.msedge.net", "fp.msedge.net",
"fs.microsoft.com", "fs.microsoft.com",
".g.akamaiedge.net",
"g.akamaiedge.net", "g.akamaiedge.net",
".g.akamai.net", "g.live.com",
"g.msn.com",
"g.msn.com.nsatc.net",
"geo-prod.do.dsp.mp.microsoft.com", "geo-prod.do.dsp.mp.microsoft.com",
"geo-prod.do.dsp.mp.microsoft.com.nsatc.net", "geo-prod.do.dsp.mp.microsoft.com.nsatc.net",
"geo-prod.dodsp.mp.microsoft.com.nsatc.net", "geo-prod.dodsp.mp.microsoft.com.nsatc.net",
"geover-prod.do.dsp.mp.microsoft.com", "geover-prod.do.dsp.mp.microsoft.com",
"g.live.com",
"g.msn.com",
"g.msn.com.nsatc.net",
"go.microsoft.com", "go.microsoft.com",
"gpla1.wac.v2cdn.net", "gpla1.wac.v2cdn.net",
".hwcdn.net",
"img-prod-cms-rt-microsoft-com.akamaized.net", "img-prod-cms-rt-microsoft-com.akamaized.net",
"ip5.afdorigin-prod-am02.afdogw.com", "ip5.afdorigin-prod-am02.afdogw.com",
"ipv4.login.msa.akadns6.net", "ipv4.login.msa.akadns6.net",
"l-ring.msedge.net",
"licensing.mp.microsoft.com", "licensing.mp.microsoft.com",
"location-inference-westus.cloudapp.net", "location-inference-westus.cloudapp.net",
"login.live.com", "login.live.com",
".login.msa.akadns6.net",
"login.msa.akadns6.net", "login.msa.akadns6.net",
"l-ring.msedge.net",
".l.windowsupdate.com",
".m1-msedge.net",
"maps.windows.com", "maps.windows.com",
"mediaredirect.microsoft.com", "mediaredirect.microsoft.com",
"modern.watson.data.microsoft.com.akadns.net", "modern.watson.data.microsoft.com.akadns.net",
"msftconnecttest.com", "msftconnecttest.com",
"msftsrvcs.vo.llnwd.net", "msftsrvcs.vo.llnwd.net",
"msnbot-65-52-108-198.search.msn.com",
"msnbot-.search.msn.com", "msnbot-.search.msn.com",
"msnbot-65-52-108-198.search.msn.com",
"ocos-office365-s2s.msedge.net", "ocos-office365-s2s.msedge.net",
"ocsp.digicert.com", "ocsp.digicert.com",
"oem.twimg.com", "oem.twimg.com",
@ -109,7 +111,6 @@
"outlook.office365.com", "outlook.office365.com",
"peer1-wst.msedge.net", "peer1-wst.msedge.net",
"peer4-wst.msedge.net", "peer4-wst.msedge.net",
".prod.do.dsp.mp.microsoft.com",
"prod.do.dsp.mp.microsoft.com", "prod.do.dsp.mp.microsoft.com",
"prod.do.dsp.mp.microsoft.com.nsatc.net", "prod.do.dsp.mp.microsoft.com.nsatc.net",
"pti.store.microsoft.com", "pti.store.microsoft.com",
@ -118,29 +119,22 @@
"query.prod.cms.rt.microsoft.com", "query.prod.cms.rt.microsoft.com",
"ris.api.iris.microsoft.com", "ris.api.iris.microsoft.com",
"ris.api.iris.microsoft.com.akadns.net", "ris.api.iris.microsoft.com.akadns.net",
".search.msn.com",
"settings.data.microsoft.com",
"settings-win.data.microsoft.com", "settings-win.data.microsoft.com",
"settings.data.microsoft.com",
"sls.update.microsoft.com", "sls.update.microsoft.com",
"sls.update.microsoft.com.nsatc.net", "sls.update.microsoft.com.nsatc.net",
".s-msedge.net",
"star-mini.c10r.facebook.com", "star-mini.c10r.facebook.com",
"storecatalogrevocation.storequality.microsoft.com",
"storeedgefd.dsx.mp.microsoft.com",
"store-images.microsoft.com", "store-images.microsoft.com",
"store-images.s-microsoft.com", "store-images.s-microsoft.com",
"storecatalogrevocation.storequality.microsoft.com",
"storeedgefd.dsx.mp.microsoft.com",
"telecommand.telemetry.microsoft.com", "telecommand.telemetry.microsoft.com",
".telecommand.telemetry.microsoft.com.akadns.net",
"tile-service.weather.microsoft.com", "tile-service.weather.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
"tsfe.trafficshaping.dsp.mp.microsoft.com", "tsfe.trafficshaping.dsp.mp.microsoft.com",
"v10.vortex-win.data.microsoft.com", "v10.vortex-win.data.microsoft.com",
"vip5.afdorigin-prod-am02.afdogw.com", "vip5.afdorigin-prod-am02.afdogw.com",
"vip5.afdorigin-prod-ch02.afdogw.com", "vip5.afdorigin-prod-ch02.afdogw.com",
".wac.edgecastcdn.net",
"wac.edgecastcdn.net", "wac.edgecastcdn.net",
".wac.phicdn.net",
"wac.phicdn.net", "wac.phicdn.net",
"wallet-frontend-prod-westus.cloudapp.net", "wallet-frontend-prod-westus.cloudapp.net",
"wallet.microsoft.com", "wallet.microsoft.com",
@ -148,10 +142,16 @@
"wdcp.microsoft.akadns.net", "wdcp.microsoft.akadns.net",
"wdcp.microsoft.com", "wdcp.microsoft.com",
"wildcard.twimg.com", "wildcard.twimg.com",
".windowsupdate.com",
".wns.windows.com",
"www.bing.com", "www.bing.com",
"www.microsoft.com", "www.microsoft.com",
"www.msftconnecttest.com" "www.msftconnecttest.com"
] ],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known Windows 10 connection endpoints",
"type": "hostname",
"version": 1
} }

View File

@ -1,13 +1,5 @@
{ {
"name": "List of known microsoft domains",
"version": 3,
"description": "Event contains one or more entries of known microsoft domains", "description": "Event contains one or more entries of known microsoft domains",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"type": "hostname",
"list": [ "list": [
".aadrm.com", ".aadrm.com",
".afx.ms", ".afx.ms",
@ -121,9 +113,9 @@
".windowsphone-int.net", ".windowsphone-int.net",
".windowsphone.com", ".windowsphone.com",
".windowsphone.net", ".windowsphone.net",
".windowsupdate.com",
".windowssearch.com", ".windowssearch.com",
".windowsstore.com", ".windowsstore.com",
".windowsupdate.com",
".wlxrs.com", ".wlxrs.com",
".xbox.com", ".xbox.com",
".xboxlive.com", ".xboxlive.com",
@ -200,5 +192,13 @@
"watson.telemetry.microsoft.com", "watson.telemetry.microsoft.com",
"www.insidersurveys.windows.com", "www.insidersurveys.windows.com",
"za.microsoftstore.com" "za.microsoftstore.com"
] ],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known microsoft domains",
"type": "hostname",
"version": 3
} }

View File

@ -1,8 +1,5 @@
{ {
"description": "Event contains one or more entries from the top 500 of the most used domains (Mozilla).", "description": "Event contains one or more entries from the top 500 of the most used domains (Mozilla).",
"version": 20190424,
"name": "Top 500 domains and pages from https://moz.com/top500",
"type": "hostname",
"list": [ "list": [
"123-reg-expired.co.uk", "123-reg-expired.co.uk",
"163.com", "163.com",
@ -966,5 +963,8 @@
"domain", "domain",
"uri", "uri",
"url" "url"
] ],
"name": "Top 500 domains and pages from https://moz.com/top500",
"type": "hostname",
"version": 20190424
} }

View File

@ -1,4 +1,5 @@
{ {
"description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
"list": [ "list": [
"224.0.0.0/8", "224.0.0.0/8",
"225.0.0.0/8", "225.0.0.0/8",
@ -17,13 +18,12 @@
"238.0.0.0/8", "238.0.0.0/8",
"239.0.0.0/8" "239.0.0.0/8"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks", "name": "List of RFC 5771 multicast CIDR blocks",
"version": 3, "type": "cidr",
"name": "List of RFC 5771 multicast CIDR blocks" "version": 3
} }

View File

@ -1,8 +1,75 @@
{ {
"name": "List of known Ovh Cluster IP",
"version": 20180222,
"description": "OVH Cluster IP address (https://docs.ovh.com/fr/hosting/liste-des-adresses-ip-des-clusters-et-hebergements-web/)", "description": "OVH Cluster IP address (https://docs.ovh.com/fr/hosting/liste-des-adresses-ip-des-clusters-et-hebergements-web/)",
"list": [ "list": [
"137.74.180.117",
"137.74.234.211",
"137.74.48.119",
"164.132.150.73",
"164.132.235.17",
"178.32.129.72",
"178.32.138.102",
"178.32.140.171",
"178.32.140.172",
"178.32.149.185",
"178.32.17.246",
"178.32.205.96",
"178.32.52.5",
"178.32.59.150",
"178.32.59.194",
"178.33.34.108",
"178.33.38.88",
"188.165.129.145",
"188.165.130.4",
"188.165.138.2",
"188.165.139.219",
"188.165.143.16",
"188.165.143.17",
"188.165.143.18",
"188.165.143.19",
"188.165.143.2",
"188.165.143.24",
"188.165.143.3",
"188.165.143.4",
"188.165.143.40",
"188.165.143.48",
"188.165.143.50",
"188.165.143.87",
"188.165.16.78",
"188.165.23.19",
"188.165.26.160",
"188.165.29.126",
"188.165.30.41",
"188.165.31.16",
"188.165.31.17",
"188.165.31.18",
"188.165.31.19",
"188.165.31.2",
"188.165.31.24",
"188.165.31.3",
"188.165.31.4",
"188.165.31.40",
"188.165.31.48",
"188.165.31.50",
"188.165.31.87",
"188.165.4.35",
"188.165.53.185",
"188.165.59.25",
"188.165.6.20",
"188.165.6.81",
"188.165.6.82",
"188.165.61.82",
"188.165.7.16",
"188.165.7.17",
"188.165.7.18",
"188.165.7.19",
"188.165.7.2",
"188.165.7.24",
"188.165.7.3",
"188.165.7.4",
"188.165.7.40",
"188.165.7.48",
"188.165.7.50",
"188.165.7.87",
"2001:41d0:1:1b00:188:165:143:16", "2001:41d0:1:1b00:188:165:143:16",
"2001:41d0:1:1b00:188:165:143:17", "2001:41d0:1:1b00:188:165:143:17",
"2001:41d0:1:1b00:188:165:143:18", "2001:41d0:1:1b00:188:165:143:18",
@ -153,30 +220,24 @@
"2001:41d0:301:11::24", "2001:41d0:301:11::24",
"2001:41d0:301:11::25", "2001:41d0:301:11::25",
"2001:41d0:301:11::26", "2001:41d0:301:11::26",
"2001:41d0:301:1::20",
"2001:41d0:301:1::21",
"2001:41d0:301:12::2", "2001:41d0:301:12::2",
"2001:41d0:301:12::20", "2001:41d0:301:12::20",
"2001:41d0:301:12::21", "2001:41d0:301:12::21",
"2001:41d0:301:12::23", "2001:41d0:301:12::23",
"2001:41d0:301:12::24", "2001:41d0:301:12::24",
"2001:41d0:301:12::26", "2001:41d0:301:12::26",
"2001:41d0:301:1::20",
"2001:41d0:301:1::21",
"2001:41d0:301:1::23", "2001:41d0:301:1::23",
"2001:41d0:301:1::24", "2001:41d0:301:1::24",
"2001:41d0:301:1::25", "2001:41d0:301:1::25",
"2001:41d0:301:1::26", "2001:41d0:301:1::26",
"2001:41d0:301::20",
"2001:41d0:301::21",
"2001:41d0:301:2::20", "2001:41d0:301:2::20",
"2001:41d0:301:2::21", "2001:41d0:301:2::21",
"2001:41d0:301:2::23", "2001:41d0:301:2::23",
"2001:41d0:301:2::24", "2001:41d0:301:2::24",
"2001:41d0:301:2::25", "2001:41d0:301:2::25",
"2001:41d0:301:2::26", "2001:41d0:301:2::26",
"2001:41d0:301::23",
"2001:41d0:301::24",
"2001:41d0:301::25",
"2001:41d0:301::26",
"2001:41d0:301:3::20", "2001:41d0:301:3::20",
"2001:41d0:301:3::23", "2001:41d0:301:3::23",
"2001:41d0:301:3::24", "2001:41d0:301:3::24",
@ -218,75 +279,12 @@
"2001:41d0:301:9::24", "2001:41d0:301:9::24",
"2001:41d0:301:9::25", "2001:41d0:301:9::25",
"2001:41d0:301:9::26", "2001:41d0:301:9::26",
"137.74.180.117", "2001:41d0:301::20",
"137.74.234.211", "2001:41d0:301::21",
"137.74.48.119", "2001:41d0:301::23",
"164.132.150.73", "2001:41d0:301::24",
"164.132.235.17", "2001:41d0:301::25",
"178.32.129.72", "2001:41d0:301::26",
"178.32.138.102",
"178.32.140.171",
"178.32.140.172",
"178.32.149.185",
"178.32.17.246",
"178.32.205.96",
"178.32.52.5",
"178.32.59.150",
"178.32.59.194",
"178.33.34.108",
"178.33.38.88",
"188.165.129.145",
"188.165.130.4",
"188.165.138.2",
"188.165.139.219",
"188.165.143.16",
"188.165.143.17",
"188.165.143.18",
"188.165.143.19",
"188.165.143.2",
"188.165.143.24",
"188.165.143.3",
"188.165.143.4",
"188.165.143.40",
"188.165.143.48",
"188.165.143.50",
"188.165.143.87",
"188.165.16.78",
"188.165.23.19",
"188.165.26.160",
"188.165.29.126",
"188.165.30.41",
"188.165.31.16",
"188.165.31.17",
"188.165.31.18",
"188.165.31.19",
"188.165.31.2",
"188.165.31.24",
"188.165.31.3",
"188.165.31.4",
"188.165.31.40",
"188.165.31.48",
"188.165.31.50",
"188.165.31.87",
"188.165.4.35",
"188.165.53.185",
"188.165.59.25",
"188.165.61.82",
"188.165.6.20",
"188.165.6.81",
"188.165.6.82",
"188.165.7.16",
"188.165.7.17",
"188.165.7.18",
"188.165.7.19",
"188.165.7.2",
"188.165.7.24",
"188.165.7.3",
"188.165.7.4",
"188.165.7.40",
"188.165.7.48",
"188.165.7.50",
"188.165.7.87",
"213.186.33.16", "213.186.33.16",
"213.186.33.17", "213.186.33.17",
"213.186.33.18", "213.186.33.18",
@ -305,6 +303,12 @@
"37.59.236.156", "37.59.236.156",
"37.59.69.122", "37.59.69.122",
"46.105.57.169", "46.105.57.169",
"5.135.108.219",
"5.135.59.60",
"5.135.68.66",
"5.135.68.67",
"5.196.129.52",
"5.196.208.117",
"51.254.146.179", "51.254.146.179",
"51.254.154.69", "51.254.154.69",
"51.254.16.36", "51.254.16.36",
@ -313,12 +317,6 @@
"51.254.78.227", "51.254.78.227",
"51.254.94.183", "51.254.94.183",
"51.255.132.41", "51.255.132.41",
"5.135.108.219",
"5.135.59.60",
"5.135.68.66",
"5.135.68.67",
"5.196.129.52",
"5.196.208.117",
"79.137.112.24", "79.137.112.24",
"87.98.154.146", "87.98.154.146",
"87.98.230.241", "87.98.230.241",
@ -435,10 +433,12 @@
"94.23.79.87", "94.23.79.87",
"94.23.88.105" "94.23.88.105"
], ],
"type": "string",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
] ],
"name": "List of known Ovh Cluster IP",
"type": "string",
"version": 20180222
} }

View File

@ -25347,7 +25347,7 @@
"url", "url",
"domain|ip" "domain|ip"
], ],
"type": "hostname",
"name": "List of known public DNS resolvers expressed as hostname", "name": "List of known public DNS resolvers expressed as hostname",
"type": "hostname",
"version": 20171224 "version": 20171224
} }

View File

@ -38369,6 +38369,7 @@
"89.97.225.69", "89.97.225.69",
"89.97.5.242", "89.97.5.242",
"89.97.52.13", "89.97.52.13",
"9.9.9.9",
"90.102.97.81", "90.102.97.81",
"90.102.97.89", "90.102.97.89",
"90.145.145.69", "90.145.145.69",
@ -40648,15 +40649,14 @@
"99.71.229.19", "99.71.229.19",
"99.72.128.193", "99.72.128.193",
"99.93.97.238", "99.93.97.238",
"99.99.99.193", "99.99.99.193"
"9.9.9.9"
], ],
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"type": "string",
"name": "List of known IPv4 public DNS resolvers", "name": "List of known IPv4 public DNS resolvers",
"type": "string",
"version": 20181114 "version": 20181114
} }

View File

@ -1,8 +1,6 @@
{ {
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set", "description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
"list": [ "list": [
"2606:4700:4700::1111",
"2606:4700:4700::1001",
"2001:1488:800:400::130", "2001:1488:800:400::130",
"2001:14b8:100:350::2", "2001:14b8:100:350::2",
"2001:14b8:100:8350::1", "2001:14b8:100:8350::1",
@ -111,6 +109,8 @@
"2604:a880:1:20::c5b:1001", "2604:a880:1:20::c5b:1001",
"2604:a880:400:d0::6d6:2001", "2604:a880:400:d0::6d6:2001",
"2605:f700:c0:1::1089:53ef", "2605:f700:c0:1::1089:53ef",
"2606:4700:4700::1001",
"2606:4700:4700::1111",
"2607:fa88:1::2", "2607:fa88:1::2",
"2610:130:100:3::200", "2610:130:100:3::200",
"2610:a1:1018::22", "2610:a1:1018::22",
@ -280,7 +280,7 @@
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"type": "string",
"name": "List of known IPv6 public DNS resolvers", "name": "List of known IPv6 public DNS resolvers",
"type": "string",
"version": 20181114 "version": 20181114
} }

View File

@ -1,16 +1,16 @@
{ {
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
"list": [ "list": [
"10.0.0.0/8", "10.0.0.0/8",
"172.16.0.0/12", "172.16.0.0/12",
"192.168.0.0/16" "192.168.0.0/16"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks", "name": "List of RFC 1918 CIDR blocks",
"version": 3, "type": "cidr",
"name": "List of RFC 1918 CIDR blocks" "version": 3
} }

View File

@ -1,14 +1,14 @@
{ {
"description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
"list": [ "list": [
"2001:DB8::/32" "2001:DB8::/32"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)", "name": "List of RFC 3849 CIDR blocks",
"version": 3, "type": "cidr",
"name": "List of RFC 3849 CIDR blocks" "version": 3
} }

View File

@ -1,4 +1,5 @@
{ {
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
"list": [ "list": [
"0.0.0.0/8", "0.0.0.0/8",
"10.0.0.0/8", "10.0.0.0/8",
@ -7,8 +8,8 @@
"172.16.0.0/12", "172.16.0.0/12",
"192.0.0.0/24", "192.0.0.0/24",
"192.0.2.0/24", "192.0.2.0/24",
"192.88.99.0/24",
"192.168.0.0/16", "192.168.0.0/16",
"192.88.99.0/24",
"198.18.0.0/15", "198.18.0.0/15",
"198.51.100.0/24", "198.51.100.0/24",
"203.0.113.0/24", "203.0.113.0/24",
@ -16,13 +17,12 @@
"240.0.0.0/4", "240.0.0.0/4",
"255.255.255.255/32" "255.255.255.255/32"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses", "name": "List of RFC 5735 CIDR blocks",
"version": 3, "type": "cidr",
"name": "List of RFC 5735 CIDR blocks" "version": 3
} }

View File

@ -1,14 +1,14 @@
{ {
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
"list": [ "list": [
"100.64.0.0/10" "100.64.0.0/10"
], ],
"type": "cidr",
"matching_attributes": [ "matching_attributes": [
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
], ],
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses", "name": "List of RFC 6598 CIDR blocks",
"version": 3, "type": "cidr",
"name": "List of RFC 6598 CIDR blocks" "version": 3
} }

View File

@ -1,11 +1,9 @@
{ {
"description": "Event contains one or more entries part of the RFC 6761 Special-Use Domain Names", "description": "Event contains one or more entries part of the RFC 6761 Special-Use Domain Names",
"list": [ "list": [
"example.com",
"example.net",
"example.org",
"10.in-addr.arpa", "10.in-addr.arpa",
"16.172.in-addr.arpa", "16.172.in-addr.arpa",
"168.192.in-addr.arpa",
"17.172.in-addr.arpa", "17.172.in-addr.arpa",
"18.172.in-addr.arpa", "18.172.in-addr.arpa",
"19.172.in-addr.arpa", "19.172.in-addr.arpa",
@ -21,14 +19,16 @@
"29.172.in-addr.arpa", "29.172.in-addr.arpa",
"30.172.in-addr.arpa", "30.172.in-addr.arpa",
"31.172.in-addr.arpa", "31.172.in-addr.arpa",
"168.192.in-addr.arpa" "example.com",
"example.net",
"example.org"
], ],
"matching_attributes": [ "matching_attributes": [
"hostname", "hostname",
"domain", "domain",
"domain|ip" "domain|ip"
], ],
"type": "string",
"name": "List of RFC 6761 Special-Use Domain Names", "name": "List of RFC 6761 Special-Use Domain Names",
"type": "string",
"version": 1 "version": 1
} }

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,20 +1,13 @@
{ {
"name": "List of known sinkholes",
"version": 1,
"description": "List of known sinkholes", "description": "List of known sinkholes",
"matching_attributes": [
"ip-src",
"ip-dst"
],
"type": "cidr",
"list": [ "list": [
"104.155.11.149", "104.155.11.149",
"104.244.12.0/22", "104.244.12.0/22",
"106.187.96.49", "106.187.96.49",
"109.74.196.143", "109.74.196.143",
"136.161.101.53",
"131.253.18.11", "131.253.18.11",
"131.253.18.12", "131.253.18.12",
"136.161.101.53",
"139.146.167.25", "139.146.167.25",
"142.0.36.234", "142.0.36.234",
"143.215.130.0/24", "143.215.130.0/24",
@ -75,8 +68,8 @@
"86.124.164.25", "86.124.164.25",
"87.106.140.254", "87.106.140.254",
"87.106.141.15", "87.106.141.15",
"87.106.240.162",
"87.106.24.200", "87.106.24.200",
"87.106.240.162",
"87.106.250.34", "87.106.250.34",
"87.106.26.9", "87.106.26.9",
"87.106.86.28", "87.106.86.28",
@ -87,5 +80,12 @@
"94.23.175.2", "94.23.175.2",
"95.211.172.143", "95.211.172.143",
"95.211.174.92" "95.211.174.92"
] ],
"matching_attributes": [
"ip-src",
"ip-dst"
],
"name": "List of known sinkholes",
"type": "cidr",
"version": 1
} }

View File

@ -1,4 +1,5 @@
{ {
"description": "Event contains one or more TLDs as attribute with an IDS flag set",
"list": [ "list": [
"AAA", "AAA",
"AARP", "AARP",
@ -1297,8 +1298,7 @@
"domain", "domain",
"domain|ip" "domain|ip"
], ],
"name": "TLDs as known by IANA",
"type": "string", "type": "string",
"description": "Event contains one or more TLDs as attribute with an IDS flag set", "version": 6
"version": 6,
"name": "TLDs as known by IANA"
} }

View File

@ -1,8 +1,5 @@
{ {
"description": "Event contains one or more entries from the top 1,000,000 most-used sites (Tranco).", "description": "Event contains one or more entries from the top 1,000,000 most-used sites (Tranco).",
"version": 20200305,
"name": "Top 1,000,000 most-used sites from Tranco",
"type": "hostname",
"list": [ "list": [
"0-1.ir", "0-1.ir",
"0-1.ru", "0-1.ru",
@ -1000010,5 +1000007,8 @@
"domain", "domain",
"url", "url",
"domain|ip" "domain|ip"
] ],
"name": "Top 1,000,000 most-used sites from Tranco",
"type": "hostname",
"version": 20200305
} }

File diff suppressed because it is too large Load Diff

View File

@ -1,21 +1,11 @@
{ {
"name": "List of known URL Shorteners domains",
"version": 7,
"description": "Event contains one or more entries of known Shorteners domains", "description": "Event contains one or more entries of known Shorteners domains",
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"url",
"uri"
],
"type": "hostname",
"list": [ "list": [
"1url.com", "1url.com",
"adcraft.co", "adcraft.co",
"adcrun.ch", "adcrun.ch",
"adflav.com",
"adf.ly", "adf.ly",
"adflav.com",
"aka.gr", "aka.gr",
"amzn.to", "amzn.to",
"bc.vc", "bc.vc",
@ -42,11 +32,12 @@
"hyperurl.co", "hyperurl.co",
"id.tl", "id.tl",
"iplogger.com", "iplogger.com",
"iplogger.org",
"is.gd", "is.gd",
"ity.im", "ity.im",
"j.mp", "j.mp",
"linkto.im",
"link.zip.net", "link.zip.net",
"linkto.im",
"lnk.co", "lnk.co",
"lnk.direct", "lnk.direct",
"lnkd.in", "lnkd.in",
@ -61,24 +52,24 @@
"q.gs", "q.gs",
"qr.ae", "qr.ae",
"qr.net", "qr.net",
"s.rlp.de",
"scrnch.me", "scrnch.me",
"shortquik.com", "shortquik.com",
"sk.gy", "sk.gy",
"smarturl.it", "smarturl.it",
"snip.ly", "snip.ly",
"su.pr", "su.pr",
"s.rlp.de",
"t.co", "t.co",
"tinyarrows.com",
"tiny.cc", "tiny.cc",
"tinyarrows.com",
"tinyurl.com", "tinyurl.com",
"tota2.com", "tota2.com",
"tr.im", "tr.im",
"tweez.me", "tweez.me",
"twitthis.com", "twitthis.com",
"u.bb", "u.bb",
"urlz.fr",
"u.to", "u.to",
"urlz.fr",
"v.gd", "v.gd",
"vzturl.com", "vzturl.com",
"wp.me", "wp.me",
@ -88,7 +79,16 @@
"yourls.org", "yourls.org",
"youtu.be", "youtu.be",
"yu2.it", "yu2.it",
"zpag.es", "zpag.es"
"iplogger.org" ],
] "matching_attributes": [
"domain",
"hostname",
"domain|ip",
"url",
"uri"
],
"name": "List of known URL Shorteners domains",
"type": "hostname",
"version": 7
} }

View File

@ -1,15 +1,5 @@
{ {
"name": "List of known domains to know external IP",
"version": 7,
"description": "Event contains one or more entries of known 'what's my ip' domains", "description": "Event contains one or more entries of known 'what's my ip' domains",
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"uri",
"url"
],
"type": "hostname",
"list": [ "list": [
"2ip.ru", "2ip.ru",
"2ip.tools", "2ip.tools",
@ -18,6 +8,8 @@
"api.wipmania.com", "api.wipmania.com",
"bearsmyip.com", "bearsmyip.com",
"bot.whatismyipaddress.com", "bot.whatismyipaddress.com",
"check-my-ip.net",
"checkip-waw.dyndns.com",
"checkip.amazonaws.com", "checkip.amazonaws.com",
"checkip.dns.he.net", "checkip.dns.he.net",
"checkip.dyndns.com", "checkip.dyndns.com",
@ -25,8 +17,6 @@
"checkip.dyndns.org", "checkip.dyndns.org",
"checkip.narak.com", "checkip.narak.com",
"checkmyip.com", "checkmyip.com",
"check-my-ip.net",
"checkip-waw.dyndns.com",
"cmyip.com", "cmyip.com",
"cmyip.net", "cmyip.net",
"crymyip.com", "crymyip.com",
@ -38,13 +28,14 @@
"dpool.sina.com.cn", "dpool.sina.com.cn",
"e-localizaip.com", "e-localizaip.com",
"extreme-ip-lookup.com", "extreme-ip-lookup.com",
"findmyipaddress.com",
"findmyip.org", "findmyip.org",
"findmyipaddress.com",
"formyip.com", "formyip.com",
"freegeoip.app", "freegeoip.app",
"freegeoip.live",
"geoip.co.uk", "geoip.co.uk",
"geoiptool.com",
"geoip.vmn.net", "geoip.vmn.net",
"geoiptool.com",
"get-myip.com", "get-myip.com",
"getmyip.org", "getmyip.org",
"hostip.info", "hostip.info",
@ -56,72 +47,73 @@
"ilmioip.it", "ilmioip.it",
"indirizzo-ip.com", "indirizzo-ip.com",
"inet-ip.info", "inet-ip.info",
"ip138.com",
"ip-1.com", "ip-1.com",
"ip2location.com",
"ip2nation.com",
"ip4.me",
"ip-addr.es", "ip-addr.es",
"ip-address.cc", "ip-address.cc",
"ipaddresscheck.com",
"ipaddress.com",
"ipaddress.org",
"ip-address.ru", "ip-address.ru",
"ip-adress.com", "ip-adress.com",
"ip-adress.eu", "ip-adress.eu",
"ip.amulex.com",
"ip.anysrc.net",
"ip-api.com", "ip-api.com",
"ip.cctv.pk",
"ipchecker.info",
"ip-check.info", "ip-check.info",
"ipchicken.com",
"ip.chinaz.com",
"ip.cn",
"ip-detect.net", "ip-detect.net",
"ipecho.net", "ip-info.ff.avast.com",
"ipify.org",
"ipinfodb.com",
"ipinfo.info",
"ipinfo.io",
"ip-info.org", "ip-info.org",
"ip-info.xyz", "ip-info.xyz",
"ip-ping.ru",
"ip-score.com",
"ip-secrets.com",
"ip-who-is.com",
"ip-whois.net",
"ip.amulex.com",
"ip.anysrc.net",
"ip.cctv.pk",
"ip.chinaz.com",
"ip.cn",
"ip.my-proxy.com",
"ip.taobao.com",
"ip.tool.la",
"ip.tyk.nu",
"ip.webmasterhome.cn",
"ip138.com",
"ip2location.com",
"ip2nation.com",
"ip4.me",
"ipaddress.com",
"ipaddress.org",
"ipaddresscheck.com",
"ipapi.co",
"ipchecker.info",
"ipchicken.com",
"ipecho.net",
"ipify.org",
"ipinfo.info",
"ipinfo.io",
"ipinfodb.com",
"ipleak.net", "ipleak.net",
"iplocation.net", "iplocation.net",
"iplogger.ru", "iplogger.ru",
"ipmonkey.com", "ipmonkey.com",
"ip.my-proxy.com",
"ip-ping.ru",
"ip-score.com",
"ip-secrets.com",
"ip.taobao.com",
"ip.tool.la",
"iptrackeronline.com", "iptrackeronline.com",
"ip.tyk.nu",
"ipv4bot.whatismyipaddress.com", "ipv4bot.whatismyipaddress.com",
"ipv6bot.whatismyipaddress.com",
"ipv6-test.com", "ipv6-test.com",
"ip.webmasterhome.cn", "ipv6bot.whatismyipaddress.com",
"ip-who-is.com",
"ip-whois.net",
"l2.io",
"keliweb.it/mioip.php", "keliweb.it/mioip.php",
"l2.io",
"localizaip.com.br", "localizaip.com.br",
"meip.eu", "meip.eu",
"meuip.net.br", "meuip.net.br",
"mioip.ch", "mio-ip.it",
"mioip.biz", "mioip.biz",
"mioip.ch",
"mioip.info", "mioip.info",
"mioip.it", "mioip.it",
"mioip.org", "mioip.org",
"mioip.win", "mioip.win",
"mio-ip.it",
"mon-ip.com", "mon-ip.com",
"my-ip-address.net",
"mycamip.com", "mycamip.com",
"myexternalip.com", "myexternalip.com",
"myglobalip.com", "myglobalip.com",
"myipaddress.com",
"my-ip-address.net",
"myip.am", "myip.am",
"myip.by", "myip.by",
"myip.cc", "myip.cc",
@ -129,10 +121,10 @@
"myip.ch", "myip.ch",
"myip.cn", "myip.cn",
"myip.co.il", "myip.co.il",
"myip.co.nz",
"myip.com.br", "myip.com.br",
"myip.com.tw", "myip.com.tw",
"myip.com.ua", "myip.com.ua",
"myip.co.nz",
"myip.cz", "myip.cz",
"myip.dk", "myip.dk",
"myip.dnsdynamic.org", "myip.dnsdynamic.org",
@ -146,7 +138,6 @@
"myip.heltech.se", "myip.heltech.se",
"myip.ht", "myip.ht",
"myip.info", "myip.info",
"myipinfo.net",
"myip.io", "myip.io",
"myip.is", "myip.is",
"myip.israel.net", "myip.israel.net",
@ -161,10 +152,8 @@
"myip.nl", "myip.nl",
"myip.nmonitoring.com", "myip.nmonitoring.com",
"myip.northstate.net", "myip.northstate.net",
"myipnow.com",
"myip.nu", "myip.nu",
"myipnumber.com", "myip.opendns.com",
"myiponline.com",
"myip.ozymo.com", "myip.ozymo.com",
"myip.report", "myip.report",
"myip.rs.sr", "myip.rs.sr",
@ -180,20 +169,25 @@
"myip.uconn.edu", "myip.uconn.edu",
"myip.v6shell.org", "myip.v6shell.org",
"myip.zone", "myip.zone",
"myipaddress.com",
"myipinfo.net",
"myipnow.com",
"myipnumber.com",
"myiponline.com",
"mylocation.org", "mylocation.org",
"readip.info", "readip.info",
"shmyip.com", "shmyip.com",
"show-ip.com", "show-ip.com",
"showipinfo.net", "show-my-ip.de",
"showip.net", "showip.net",
"showipinfo.net",
"showmemyip.com", "showmemyip.com",
"showmyipaddress.com", "showmyip.co.uk",
"showmyipaddress.eu",
"showmyip.com", "showmyip.com",
"showmyip.com.ar", "showmyip.com.ar",
"showmyip.co.uk",
"show-my-ip.de",
"showmyip.gr", "showmyip.gr",
"showmyipaddress.com",
"showmyipaddress.eu",
"showmyipnow.com", "showmyipnow.com",
"smart-ip.net", "smart-ip.net",
"tell-my-ip.com", "tell-my-ip.com",
@ -207,23 +201,24 @@
"vermiip.es", "vermiip.es",
"vinflag.com", "vinflag.com",
"whatismybrowser.com", "whatismybrowser.com",
"whatismyipaddress.com",
"whatismyip.akamai.com", "whatismyip.akamai.com",
"whatismyip.ca", "whatismyip.ca",
"whatismyip.com", "whatismyip.com",
"whatismyip.com.br", "whatismyip.com.br",
"whatismyip.everdot.org",
"whatismyip.li", "whatismyip.li",
"whatismyip.net", "whatismyip.net",
"whatismyip.org", "whatismyip.org",
"whatismyipaddress.com",
"whatismypublicip.com", "whatismypublicip.com",
"whatmyip.us", "whatmyip.us",
"whatsmyipaddress.com",
"whatsmyipaddress.net",
"whats-my-ip-address.org", "whats-my-ip-address.org",
"whatsmyip.ie", "whatsmyip.ie",
"whatsmyip.net", "whatsmyip.net",
"whatsmyip.org", "whatsmyip.org",
"whatsmyip.us", "whatsmyip.us",
"whatsmyipaddress.com",
"whatsmyipaddress.net",
"whereisip.net", "whereisip.net",
"whoer.net", "whoer.net",
"wtfismyip.com", "wtfismyip.com",
@ -232,11 +227,16 @@
"yougetsignal.com", "yougetsignal.com",
"youip.net", "youip.net",
"your-ip-address.com", "your-ip-address.com",
"yourip.us", "yourip.us"
"myip.opendns.com", ],
"whatismyip.everdot.org", "matching_attributes": [
"ip-info.ff.avast.com", "domain",
"ipapi.co", "hostname",
"freegeoip.live" "domain|ip",
] "uri",
"url"
],
"name": "List of known domains to know external IP",
"type": "hostname",
"version": 7
} }

View File

@ -1,8 +1,5 @@
{ {
"name": "List of known Wikimedia address ranges",
"version": 20190912,
"description": "Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)", "description": "Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)",
"type": "cidr",
"list": [ "list": [
"208.80.153.0/27", "208.80.153.0/27",
"208.80.153.32/27", "208.80.153.32/27",
@ -27,5 +24,8 @@
"ip-src", "ip-src",
"ip-dst", "ip-dst",
"domain|ip" "domain|ip"
] ],
"name": "List of known Wikimedia address ranges",
"type": "cidr",
"version": 20190912
} }

View File

@ -1,42 +1,40 @@
{ {
"$schema": "http://json-schema.org/schema#", "$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-warninglists",
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
"type": "object",
"additionalProperties": false, "additionalProperties": false,
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
"properties": { "properties": {
"description": { "description": {
"type": "string" "type": "string"
}, },
"list": {
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"matching_attributes": {
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"name": { "name": {
"type": "string" "type": "string"
}, },
"version": {
"type": "integer"
},
"list": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
},
"type": { "type": {
"type": "string",
"enum": [ "enum": [
"string", "string",
"substring", "substring",
"hostname", "hostname",
"cidr", "cidr",
"regex" "regex"
] ],
"type": "string"
}, },
"matching_attributes": { "version": {
"type": "array", "type": "integer"
"uniqueItems": true,
"items": {
"type": "string"
}
} }
}, },
"required": [ "required": [
@ -45,5 +43,7 @@
"version", "version",
"name", "name",
"type" "type"
] ],
"title": "Validator for misp-warninglists",
"type": "object"
} }

View File

@ -8,38 +8,36 @@ import datetime
url = 'https://raw.githubusercontent.com/krassi/covid19-related/master/whitelist-domains.txt' url = 'https://raw.githubusercontent.com/krassi/covid19-related/master/whitelist-domains.txt'
r = requests.get(url) r = requests.get(url)
whitelist = r.text whitelist = r.text
whitelist = whitelist.split() whitelist = list(set(whitelist.split()))
warninglist = { warninglist = {
'name': 'Covid-19 Krassi\'s Whitelist', 'name': 'Covid-19 Krassi\'s Whitelist',
'uuid': 'b600900c-aacc-4860-acf4-7e24a1b08202',
'description': 'Krassimir\'s Covid-19 whitelist of known good Covid-19 related websites.', 'description': 'Krassimir\'s Covid-19 whitelist of known good Covid-19 related websites.',
'type': 'hostname', 'type': 'hostname',
'matching_attributes': ['domain', 'hostname', 'url'], 'matching_attributes': ['domain', 'hostname', 'url'],
'version': int(datetime.date.today().strftime('%Y%m%d')), 'version': int(datetime.date.today().strftime('%Y%m%d')),
'list': whitelist 'list': sorted(whitelist)
} }
with open('../lists/covid-19-krassi-whitelist/list.json', 'w+') as data_file: with open('../lists/covid-19-krassi-whitelist/list.json', 'w+') as data_file:
json.dump(warninglist, data_file, indent=4, sort_keys=True) json.dump(warninglist, data_file, indent=2, sort_keys=True)
url = 'https://raw.githubusercontent.com/Cyber-Threat-Coalition/goodlist/master/hostnames.txt' url = 'https://raw.githubusercontent.com/Cyber-Threat-Coalition/goodlist/master/hostnames.txt'
r = requests.get(url) r = requests.get(url)
whitelist = r.text whitelist = r.text
whitelist = whitelist.split() whitelist = list(set(whitelist.split()))
warninglist = { warninglist = {
'name': 'Covid-19 Cyber Threat Coalition\'s Whitelist', 'name': 'Covid-19 Cyber Threat Coalition\'s Whitelist',
'uuid': '535002a9-0dec-4363-b29b-1b365cff060d',
'description': 'The Cyber Threat Coalition\'s whitelist of COVID-19 related websites.', 'description': 'The Cyber Threat Coalition\'s whitelist of COVID-19 related websites.',
'type': 'hostname', 'type': 'hostname',
'matching_attributes': ['domain', 'hostname', 'url'], 'matching_attributes': ['domain', 'hostname', 'url'],
'version': int(datetime.date.today().strftime('%Y%m%d')), 'version': int(datetime.date.today().strftime('%Y%m%d')),
'list': whitelist 'list': sorted(whitelist)
} }
with open('../lists/covid-19-cyber-threat-coalition-whitelist/list.json', 'w+') as data_file: with open('../lists/covid-19-cyber-threat-coalition-whitelist/list.json', 'w+') as data_file:
json.dump(warninglist, data_file, indent=4, sort_keys=True) json.dump(warninglist, data_file, indent=2, sort_keys=True)

15
tools/make_list_unique.py Normal file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
import json
for p in Path('../lists/').glob('*/*.json'):
with p.open() as _f:
warninglist = json.load(_f, encoding="utf-8")
warninglist['list'] = sorted(list(set(warninglist['list'])))
with p.open('w') as _f:
warninglist = json.dump(warninglist, _f, indent=2, sort_keys=True, ensure_ascii=False)
_f.write('\n')