commit
4d186724d1
14
.travis.yml
14
.travis.yml
|
@ -1,12 +1,16 @@
|
|||
language: bash
|
||||
language: python
|
||||
|
||||
cache: pip
|
||||
|
||||
python:
|
||||
- "3.6"
|
||||
|
||||
sudo: required
|
||||
|
||||
dist: trusty
|
||||
|
||||
install:
|
||||
- sudo apt-get update -qq
|
||||
- sudo apt-get install -y -qq jq
|
||||
- sudo apt-get install -y -qq jq moreutils
|
||||
- pip install jsonschema
|
||||
|
||||
script:
|
||||
- cat */*/*.json | jq . >/dev/null
|
||||
- ./validate_all.sh
|
||||
|
|
10
README.md
10
README.md
|
@ -10,6 +10,7 @@ are available in one of the list. The list can be globally enabled or disabled i
|
|||
# lists
|
||||
|
||||
- [lists/alexa](lists/alexa) - Top 1000 websites from Alexa
|
||||
- [lists/eicar.com](lists/eicar.com) - hashes for EICAR test virus
|
||||
- [lists/empty-hashes](lists/empty-hashes) - hash values of empty files
|
||||
- [lists/google](lists/google) - known domains and hostnames from Google
|
||||
- [lists/ipv6-linklocal](ipv6-linklocal) - IPv6 link local prefix
|
||||
|
@ -21,8 +22,11 @@ are available in one of the list. The list can be globally enabled or disabled i
|
|||
- [lists/rfc1918](lists/rfc1918) - RFC 1918 network subnets
|
||||
- [lists/rfc3849](lists/rfc3849) - RFC 3849 - Documentation prefix for ipv6
|
||||
- [lists/rfc5735](lists/rfc5735) - RFC 5735 CIDR blocks - Special Use IPv4 Addresses
|
||||
- [lists/rfc6598](lists/rfc6598) - RFC 6598 IANA-Reserved IPv4 Prefix for Shared Address Space (Carrier- Grade NAT (CGN) devices)
|
||||
- [lists/second-level-tlds](lists/second-level-tlds) - Mozilla list of second level top-level domains
|
||||
- [lists/tlds](lists/tlds) - top-level domains
|
||||
- [lists/whats-my-ip](lists/whats-my-ip) - "What's my IP" service
|
||||
- [lists/url-shortener](lists/url-shortener) - URL shorteners services
|
||||
|
||||
# Format of a warning list
|
||||
|
||||
|
@ -48,6 +52,12 @@ are available in one of the list. The list can be globally enabled or disabled i
|
|||
|
||||
If matching_attributes are not set, the list is matched against any type of attributes.
|
||||
|
||||
## type of warning list
|
||||
|
||||
- ```string``` (default) - perfect match of a string in the warning list against matching attributes
|
||||
- ```substring``` - substring matching of a string in the warning list against matching attributes
|
||||
- ```hostname``` - hostname matching (e.g. domain matching from URL) of a string in the warning list against matching attributes
|
||||
|
||||
# License
|
||||
|
||||
MISP warning-lists are licensed under [CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) - Public Domain Dedication. If a specific author of a taxonomy wants to license it under a different license, a pull request can be requested.
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
# Seeds sponge, from moreutils
|
||||
|
||||
for dir in lists/*/list.json
|
||||
do
|
||||
cat ${dir} | jq . | sponge ${dir}
|
||||
done
|
||||
|
||||
cat schema.json | jq . | sponge schema.json
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,23 @@
|
|||
{
|
||||
"name": "List of hashes for EICAR test virus",
|
||||
"version": 1,
|
||||
"description": "Event contains one or more entries based on hashes for EICAR test virus",
|
||||
"matching_attributes": [],
|
||||
"list": [
|
||||
"44d88612fea8a8f36de82e1278abb02f",
|
||||
"6ce6f415d8475545be5ba114f208b0ff",
|
||||
"e4968ef99266df7c9a1f0637d2389dab",
|
||||
"3395856ce81f2b7382dee72602f798b642f14140",
|
||||
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
|
||||
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
|
||||
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
|
||||
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
|
||||
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
|
||||
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
|
||||
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
|
||||
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
|
||||
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
|
||||
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
|
||||
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe"
|
||||
]
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
"name": "List of known hashes for empty files",
|
||||
"version": 1,
|
||||
"description": "Event contains one or more entries of empty files based on known hashed",
|
||||
"matching_attributes": [ ],
|
||||
"matching_attributes": [],
|
||||
"list": [
|
||||
"d41d8cd98f00b204e9800998ecf8427e",
|
||||
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
|
||||
|
@ -11,4 +11,3 @@
|
|||
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -2,394 +2,397 @@
|
|||
"name": "List of known google domains",
|
||||
"version": 2,
|
||||
"description": "Event contains one or more entries of known google domains",
|
||||
"matching_attributes": [ "domain", "hostname", "domain|ip" ],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"list": [
|
||||
".google.com",
|
||||
".google.ad",
|
||||
".google.ae",
|
||||
".google.com.af",
|
||||
".google.com.ag",
|
||||
".google.com.ai",
|
||||
".google.al",
|
||||
".google.am",
|
||||
".google.co.ao",
|
||||
".google.com.ar",
|
||||
".google.as",
|
||||
".google.at",
|
||||
".google.com.au",
|
||||
".google.az",
|
||||
".google.ba",
|
||||
".google.com.bd",
|
||||
".google.be",
|
||||
".google.bf",
|
||||
".google.bg",
|
||||
".google.com.bh",
|
||||
".google.bi",
|
||||
".google.bj",
|
||||
".google.com.bn",
|
||||
".google.com.bo",
|
||||
".google.com.br",
|
||||
".google.bs",
|
||||
".google.bt",
|
||||
".google.co.bw",
|
||||
".google.by",
|
||||
".google.com.bz",
|
||||
".google.ca",
|
||||
".google.cd",
|
||||
".google.cf",
|
||||
".google.cg",
|
||||
".google.ch",
|
||||
".google.ci",
|
||||
".google.co.ck",
|
||||
".google.cl",
|
||||
".google.cm",
|
||||
".google.cn",
|
||||
".google.com.co",
|
||||
".google.co.cr",
|
||||
".google.com.cu",
|
||||
".google.cv",
|
||||
".google.com.cy",
|
||||
".google.cz",
|
||||
".google.de",
|
||||
".google.dj",
|
||||
".google.dk",
|
||||
".google.dm",
|
||||
".google.com.do",
|
||||
".google.dz",
|
||||
".google.com.ec",
|
||||
".google.ee",
|
||||
".google.com.eg",
|
||||
".google.es",
|
||||
".google.com.et",
|
||||
".google.fi",
|
||||
".google.com.fj",
|
||||
".google.fm",
|
||||
".google.fr",
|
||||
".google.ga",
|
||||
".google.ge",
|
||||
".google.gg",
|
||||
".google.com.gh",
|
||||
".google.com.gi",
|
||||
".google.gl",
|
||||
".google.gm",
|
||||
".google.gp",
|
||||
".google.gr",
|
||||
".google.com.gt",
|
||||
".google.gy",
|
||||
".google.com.hk",
|
||||
".google.hn",
|
||||
".google.hr",
|
||||
".google.ht",
|
||||
".google.hu",
|
||||
".google.co.id",
|
||||
".google.ie",
|
||||
".google.co.il",
|
||||
".google.im",
|
||||
".google.co.in",
|
||||
".google.iq",
|
||||
".google.is",
|
||||
".google.it",
|
||||
".google.je",
|
||||
".google.com.jm",
|
||||
".google.jo",
|
||||
".google.co.jp",
|
||||
".google.co.ke",
|
||||
".google.com.kh",
|
||||
".google.ki",
|
||||
".google.kg",
|
||||
".google.co.kr",
|
||||
".google.com.kw",
|
||||
".google.kz",
|
||||
".google.la",
|
||||
".google.com.lb",
|
||||
".google.li",
|
||||
".google.lk",
|
||||
".google.co.ls",
|
||||
".google.lt",
|
||||
".google.lu",
|
||||
".google.lv",
|
||||
".google.com.ly",
|
||||
".google.co.ma",
|
||||
".google.md",
|
||||
".google.me",
|
||||
".google.mg",
|
||||
".google.mk",
|
||||
".google.ml",
|
||||
".google.com.mm",
|
||||
".google.mn",
|
||||
".google.ms",
|
||||
".google.com.mt",
|
||||
".google.mu",
|
||||
".google.mv",
|
||||
".google.mw",
|
||||
".google.com.mx",
|
||||
".google.com.my",
|
||||
".google.co.mz",
|
||||
".google.com.na",
|
||||
".google.com.nf",
|
||||
".google.com.ng",
|
||||
".google.com.ni",
|
||||
".google.ne",
|
||||
".google.nl",
|
||||
".google.no",
|
||||
".google.com.np",
|
||||
".google.nr",
|
||||
".google.nu",
|
||||
".google.co.nz",
|
||||
".google.com.om",
|
||||
".google.com.pa",
|
||||
".google.com.pe",
|
||||
".google.com.pg",
|
||||
".google.com.ph",
|
||||
".google.com.pk",
|
||||
".google.pl",
|
||||
".google.pn",
|
||||
".google.com.pr",
|
||||
".google.ps",
|
||||
".google.pt",
|
||||
".google.com.py",
|
||||
".google.com.qa",
|
||||
".google.ro",
|
||||
".google.ru",
|
||||
".google.rw",
|
||||
".google.com.sa",
|
||||
".google.com.sb",
|
||||
".google.sc",
|
||||
".google.se",
|
||||
".google.com.sg",
|
||||
".google.sh",
|
||||
".google.si",
|
||||
".google.sk",
|
||||
".google.com.sl",
|
||||
".google.sn",
|
||||
".google.so",
|
||||
".google.sm",
|
||||
".google.sr",
|
||||
".google.st",
|
||||
".google.com.sv",
|
||||
".google.td",
|
||||
".google.tg",
|
||||
".google.co.th",
|
||||
".google.com.tj",
|
||||
".google.tk",
|
||||
".google.tl",
|
||||
".google.tm",
|
||||
".google.tn",
|
||||
".google.to",
|
||||
".google.com.tr",
|
||||
".google.tt",
|
||||
".google.com.tw",
|
||||
".google.co.tz",
|
||||
".google.com.ua",
|
||||
".google.co.ug",
|
||||
".google.co.uk",
|
||||
".google.com.uy",
|
||||
".google.co.uz",
|
||||
".google.com.vc",
|
||||
".google.co.ve",
|
||||
".google.vg",
|
||||
".google.co.vi",
|
||||
".google.com.vn",
|
||||
".google.vu",
|
||||
".google.ws",
|
||||
".google.rs",
|
||||
".google.co.za",
|
||||
".google.co.zm",
|
||||
".google.co.zw",
|
||||
".google.cat",
|
||||
"www.google.com",
|
||||
"www.google.ad",
|
||||
"www.google.ae",
|
||||
"www.google.com.af",
|
||||
"www.google.com.ag",
|
||||
"www.google.com.ai",
|
||||
"www.google.al",
|
||||
"www.google.am",
|
||||
"www.google.co.ao",
|
||||
"www.google.com.ar",
|
||||
"www.google.as",
|
||||
"www.google.at",
|
||||
"www.google.com.au",
|
||||
"www.google.az",
|
||||
"www.google.ba",
|
||||
"www.google.com.bd",
|
||||
"www.google.be",
|
||||
"www.google.bf",
|
||||
"www.google.bg",
|
||||
"www.google.com.bh",
|
||||
"www.google.bi",
|
||||
"www.google.bj",
|
||||
"www.google.com.bn",
|
||||
"www.google.com.bo",
|
||||
"www.google.com.br",
|
||||
"www.google.bs",
|
||||
"www.google.bt",
|
||||
"www.google.co.bw",
|
||||
"www.google.by",
|
||||
"www.google.com.bz",
|
||||
"www.google.ca",
|
||||
"www.google.cd",
|
||||
"www.google.cf",
|
||||
"www.google.cg",
|
||||
"www.google.ch",
|
||||
"www.google.ci",
|
||||
"www.google.co.ck",
|
||||
"www.google.cl",
|
||||
"www.google.cm",
|
||||
"www.google.cn",
|
||||
"www.google.com.co",
|
||||
"www.google.co.cr",
|
||||
"www.google.com.cu",
|
||||
"www.google.cv",
|
||||
"www.google.com.cy",
|
||||
"www.google.cz",
|
||||
"www.google.de",
|
||||
"www.google.dj",
|
||||
"www.google.dk",
|
||||
"www.google.dm",
|
||||
"www.google.com.do",
|
||||
"www.google.dz",
|
||||
"www.google.com.ec",
|
||||
"www.google.ee",
|
||||
"www.google.com.eg",
|
||||
"www.google.es",
|
||||
"www.google.com.et",
|
||||
"www.google.fi",
|
||||
"www.google.com.fj",
|
||||
"www.google.fm",
|
||||
"www.google.fr",
|
||||
"www.google.ga",
|
||||
"www.google.ge",
|
||||
"www.google.gg",
|
||||
"www.google.com.gh",
|
||||
"www.google.com.gi",
|
||||
"www.google.gl",
|
||||
"www.google.gm",
|
||||
"www.google.gp",
|
||||
"www.google.gr",
|
||||
"www.google.com.gt",
|
||||
"www.google.gy",
|
||||
"www.google.com.hk",
|
||||
"www.google.hn",
|
||||
"www.google.hr",
|
||||
"www.google.ht",
|
||||
"www.google.hu",
|
||||
"www.google.co.id",
|
||||
"www.google.ie",
|
||||
"www.google.co.il",
|
||||
"www.google.im",
|
||||
"www.google.co.in",
|
||||
"www.google.iq",
|
||||
"www.google.is",
|
||||
"www.google.it",
|
||||
"www.google.je",
|
||||
"www.google.com.jm",
|
||||
"www.google.jo",
|
||||
"www.google.co.jp",
|
||||
"www.google.co.ke",
|
||||
"www.google.com.kh",
|
||||
"www.google.ki",
|
||||
"www.google.kg",
|
||||
"www.google.co.kr",
|
||||
"www.google.com.kw",
|
||||
"www.google.kz",
|
||||
"www.google.la",
|
||||
"www.google.com.lb",
|
||||
"www.google.li",
|
||||
"www.google.lk",
|
||||
"www.google.co.ls",
|
||||
"www.google.lt",
|
||||
"www.google.lu",
|
||||
"www.google.lv",
|
||||
"www.google.com.ly",
|
||||
"www.google.co.ma",
|
||||
"www.google.md",
|
||||
"www.google.me",
|
||||
"www.google.mg",
|
||||
"www.google.mk",
|
||||
"www.google.ml",
|
||||
"www.google.com.mm",
|
||||
"www.google.mn",
|
||||
"www.google.ms",
|
||||
"www.google.com.mt",
|
||||
"www.google.mu",
|
||||
"www.google.mv",
|
||||
"www.google.mw",
|
||||
"www.google.com.mx",
|
||||
"www.google.com.my",
|
||||
"www.google.co.mz",
|
||||
"www.google.com.na",
|
||||
"www.google.com.nf",
|
||||
"www.google.com.ng",
|
||||
"www.google.com.ni",
|
||||
"www.google.ne",
|
||||
"www.google.nl",
|
||||
"www.google.no",
|
||||
"www.google.com.np",
|
||||
"www.google.nr",
|
||||
"www.google.nu",
|
||||
"www.google.co.nz",
|
||||
"www.google.com.om",
|
||||
"www.google.com.pa",
|
||||
"www.google.com.pe",
|
||||
"www.google.com.pg",
|
||||
"www.google.com.ph",
|
||||
"www.google.com.pk",
|
||||
"www.google.pl",
|
||||
"www.google.pn",
|
||||
"www.google.com.pr",
|
||||
"www.google.ps",
|
||||
"www.google.pt",
|
||||
"www.google.com.py",
|
||||
"www.google.com.qa",
|
||||
"www.google.ro",
|
||||
"www.google.ru",
|
||||
"www.google.rw",
|
||||
"www.google.com.sa",
|
||||
"www.google.com.sb",
|
||||
"www.google.sc",
|
||||
"www.google.se",
|
||||
"www.google.com.sg",
|
||||
"www.google.sh",
|
||||
"www.google.si",
|
||||
"www.google.sk",
|
||||
"www.google.com.sl",
|
||||
"www.google.sn",
|
||||
"www.google.so",
|
||||
"www.google.sm",
|
||||
"www.google.sr",
|
||||
"www.google.st",
|
||||
"www.google.com.sv",
|
||||
"www.google.td",
|
||||
"www.google.tg",
|
||||
"www.google.co.th",
|
||||
"www.google.com.tj",
|
||||
"www.google.tk",
|
||||
"www.google.tl",
|
||||
"www.google.tm",
|
||||
"www.google.tn",
|
||||
"www.google.to",
|
||||
"www.google.com.tr",
|
||||
"www.google.tt",
|
||||
"www.google.com.tw",
|
||||
"www.google.co.tz",
|
||||
"www.google.com.ua",
|
||||
"www.google.co.ug",
|
||||
"www.google.co.uk",
|
||||
"www.google.com.uy",
|
||||
"www.google.co.uz",
|
||||
"www.google.com.vc",
|
||||
"www.google.co.ve",
|
||||
"www.google.vg",
|
||||
"www.google.co.vi",
|
||||
"www.google.com.vn",
|
||||
"www.google.vu",
|
||||
"www.google.ws",
|
||||
"www.google.rs",
|
||||
"www.google.co.za",
|
||||
"www.google.co.zm",
|
||||
"www.google.co.zw",
|
||||
"www.google.cat"
|
||||
".google.com",
|
||||
".google.ad",
|
||||
".google.ae",
|
||||
".google.com.af",
|
||||
".google.com.ag",
|
||||
".google.com.ai",
|
||||
".google.al",
|
||||
".google.am",
|
||||
".google.co.ao",
|
||||
".google.com.ar",
|
||||
".google.as",
|
||||
".google.at",
|
||||
".google.com.au",
|
||||
".google.az",
|
||||
".google.ba",
|
||||
".google.com.bd",
|
||||
".google.be",
|
||||
".google.bf",
|
||||
".google.bg",
|
||||
".google.com.bh",
|
||||
".google.bi",
|
||||
".google.bj",
|
||||
".google.com.bn",
|
||||
".google.com.bo",
|
||||
".google.com.br",
|
||||
".google.bs",
|
||||
".google.bt",
|
||||
".google.co.bw",
|
||||
".google.by",
|
||||
".google.com.bz",
|
||||
".google.ca",
|
||||
".google.cd",
|
||||
".google.cf",
|
||||
".google.cg",
|
||||
".google.ch",
|
||||
".google.ci",
|
||||
".google.co.ck",
|
||||
".google.cl",
|
||||
".google.cm",
|
||||
".google.cn",
|
||||
".google.com.co",
|
||||
".google.co.cr",
|
||||
".google.com.cu",
|
||||
".google.cv",
|
||||
".google.com.cy",
|
||||
".google.cz",
|
||||
".google.de",
|
||||
".google.dj",
|
||||
".google.dk",
|
||||
".google.dm",
|
||||
".google.com.do",
|
||||
".google.dz",
|
||||
".google.com.ec",
|
||||
".google.ee",
|
||||
".google.com.eg",
|
||||
".google.es",
|
||||
".google.com.et",
|
||||
".google.fi",
|
||||
".google.com.fj",
|
||||
".google.fm",
|
||||
".google.fr",
|
||||
".google.ga",
|
||||
".google.ge",
|
||||
".google.gg",
|
||||
".google.com.gh",
|
||||
".google.com.gi",
|
||||
".google.gl",
|
||||
".google.gm",
|
||||
".google.gp",
|
||||
".google.gr",
|
||||
".google.com.gt",
|
||||
".google.gy",
|
||||
".google.com.hk",
|
||||
".google.hn",
|
||||
".google.hr",
|
||||
".google.ht",
|
||||
".google.hu",
|
||||
".google.co.id",
|
||||
".google.ie",
|
||||
".google.co.il",
|
||||
".google.im",
|
||||
".google.co.in",
|
||||
".google.iq",
|
||||
".google.is",
|
||||
".google.it",
|
||||
".google.je",
|
||||
".google.com.jm",
|
||||
".google.jo",
|
||||
".google.co.jp",
|
||||
".google.co.ke",
|
||||
".google.com.kh",
|
||||
".google.ki",
|
||||
".google.kg",
|
||||
".google.co.kr",
|
||||
".google.com.kw",
|
||||
".google.kz",
|
||||
".google.la",
|
||||
".google.com.lb",
|
||||
".google.li",
|
||||
".google.lk",
|
||||
".google.co.ls",
|
||||
".google.lt",
|
||||
".google.lu",
|
||||
".google.lv",
|
||||
".google.com.ly",
|
||||
".google.co.ma",
|
||||
".google.md",
|
||||
".google.me",
|
||||
".google.mg",
|
||||
".google.mk",
|
||||
".google.ml",
|
||||
".google.com.mm",
|
||||
".google.mn",
|
||||
".google.ms",
|
||||
".google.com.mt",
|
||||
".google.mu",
|
||||
".google.mv",
|
||||
".google.mw",
|
||||
".google.com.mx",
|
||||
".google.com.my",
|
||||
".google.co.mz",
|
||||
".google.com.na",
|
||||
".google.com.nf",
|
||||
".google.com.ng",
|
||||
".google.com.ni",
|
||||
".google.ne",
|
||||
".google.nl",
|
||||
".google.no",
|
||||
".google.com.np",
|
||||
".google.nr",
|
||||
".google.nu",
|
||||
".google.co.nz",
|
||||
".google.com.om",
|
||||
".google.com.pa",
|
||||
".google.com.pe",
|
||||
".google.com.pg",
|
||||
".google.com.ph",
|
||||
".google.com.pk",
|
||||
".google.pl",
|
||||
".google.pn",
|
||||
".google.com.pr",
|
||||
".google.ps",
|
||||
".google.pt",
|
||||
".google.com.py",
|
||||
".google.com.qa",
|
||||
".google.ro",
|
||||
".google.ru",
|
||||
".google.rw",
|
||||
".google.com.sa",
|
||||
".google.com.sb",
|
||||
".google.sc",
|
||||
".google.se",
|
||||
".google.com.sg",
|
||||
".google.sh",
|
||||
".google.si",
|
||||
".google.sk",
|
||||
".google.com.sl",
|
||||
".google.sn",
|
||||
".google.so",
|
||||
".google.sm",
|
||||
".google.sr",
|
||||
".google.st",
|
||||
".google.com.sv",
|
||||
".google.td",
|
||||
".google.tg",
|
||||
".google.co.th",
|
||||
".google.com.tj",
|
||||
".google.tk",
|
||||
".google.tl",
|
||||
".google.tm",
|
||||
".google.tn",
|
||||
".google.to",
|
||||
".google.com.tr",
|
||||
".google.tt",
|
||||
".google.com.tw",
|
||||
".google.co.tz",
|
||||
".google.com.ua",
|
||||
".google.co.ug",
|
||||
".google.co.uk",
|
||||
".google.com.uy",
|
||||
".google.co.uz",
|
||||
".google.com.vc",
|
||||
".google.co.ve",
|
||||
".google.vg",
|
||||
".google.co.vi",
|
||||
".google.com.vn",
|
||||
".google.vu",
|
||||
".google.ws",
|
||||
".google.rs",
|
||||
".google.co.za",
|
||||
".google.co.zm",
|
||||
".google.co.zw",
|
||||
".google.cat",
|
||||
"www.google.com",
|
||||
"www.google.ad",
|
||||
"www.google.ae",
|
||||
"www.google.com.af",
|
||||
"www.google.com.ag",
|
||||
"www.google.com.ai",
|
||||
"www.google.al",
|
||||
"www.google.am",
|
||||
"www.google.co.ao",
|
||||
"www.google.com.ar",
|
||||
"www.google.as",
|
||||
"www.google.at",
|
||||
"www.google.com.au",
|
||||
"www.google.az",
|
||||
"www.google.ba",
|
||||
"www.google.com.bd",
|
||||
"www.google.be",
|
||||
"www.google.bf",
|
||||
"www.google.bg",
|
||||
"www.google.com.bh",
|
||||
"www.google.bi",
|
||||
"www.google.bj",
|
||||
"www.google.com.bn",
|
||||
"www.google.com.bo",
|
||||
"www.google.com.br",
|
||||
"www.google.bs",
|
||||
"www.google.bt",
|
||||
"www.google.co.bw",
|
||||
"www.google.by",
|
||||
"www.google.com.bz",
|
||||
"www.google.ca",
|
||||
"www.google.cd",
|
||||
"www.google.cf",
|
||||
"www.google.cg",
|
||||
"www.google.ch",
|
||||
"www.google.ci",
|
||||
"www.google.co.ck",
|
||||
"www.google.cl",
|
||||
"www.google.cm",
|
||||
"www.google.cn",
|
||||
"www.google.com.co",
|
||||
"www.google.co.cr",
|
||||
"www.google.com.cu",
|
||||
"www.google.cv",
|
||||
"www.google.com.cy",
|
||||
"www.google.cz",
|
||||
"www.google.de",
|
||||
"www.google.dj",
|
||||
"www.google.dk",
|
||||
"www.google.dm",
|
||||
"www.google.com.do",
|
||||
"www.google.dz",
|
||||
"www.google.com.ec",
|
||||
"www.google.ee",
|
||||
"www.google.com.eg",
|
||||
"www.google.es",
|
||||
"www.google.com.et",
|
||||
"www.google.fi",
|
||||
"www.google.com.fj",
|
||||
"www.google.fm",
|
||||
"www.google.fr",
|
||||
"www.google.ga",
|
||||
"www.google.ge",
|
||||
"www.google.gg",
|
||||
"www.google.com.gh",
|
||||
"www.google.com.gi",
|
||||
"www.google.gl",
|
||||
"www.google.gm",
|
||||
"www.google.gp",
|
||||
"www.google.gr",
|
||||
"www.google.com.gt",
|
||||
"www.google.gy",
|
||||
"www.google.com.hk",
|
||||
"www.google.hn",
|
||||
"www.google.hr",
|
||||
"www.google.ht",
|
||||
"www.google.hu",
|
||||
"www.google.co.id",
|
||||
"www.google.ie",
|
||||
"www.google.co.il",
|
||||
"www.google.im",
|
||||
"www.google.co.in",
|
||||
"www.google.iq",
|
||||
"www.google.is",
|
||||
"www.google.it",
|
||||
"www.google.je",
|
||||
"www.google.com.jm",
|
||||
"www.google.jo",
|
||||
"www.google.co.jp",
|
||||
"www.google.co.ke",
|
||||
"www.google.com.kh",
|
||||
"www.google.ki",
|
||||
"www.google.kg",
|
||||
"www.google.co.kr",
|
||||
"www.google.com.kw",
|
||||
"www.google.kz",
|
||||
"www.google.la",
|
||||
"www.google.com.lb",
|
||||
"www.google.li",
|
||||
"www.google.lk",
|
||||
"www.google.co.ls",
|
||||
"www.google.lt",
|
||||
"www.google.lu",
|
||||
"www.google.lv",
|
||||
"www.google.com.ly",
|
||||
"www.google.co.ma",
|
||||
"www.google.md",
|
||||
"www.google.me",
|
||||
"www.google.mg",
|
||||
"www.google.mk",
|
||||
"www.google.ml",
|
||||
"www.google.com.mm",
|
||||
"www.google.mn",
|
||||
"www.google.ms",
|
||||
"www.google.com.mt",
|
||||
"www.google.mu",
|
||||
"www.google.mv",
|
||||
"www.google.mw",
|
||||
"www.google.com.mx",
|
||||
"www.google.com.my",
|
||||
"www.google.co.mz",
|
||||
"www.google.com.na",
|
||||
"www.google.com.nf",
|
||||
"www.google.com.ng",
|
||||
"www.google.com.ni",
|
||||
"www.google.ne",
|
||||
"www.google.nl",
|
||||
"www.google.no",
|
||||
"www.google.com.np",
|
||||
"www.google.nr",
|
||||
"www.google.nu",
|
||||
"www.google.co.nz",
|
||||
"www.google.com.om",
|
||||
"www.google.com.pa",
|
||||
"www.google.com.pe",
|
||||
"www.google.com.pg",
|
||||
"www.google.com.ph",
|
||||
"www.google.com.pk",
|
||||
"www.google.pl",
|
||||
"www.google.pn",
|
||||
"www.google.com.pr",
|
||||
"www.google.ps",
|
||||
"www.google.pt",
|
||||
"www.google.com.py",
|
||||
"www.google.com.qa",
|
||||
"www.google.ro",
|
||||
"www.google.ru",
|
||||
"www.google.rw",
|
||||
"www.google.com.sa",
|
||||
"www.google.com.sb",
|
||||
"www.google.sc",
|
||||
"www.google.se",
|
||||
"www.google.com.sg",
|
||||
"www.google.sh",
|
||||
"www.google.si",
|
||||
"www.google.sk",
|
||||
"www.google.com.sl",
|
||||
"www.google.sn",
|
||||
"www.google.so",
|
||||
"www.google.sm",
|
||||
"www.google.sr",
|
||||
"www.google.st",
|
||||
"www.google.com.sv",
|
||||
"www.google.td",
|
||||
"www.google.tg",
|
||||
"www.google.co.th",
|
||||
"www.google.com.tj",
|
||||
"www.google.tk",
|
||||
"www.google.tl",
|
||||
"www.google.tm",
|
||||
"www.google.tn",
|
||||
"www.google.to",
|
||||
"www.google.com.tr",
|
||||
"www.google.tt",
|
||||
"www.google.com.tw",
|
||||
"www.google.co.tz",
|
||||
"www.google.com.ua",
|
||||
"www.google.co.ug",
|
||||
"www.google.co.uk",
|
||||
"www.google.com.uy",
|
||||
"www.google.co.uz",
|
||||
"www.google.com.vc",
|
||||
"www.google.co.ve",
|
||||
"www.google.vg",
|
||||
"www.google.co.vi",
|
||||
"www.google.com.vn",
|
||||
"www.google.vu",
|
||||
"www.google.ws",
|
||||
"www.google.rs",
|
||||
"www.google.co.za",
|
||||
"www.google.co.zm",
|
||||
"www.google.co.zw",
|
||||
"www.google.cat"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -2,160 +2,163 @@
|
|||
"name": "List of known microsoft domains",
|
||||
"version": 1,
|
||||
"description": "Event contains one or more entries of known microsoft domains",
|
||||
"matching_attributes": [ "domain", "hostname", "domain|ip" ],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"list": [
|
||||
".files-df.1drv.com",
|
||||
".files.1drv.com",
|
||||
".aadrm.com",
|
||||
".afx.ms",
|
||||
".akadns.net",
|
||||
".aspnetcdn.com",
|
||||
".azure-int.net",
|
||||
".azure-mobile.net",
|
||||
".azure.com",
|
||||
".cloudapp.azure.com",
|
||||
"azure.com",
|
||||
".azure.net",
|
||||
".cloudapp.azure.net",
|
||||
".azureedge.net",
|
||||
".azurewebsites.net",
|
||||
".bing-exp.com",
|
||||
".bing-int.com",
|
||||
".bing.com",
|
||||
"bing.com",
|
||||
"download.cortana.cn.bing.com",
|
||||
".bing.net",
|
||||
".ceipmsn.com",
|
||||
".cloudapp.net",
|
||||
".codeplex.com",
|
||||
".discoverbing.com",
|
||||
".getmicrosoftkey.com",
|
||||
".gfx-int.ms",
|
||||
"gfx-int.ms",
|
||||
".gfx.ms",
|
||||
".healthvault-ppe.co.uk",
|
||||
".healthvault-ppe.com",
|
||||
"healthvault-ppe.com",
|
||||
".healthvault.co.uk",
|
||||
".healthvault.com",
|
||||
".hotmail-int.com",
|
||||
"hotmail.co.uk",
|
||||
".hotmail.com",
|
||||
"hotmail.com",
|
||||
"iespdytst",
|
||||
"ieta-wa-24",
|
||||
".live-int.com",
|
||||
".live-int.net",
|
||||
".live-partner.com",
|
||||
".live-ppe.net",
|
||||
".live.com",
|
||||
".live.fi",
|
||||
"live.fi",
|
||||
".live.net",
|
||||
".livefilestore-int.com",
|
||||
".livefilestore.com",
|
||||
".livemeeting.com",
|
||||
".lync.com",
|
||||
".mesh.com",
|
||||
".mgmt.live",
|
||||
".microsoft-int.com",
|
||||
".microsoft.com",
|
||||
".redmond.corp.microsoft.com",
|
||||
"download.microsoft.com",
|
||||
"iespdytst.redmond.corp.microsoft.com",
|
||||
"microsoft.com",
|
||||
"powerusers-staging.microsoft.com",
|
||||
"powerusers.microsoft.com",
|
||||
"telecommand.telemetry.microsoft.com",
|
||||
"vortex-sandbox.data.microsoft.com",
|
||||
"watson.telemetry.microsoft.com",
|
||||
".microsoft.com.au",
|
||||
".microsoft.com.tr",
|
||||
".microsoft.fr",
|
||||
".microsoftonline-int.com",
|
||||
".microsoftonline-p-int.com",
|
||||
".microsoftonline-p.com",
|
||||
".microsoftonline-p.net",
|
||||
".microsoftonline.com",
|
||||
".microsoftonline.net",
|
||||
".microsoftprime.com",
|
||||
".microsoftstore.com",
|
||||
"za.microsoftstore.com",
|
||||
".microsoftstore.com.br",
|
||||
".microsoftstore.com.cn",
|
||||
".microsoftstore.com.hk",
|
||||
".microsofttranslator.com",
|
||||
".microsoftvirtualacademy.com",
|
||||
".modern.ie",
|
||||
"modern.ie",
|
||||
".msads.net",
|
||||
".vo.msecnd.net",
|
||||
".msgamestudios.com",
|
||||
".msn-int.com",
|
||||
".msn.cn",
|
||||
".msn.co.jp",
|
||||
".msn.com",
|
||||
".msn.com.cn",
|
||||
".msocdn.com",
|
||||
".firstpartyapps.oaspapps.com",
|
||||
".office-int.com",
|
||||
"office-int.com",
|
||||
".office-int.net",
|
||||
".office.com",
|
||||
"office.com",
|
||||
".office.net",
|
||||
".office365.com",
|
||||
".officeppe.com",
|
||||
".officeppe.net",
|
||||
".onedrive.com",
|
||||
"onedrive.com",
|
||||
".onenote.com",
|
||||
"onenote.com",
|
||||
".onenote.net",
|
||||
"outlook-int.com",
|
||||
".outlook.com",
|
||||
"003-1-d.outlook.com",
|
||||
"003-1-d.prod.outlook.com",
|
||||
"outlook.com",
|
||||
"pod71084-pri.outlook.com",
|
||||
"pod71084.outlook.com",
|
||||
".pfx.ms",
|
||||
".s-microsoft.com",
|
||||
".s-msft.com",
|
||||
".s-msn.com",
|
||||
".sfx-df.ms",
|
||||
".sfx-int.ms",
|
||||
".sfx.ms",
|
||||
".sharepoint.com",
|
||||
".sharepointonline.com",
|
||||
".skype.com",
|
||||
"community-stage.skype.com",
|
||||
".skype.net",
|
||||
".skypeassets.com",
|
||||
".sqlazurelabs.com",
|
||||
".surface.com",
|
||||
".syncxp.net",
|
||||
".trouter.io",
|
||||
".virtualearth.net",
|
||||
".visualstudio.com",
|
||||
"visualstudio.com",
|
||||
".windows-int.net",
|
||||
".windows.com",
|
||||
"insidersurveys.windows.com",
|
||||
"www.insidersurveys.windows.com",
|
||||
".windows.net",
|
||||
".windowsazure.com",
|
||||
".windowsmedia.com",
|
||||
".windowsphone-int.com",
|
||||
".windowsphone-int.net",
|
||||
".windowsphone.com",
|
||||
".windowsphone.net",
|
||||
".windowssearch.com",
|
||||
".windowsstore.com",
|
||||
".wlxrs.com",
|
||||
".xbox.com",
|
||||
".xboxlive.com",
|
||||
".zune.net"
|
||||
]
|
||||
".files-df.1drv.com",
|
||||
".files.1drv.com",
|
||||
".aadrm.com",
|
||||
".afx.ms",
|
||||
".akadns.net",
|
||||
".aspnetcdn.com",
|
||||
".azure-int.net",
|
||||
".azure-mobile.net",
|
||||
".azure.com",
|
||||
".cloudapp.azure.com",
|
||||
"azure.com",
|
||||
".azure.net",
|
||||
".cloudapp.azure.net",
|
||||
".azureedge.net",
|
||||
".azurewebsites.net",
|
||||
".bing-exp.com",
|
||||
".bing-int.com",
|
||||
".bing.com",
|
||||
"bing.com",
|
||||
"download.cortana.cn.bing.com",
|
||||
".bing.net",
|
||||
".ceipmsn.com",
|
||||
".cloudapp.net",
|
||||
".codeplex.com",
|
||||
".discoverbing.com",
|
||||
".getmicrosoftkey.com",
|
||||
".gfx-int.ms",
|
||||
"gfx-int.ms",
|
||||
".gfx.ms",
|
||||
".healthvault-ppe.co.uk",
|
||||
".healthvault-ppe.com",
|
||||
"healthvault-ppe.com",
|
||||
".healthvault.co.uk",
|
||||
".healthvault.com",
|
||||
".hotmail-int.com",
|
||||
"hotmail.co.uk",
|
||||
".hotmail.com",
|
||||
"hotmail.com",
|
||||
"iespdytst",
|
||||
"ieta-wa-24",
|
||||
".live-int.com",
|
||||
".live-int.net",
|
||||
".live-partner.com",
|
||||
".live-ppe.net",
|
||||
".live.com",
|
||||
".live.fi",
|
||||
"live.fi",
|
||||
".live.net",
|
||||
".livefilestore-int.com",
|
||||
".livefilestore.com",
|
||||
".livemeeting.com",
|
||||
".lync.com",
|
||||
".mesh.com",
|
||||
".mgmt.live",
|
||||
".microsoft-int.com",
|
||||
".microsoft.com",
|
||||
".redmond.corp.microsoft.com",
|
||||
"download.microsoft.com",
|
||||
"iespdytst.redmond.corp.microsoft.com",
|
||||
"microsoft.com",
|
||||
"powerusers-staging.microsoft.com",
|
||||
"powerusers.microsoft.com",
|
||||
"telecommand.telemetry.microsoft.com",
|
||||
"vortex-sandbox.data.microsoft.com",
|
||||
"watson.telemetry.microsoft.com",
|
||||
".microsoft.com.au",
|
||||
".microsoft.com.tr",
|
||||
".microsoft.fr",
|
||||
".microsoftonline-int.com",
|
||||
".microsoftonline-p-int.com",
|
||||
".microsoftonline-p.com",
|
||||
".microsoftonline-p.net",
|
||||
".microsoftonline.com",
|
||||
".microsoftonline.net",
|
||||
".microsoftprime.com",
|
||||
".microsoftstore.com",
|
||||
"za.microsoftstore.com",
|
||||
".microsoftstore.com.br",
|
||||
".microsoftstore.com.cn",
|
||||
".microsoftstore.com.hk",
|
||||
".microsofttranslator.com",
|
||||
".microsoftvirtualacademy.com",
|
||||
".modern.ie",
|
||||
"modern.ie",
|
||||
".msads.net",
|
||||
".vo.msecnd.net",
|
||||
".msgamestudios.com",
|
||||
".msn-int.com",
|
||||
".msn.cn",
|
||||
".msn.co.jp",
|
||||
".msn.com",
|
||||
".msn.com.cn",
|
||||
".msocdn.com",
|
||||
".firstpartyapps.oaspapps.com",
|
||||
".office-int.com",
|
||||
"office-int.com",
|
||||
".office-int.net",
|
||||
".office.com",
|
||||
"office.com",
|
||||
".office.net",
|
||||
".office365.com",
|
||||
".officeppe.com",
|
||||
".officeppe.net",
|
||||
".onedrive.com",
|
||||
"onedrive.com",
|
||||
".onenote.com",
|
||||
"onenote.com",
|
||||
".onenote.net",
|
||||
"outlook-int.com",
|
||||
".outlook.com",
|
||||
"003-1-d.outlook.com",
|
||||
"003-1-d.prod.outlook.com",
|
||||
"outlook.com",
|
||||
"pod71084-pri.outlook.com",
|
||||
"pod71084.outlook.com",
|
||||
".pfx.ms",
|
||||
".s-microsoft.com",
|
||||
".s-msft.com",
|
||||
".s-msn.com",
|
||||
".sfx-df.ms",
|
||||
".sfx-int.ms",
|
||||
".sfx.ms",
|
||||
".sharepoint.com",
|
||||
".sharepointonline.com",
|
||||
".skype.com",
|
||||
"community-stage.skype.com",
|
||||
".skype.net",
|
||||
".skypeassets.com",
|
||||
".sqlazurelabs.com",
|
||||
".surface.com",
|
||||
".syncxp.net",
|
||||
".trouter.io",
|
||||
".virtualearth.net",
|
||||
".visualstudio.com",
|
||||
"visualstudio.com",
|
||||
".windows-int.net",
|
||||
".windows.com",
|
||||
"insidersurveys.windows.com",
|
||||
"www.insidersurveys.windows.com",
|
||||
".windows.net",
|
||||
".windowsazure.com",
|
||||
".windowsmedia.com",
|
||||
".windowsphone-int.com",
|
||||
".windowsphone-int.net",
|
||||
".windowsphone.com",
|
||||
".windowsphone.net",
|
||||
".windowssearch.com",
|
||||
".windowsstore.com",
|
||||
".wlxrs.com",
|
||||
".xbox.com",
|
||||
".xboxlive.com",
|
||||
".zune.net"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,184 +1,283 @@
|
|||
{
|
||||
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
|
||||
"list": [
|
||||
"2001:1488:800:400::130",
|
||||
"2001:1608:10:167:342::eb52",
|
||||
"2001:1620:2777:1::10",
|
||||
"2001:1620:2777:1::11",
|
||||
"2001:1620:2777::2",
|
||||
"2001:1a68::d911:2244",
|
||||
"2001:1bc0::ffff:aaaa:2",
|
||||
"2001:1bc0::ffff:bbbb:2",
|
||||
"2001:2040:39::5",
|
||||
"2001:418:3ff::1:53",
|
||||
"2001:418:3ff::53",
|
||||
"2001:41d0:8:be92::1",
|
||||
"2001:428:101:100:205:171:2:65",
|
||||
"2001:428:101:100:205:171:3:65",
|
||||
"2001:428::1",
|
||||
"2001:450:2005:1::4",
|
||||
"2001:450:2005:2::4",
|
||||
"2001:450:2005:2::5",
|
||||
"2001:450:2005:3::5",
|
||||
"2001:468:c80:2101:0:100:0:22",
|
||||
"2001:468:c80:2101:0:100:0:22",
|
||||
"2001:468:c80:4101:0:100:0:42",
|
||||
"2001:468:c80:4101:0:100:0:42",
|
||||
"2001:470:0:45::2",
|
||||
"2001:470:0:69::2",
|
||||
"2001:470:0:78::2",
|
||||
"2001:470:0:7d::2",
|
||||
"2001:470:0:8c::2",
|
||||
"2001:470:0:c0::2",
|
||||
"2001:470:20::2",
|
||||
"2001:470:520a::1",
|
||||
"2001:470:6c:521::2",
|
||||
"2001:470:6d:521::1",
|
||||
"2001:470:f032:1::254",
|
||||
"2001:4860:4860::8844",
|
||||
"2001:4860:4860::8888",
|
||||
"2001:4870:6082:3::100",
|
||||
"2001:4870:6082:3::5",
|
||||
"2001:4870:8000:3::100",
|
||||
"2001:4870:8000:3::5",
|
||||
"2001:4ce8::53",
|
||||
"2001:4dd0:fb32:3::d",
|
||||
"2001:4dd0:fd5e::53",
|
||||
"2001:4f8:0:2::14",
|
||||
"2001:550:1:1::d",
|
||||
"2001:5b8:1::5",
|
||||
"2001:610:1108:5010::130",
|
||||
"2001:638:902:1::10",
|
||||
"2001:648:2ffc:100::211",
|
||||
"2001:678:1::206",
|
||||
"2001:67c:15e8:d1::18",
|
||||
"2001:67c:15e8:d1::19",
|
||||
"2001:67c:2b0::1",
|
||||
"2001:67c:2b0::2",
|
||||
"2001:67c:2b24:1000::10",
|
||||
"2001:67c:2b24:1000::11",
|
||||
"2001:6b0:3f::a",
|
||||
"2001:750:2:3::51",
|
||||
"2001:750:2:3::52",
|
||||
"2001:7b8:1509::1",
|
||||
"2001:840:0:200::1",
|
||||
"2001:840:200::",
|
||||
"2001:840:2010:413::100",
|
||||
"2001:910:800::12",
|
||||
"2001:910:800::40",
|
||||
"2001:913::8",
|
||||
"2001:978:1:1::d",
|
||||
"2001:978:1:2::d",
|
||||
"2001:b000:168::1",
|
||||
"2001:b08:2:280::4:1",
|
||||
"2001:bf0::2",
|
||||
"2001:da8:202:10::37",
|
||||
"2001:ec0:1::1",
|
||||
"2001:ec0:3::3",
|
||||
"2400:8900::f03c:91ff:fe70:c452",
|
||||
"2407:9000:0:4::2",
|
||||
"2600:3c00::20:b1ff",
|
||||
"2600:3c02::f03c:91ff:fe84:cb54",
|
||||
"2600::1",
|
||||
"2600::2",
|
||||
"2607:fa88:1::2",
|
||||
"2610:130:100:3::200",
|
||||
"2620:0:ccc::2",
|
||||
"2620:0:ccd::2",
|
||||
"2800:960:0:12:201:217:1:231",
|
||||
"2a00-1508-0-4--9.puntcat.ip6.guifi.net.",
|
||||
"2a00:1508:0:4::9",
|
||||
"2a00:5881:8100:1000::3",
|
||||
"2a00:dcc0:eda:88:245:71:858e:a15",
|
||||
"2a01:4f8:161:4109::6",
|
||||
"2a01:4f8:191:306c::2",
|
||||
"2a02:180:1:1::517:1045",
|
||||
"2a02:2178:1:2::2",
|
||||
"2a02:6b8::feed:ff",
|
||||
"2a02:940:0:4293::100",
|
||||
"2a03:4000:6:510b::1",
|
||||
"2a03:b0c0:3:d0::7c:5001",
|
||||
"McRip-5-pt.tunnel.tserv26.ber1.ipv6.he.net.",
|
||||
"canopus.ne2000.nl.",
|
||||
"copaco-public-resolver-ipv6-b.copaco.com.py.",
|
||||
"cznic-public-dns-1.nic.cz.",
|
||||
"dlfw-rdns-01.dlfw.twtelecom.net.",
|
||||
"dns.cesidianroot.eu.",
|
||||
"dns.yandex.ru.",
|
||||
"dns1.host.net.",
|
||||
"dns1.lon.gblx.net.",
|
||||
"dns1.phx.gblx.net.",
|
||||
"dns1.totbb.net.",
|
||||
"dns2.phx.gblx.net.",
|
||||
"dns2.roc.gblx.net.",
|
||||
"dns2.totbb.net.",
|
||||
"dnsres1.nic.cz.",
|
||||
"dnvr-rdns-01.dnvr.twtelecom.net.",
|
||||
"emma.robingroppe.de.",
|
||||
"eu-res1.dns.cogentco.com.",
|
||||
"eu-res2.dns.cogentco.com.",
|
||||
"freya.stelas.de.",
|
||||
"google-public-dns-a.google.com.",
|
||||
"google-public-dns-b.google.com.",
|
||||
"hntp1.hinet.net.",
|
||||
"homens.b-hs.de.",
|
||||
"jeru.cns.ipv6.vt.edu.",
|
||||
"jeru.cns.ipv6.vt.edu.",
|
||||
"leia.fdn.org.",
|
||||
"lpc1.stu.neva.ru.",
|
||||
"mnt1.eutelia.it.",
|
||||
"mnt2.eutelia.it.",
|
||||
"na-res1.dns.cogentco.com.",
|
||||
"ns-3.iastate.edu.",
|
||||
"ns.ipv6.uni-leipzig.de.",
|
||||
"ns0.ldn-fai.net.",
|
||||
"ns1.fdn.org.",
|
||||
"ns1.init7.net.",
|
||||
"ns1.probe-networks.de.",
|
||||
"ns1.sprintlink.net.",
|
||||
"ns1.twtelecom.net.",
|
||||
"ns10.init7.net.",
|
||||
"ns11.init7.net.",
|
||||
"ns2.all.de.",
|
||||
"ns2.itandtel.at.",
|
||||
"ns2.powertech.no.",
|
||||
"ns2.powertech.no.",
|
||||
"ns2.probe-networks.de.",
|
||||
"ns2.sprintlink.net.",
|
||||
"ns2.twtelecom.net.",
|
||||
"or.isc.org.",
|
||||
"ordns.he.net.",
|
||||
"public-dns-a.primawebtools.de.",
|
||||
"public-dns-c.ipv6.primawebtools.de.",
|
||||
"recursif.arn-fai.net.",
|
||||
"resolver.qwest.net.",
|
||||
"resolver1.dns.trex.fi.",
|
||||
"resolver1.ipv6-sandbox.opendns.com.",
|
||||
"resolver2.dns.trex.fi.",
|
||||
"resolver2.ipv6-sandbox.opendns.com.",
|
||||
"rickhunter.ns.ielo.net.",
|
||||
"rns1.grnet.gr.",
|
||||
"services.donotuse.de.",
|
||||
"tserv1.ams1.he.net.",
|
||||
"tserv1.dal1.he.net.",
|
||||
"tserv1.fmt2.he.net.",
|
||||
"tserv1.fra1.he.net.",
|
||||
"tserv1.mia1.he.net.",
|
||||
"tserv1.tor1.he.net.",
|
||||
"tungsten.gparent.org.",
|
||||
"voip.zee.li.",
|
||||
"www.cesidianroot.eu.",
|
||||
"x.ns.gin.ntt.net.",
|
||||
"y.ns.gin.ntt.net.",
|
||||
"yardbird.cns.ipv6.vt.edu.",
|
||||
"yardbird.cns.ipv6.vt.edu.",
|
||||
"zen.stack.nl."
|
||||
],
|
||||
"matching_attribute": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known IPv6 public DNS resolvers",
|
||||
"version": "20160803"
|
||||
}
|
||||
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
|
||||
"list": [
|
||||
"2001:1488:800:400::130",
|
||||
"2001:14b8:100:350::2",
|
||||
"2001:14b8:100:8350::1",
|
||||
"2001:14b8:100:8350::8",
|
||||
"2001:1608:10:167:342::eb52",
|
||||
"2001:1608:10:195:3:dead:beef:cafe",
|
||||
"2001:1608:10:25::1c04:b12f",
|
||||
"2001:1608:10:25::9249:d69b",
|
||||
"2001:1620:2777:1::10",
|
||||
"2001:1620:2777:1::11",
|
||||
"2001:1620:2777::2",
|
||||
"2001:19f0:5001:133:5400:ff:fe30:d565",
|
||||
"2001:19f0:5801:11:5400:ff:fe2d:7724",
|
||||
"2001:19f0:7001:929:5400:ff:fe30:50af",
|
||||
"2001:19f0:8001:5e:5400:ff:fe35:c3ae",
|
||||
"2001:1a68::d911:2244",
|
||||
"2001:1bc0::ffff:aaaa:2",
|
||||
"2001:1bc0::ffff:bbbb:2",
|
||||
"2001:2040:39::5",
|
||||
"2001:418:3ff::1:53",
|
||||
"2001:418:3ff::53",
|
||||
"2001:41d0:52:cff::1325",
|
||||
"2001:41d0:52:f00::413",
|
||||
"2001:41d0:8:be92::1",
|
||||
"2001:41d0:a:1011::1",
|
||||
"2001:41d0:a:28::1",
|
||||
"2001:428:101:100:205:171:2:65",
|
||||
"2001:428:101:100:205:171:3:65",
|
||||
"2001:428::1",
|
||||
"2001:450:2005:1::4",
|
||||
"2001:450:2005:2::4",
|
||||
"2001:450:2005:2::5",
|
||||
"2001:450:2005:3::5",
|
||||
"2001:468:c80:2101:0:100:0:22",
|
||||
"2001:468:c80:4101:0:100:0:42",
|
||||
"2001:470:0:45::2",
|
||||
"2001:470:0:69::2",
|
||||
"2001:470:0:6e::2",
|
||||
"2001:470:0:78::2",
|
||||
"2001:470:0:7d::2",
|
||||
"2001:470:0:8c::2",
|
||||
"2001:470:0:90::2",
|
||||
"2001:470:0:9d::2",
|
||||
"2001:470:0:c0::2",
|
||||
"2001:470:1f14:fd8::2",
|
||||
"2001:470:20::2",
|
||||
"2001:470:26:1c8::1",
|
||||
"2001:470:6d:80:224:1dff:fe84:797",
|
||||
"2001:470:6d:80:a5f6:5a97:a53:71cb",
|
||||
"2001:470:6d:80:c4f1:32a:4521:c34",
|
||||
"2001:470:6d:f1e:1337:360:dead:beef",
|
||||
"2001:470:8e08::",
|
||||
"2001:470:d:bb7::8888",
|
||||
"2001:470:f032:1::254",
|
||||
"2001:4860:4860::8844",
|
||||
"2001:4860:4860::8888",
|
||||
"2001:4870:6082:3::100",
|
||||
"2001:4870:6082:3::5",
|
||||
"2001:4870:8000:3::100",
|
||||
"2001:4870:8000:3::5",
|
||||
"2001:4ce8::53",
|
||||
"2001:4dd0:fd5e::53",
|
||||
"2001:4f8:0:2::14",
|
||||
"2001:550:1:1::d",
|
||||
"2001:5b8:1::5",
|
||||
"2001:610:1108:5010::130",
|
||||
"2001:638:902:1::10",
|
||||
"2001:648:2ffc:100::211",
|
||||
"2001:678:1::206",
|
||||
"2001:67c:15e8:d1::18",
|
||||
"2001:67c:15e8:d1::19",
|
||||
"2001:67c:240c:214::4",
|
||||
"2001:67c:240c:214::5",
|
||||
"2001:67c:2b0::1",
|
||||
"2001:67c:2b0::2",
|
||||
"2001:67c:2b24:1000::10",
|
||||
"2001:67c:2b24:1000::11",
|
||||
"2001:6b0:3f::a",
|
||||
"2001:7b8:1509::1",
|
||||
"2001:840:0:200::1",
|
||||
"2001:840:200::",
|
||||
"2001:840:2010:413::100",
|
||||
"2001:910:800::12",
|
||||
"2001:910:800::40",
|
||||
"2001:978:1:1::d",
|
||||
"2001:978:1:2::d",
|
||||
"2001:b000:168::1",
|
||||
"2001:b08:2:280::4:1",
|
||||
"2001:bf0::2",
|
||||
"2001:ec0:1::1",
|
||||
"2001:ec0:3::3",
|
||||
"2400:6180:0:d0::38:d001",
|
||||
"2400:8900::f03c:91ff:fe70:c452",
|
||||
"2402:2f80:5::",
|
||||
"2402:9e80:1::1:e554",
|
||||
"2403:5680::1:200f",
|
||||
"2407:9000:0:4::2",
|
||||
"2600:3c00::20:b1ff",
|
||||
"2600:3c02::f03c:91ff:fe84:cb54",
|
||||
"2600:3c02::f03c:91ff:fee0:5e5",
|
||||
"2600::1",
|
||||
"2600::2",
|
||||
"2602:3f:e75c:1bff::1",
|
||||
"2602:ffb6:2:0:f816:3eff:fe23:ae28",
|
||||
"2602:ffc5:30::1:d69b",
|
||||
"2604:a880:1:20::c5b:1001",
|
||||
"2604:a880:400:d0::6d6:2001",
|
||||
"2605:f700:c0:1::1089:53ef",
|
||||
"2607:fa88:1::2",
|
||||
"2610:130:100:3::200",
|
||||
"2610:a1:1018::22",
|
||||
"2610:a1:1018::23",
|
||||
"2610:a1:1018::24",
|
||||
"2610:a1:1018::25",
|
||||
"2610:a1:1018::26",
|
||||
"2610:a1:1018::27",
|
||||
"2610:a1:1018::28",
|
||||
"2610:a1:1018::29",
|
||||
"2610:a1:1018::30",
|
||||
"2610:a1:1018::31",
|
||||
"2610:a1:1018::32",
|
||||
"2610:a1:1018::33",
|
||||
"2610:a1:1018::34",
|
||||
"2610:a1:1018::35",
|
||||
"2610:a1:1018::5",
|
||||
"2610:a1:1019::22",
|
||||
"2610:a1:1019::23",
|
||||
"2610:a1:1019::24",
|
||||
"2610:a1:1019::25",
|
||||
"2610:a1:1019::26",
|
||||
"2610:a1:1019::27",
|
||||
"2610:a1:1019::28",
|
||||
"2610:a1:1019::29",
|
||||
"2610:a1:1019::30",
|
||||
"2610:a1:1019::31",
|
||||
"2610:a1:1019::32",
|
||||
"2610:a1:1019::33",
|
||||
"2610:a1:1019::34",
|
||||
"2610:a1:1019::35",
|
||||
"2610:a1:1019::5",
|
||||
"2620:0:ccc::2",
|
||||
"2620:0:ccd::2",
|
||||
"2620:74:1b::1:1",
|
||||
"2620:74:1c::2:2",
|
||||
"2a00-1508-0-4--9.puntcat.ip6.guifi.net.",
|
||||
"2a00-1dc0-cafe--ad86-fa7e.static.host.",
|
||||
"2a00-1dc0-cafe--c6af-c19d.static.host.",
|
||||
"2a00:12d8:7002::2",
|
||||
"2a00:1508:0:4::9",
|
||||
"2a00:1ca8:a7::1e9",
|
||||
"2a00:1dc0:cafe::ad86:fa7e",
|
||||
"2a00:1dc0:cafe::c6af:c19d",
|
||||
"2a00:5881:8100:1000::3",
|
||||
"2a00:5884:8218::1",
|
||||
"2a00:dcc0:eda:88:245:71:858e:a15",
|
||||
"2a00:dcc0:eda:98:183:193:d85a:389b",
|
||||
"2a00:dcc7:2202:11::7b28",
|
||||
"2a00:dcc7:2202:14::2",
|
||||
"2a00:f48:100c:7b::2",
|
||||
"2a00:f48:100c:7e::2",
|
||||
"2a01:4f8:131:1278::2",
|
||||
"2a01:4f8:141:4281::3000",
|
||||
"2a01:4f8:151:90e9::2",
|
||||
"2a01:4f8:151:90e9::b",
|
||||
"2a01:4f8:161:4109::6",
|
||||
"2a01:4f8:191:306c::2",
|
||||
"2a02:2178:1:2::2",
|
||||
"2a02:2ca0:64:22::2",
|
||||
"2a02:6b8::feed:ff",
|
||||
"2a02:7aa0:1201::f60e:2719",
|
||||
"2a02:7aa0:1619::4f50:a69",
|
||||
"2a02:940:0:4293::100",
|
||||
"2a02:e00:fffd:139::9",
|
||||
"2a03:b0c0:0:1010::62:f001",
|
||||
"2a03:b0c0:3:d0::7c:5001",
|
||||
"2a04:92c7:7:7::14ae:460a",
|
||||
"2a04:9dc0:c1:7::cb9:f785",
|
||||
"2a05:b0c6:5e4::53",
|
||||
"2a05:dfc7:5::53",
|
||||
"2a05:dfc7:5::5353",
|
||||
"2c0f:fda8:5::2ed1:d2ec",
|
||||
"::ffff:9538:1aed",
|
||||
"::ffff:9e45:abfe",
|
||||
"ClemenTroniQ89-1-pt.tunnel.tserv11.ams1.ipv6.he.net.",
|
||||
"anyone.dnsrec.meo.ws.",
|
||||
"anytwo.dnsrec.meo.ws.",
|
||||
"b-root.cesidian.info.",
|
||||
"canopus.ne2000.nl.",
|
||||
"cl-849.hel-01.fi.sixxs.net.",
|
||||
"crt-public-dns-a.cesidianroot.eu.",
|
||||
"cznic-public-dns-1.nic.cz.",
|
||||
"dlfw-rdns-01.dlfw.twtelecom.net.",
|
||||
"dns.yandex.ru.",
|
||||
"dns01.jordbruksverket.se.",
|
||||
"dns02.jordbruksverket.se.",
|
||||
"dns1.host.net.",
|
||||
"dns1.lon.gblx.net.",
|
||||
"dns1.phx.gblx.net.",
|
||||
"dns1.totbb.net.",
|
||||
"dns2.phx.gblx.net.",
|
||||
"dns2.roc.gblx.net.",
|
||||
"dns2.totbb.net.",
|
||||
"dnsdist.mysrvr.net.",
|
||||
"dnsres1.nic.cz.",
|
||||
"eu-res1.dns.cogentco.com.",
|
||||
"eu-res2.dns.cogentco.com.",
|
||||
"freya.stelas.de.",
|
||||
"google-public-dns-b.google.com.",
|
||||
"hntp1.hinet.net.",
|
||||
"homens.b-hs.de.",
|
||||
"host19-65-static.59-88-b.business.telecomitalia.it.",
|
||||
"jeru.cns.ipv6.vt.edu.",
|
||||
"log.bzh.",
|
||||
"lpc1.stu.neva.ru.",
|
||||
"lucy.s.imvry.pw.",
|
||||
"mail2.cesidianroot.eu.",
|
||||
"na-res1.dns.cogentco.com.",
|
||||
"ns-3.iastate.edu.",
|
||||
"ns.ipv6.uni-leipzig.de.",
|
||||
"ns0.fdn.org.",
|
||||
"ns1.ams.dns.lchi.mp.",
|
||||
"ns1.ata.dns.lchi.mp.",
|
||||
"ns1.fdn.fr.",
|
||||
"ns1.hnd.dns.lchi.mp.",
|
||||
"ns1.init7.net.",
|
||||
"ns1.nl.dns.d0wn.biz.",
|
||||
"ns1.probe-networks.de.",
|
||||
"ns1.sea.dns.lchi.mp.",
|
||||
"ns1.sg.dns.d0wn.biz.",
|
||||
"ns1.shodan.io.",
|
||||
"ns1.syd.dns.lchi.mp.",
|
||||
"ns1.twtelecom.net.",
|
||||
"ns10.init7.net.",
|
||||
"ns11.init7.net.",
|
||||
"ns2.all.de.",
|
||||
"ns2.itandtel.at.",
|
||||
"ns2.powertech.no.",
|
||||
"ns2.probe-networks.de.",
|
||||
"ns2.shodan.io.",
|
||||
"ns2.sprintlink.net.",
|
||||
"ns2.twtelecom.net.",
|
||||
"ns532549.ip-149-56-26.net.",
|
||||
"open-root.cesidian.info.",
|
||||
"or.isc.org.",
|
||||
"ordns.he.net.",
|
||||
"plfgr.eu.org.",
|
||||
"primary.server.edv-froehlich.de.",
|
||||
"proxyvm.stejau.de.",
|
||||
"public-dns-a.primawebtools.de.",
|
||||
"recursif.arn-fai.net.",
|
||||
"resolver.qwest.net.",
|
||||
"resolver1.dns.trex.fi.",
|
||||
"resolver1.ipv6-sandbox.opendns.com.",
|
||||
"resolver2.dns.trex.fi.",
|
||||
"resolver2.ipv6-sandbox.opendns.com.",
|
||||
"rickhunter.ns.ielo.net.",
|
||||
"rns1.grnet.gr.",
|
||||
"secondary.server.edv-froehlich.de.",
|
||||
"services.donotuse.de.",
|
||||
"spcr-2.machadosbsmarketing.com.br.",
|
||||
"test.cesidian.info.",
|
||||
"tserv1.ams1.he.net.",
|
||||
"tserv1.dal1.he.net.",
|
||||
"tserv1.fmt2.he.net.",
|
||||
"tserv1.fra1.he.net.",
|
||||
"tserv1.mia1.he.net.",
|
||||
"tserv1.tor1.he.net.",
|
||||
"x.ns.gin.ntt.net.",
|
||||
"y.ns.gin.ntt.net.",
|
||||
"yardbird.cns.ipv6.vt.edu.",
|
||||
"zen.stack.nl."
|
||||
],
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known IPv6 public DNS resolvers",
|
||||
"version": 20170212
|
||||
}
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
"list": [
|
||||
"100.64.0.0/10"
|
||||
],
|
||||
"type": [
|
||||
"cidr"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
|
||||
"version": 2,
|
||||
"name": "List of RFC 6598 CIDR blocks"
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,78 @@
|
|||
{
|
||||
"name": "List of known URL Shorteners domains",
|
||||
"version": 2,
|
||||
"description": "Event contains one or more entries of known Shorteners domains",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"url",
|
||||
"uri"
|
||||
],
|
||||
"list": [
|
||||
"1url.com",
|
||||
"adcraft.co",
|
||||
"adcrun.ch",
|
||||
"adflav.com",
|
||||
"adf.ly",
|
||||
"aka.gr",
|
||||
"bc.vc",
|
||||
"bee4.biz",
|
||||
"bit.do",
|
||||
"bit.ly",
|
||||
"bitly.com",
|
||||
"buff.ly",
|
||||
"buzurl.com",
|
||||
"cektkp.com",
|
||||
"cur.lv",
|
||||
"cutt.us",
|
||||
"db.tt",
|
||||
"dft.ba",
|
||||
"filoops.info",
|
||||
"fun.ly",
|
||||
"fzy.co",
|
||||
"gog.li",
|
||||
"golinks.co",
|
||||
"goo.gl",
|
||||
"hit.my",
|
||||
"id.tl",
|
||||
"is.gd",
|
||||
"ity.im",
|
||||
"j.mp",
|
||||
"linkto.im",
|
||||
"link.zip.net",
|
||||
"lnk.co",
|
||||
"lnkd.in",
|
||||
"mcaf.ee",
|
||||
"nov.io",
|
||||
"ow.ly",
|
||||
"p6l.org",
|
||||
"picz.us",
|
||||
"po.st",
|
||||
"prettylinkpro.com",
|
||||
"q.gs",
|
||||
"qr.ae",
|
||||
"qr.net",
|
||||
"scrnch.me",
|
||||
"shortquik.com",
|
||||
"sk.gy",
|
||||
"su.pr",
|
||||
"t.co",
|
||||
"tinyarrows.com",
|
||||
"tinyurl.com",
|
||||
"tota2.com",
|
||||
"tr.im",
|
||||
"tweez.me",
|
||||
"twitthis.com",
|
||||
"u.bb",
|
||||
"u.to",
|
||||
"v.gd",
|
||||
"vzturl.com",
|
||||
"x.co",
|
||||
"xlinkz.info",
|
||||
"xtu.me",
|
||||
"yourls.org",
|
||||
"yu2.it",
|
||||
"zpag.es"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
"name": "List of known domains to know external IP",
|
||||
"version": 2,
|
||||
"description": "Event contains one or more entries of known 'what's is my ip' domains",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"uri",
|
||||
"url"
|
||||
],
|
||||
"list": [
|
||||
"api.ipify.org",
|
||||
"checkip.dyndns.com",
|
||||
"icanhazip.com",
|
||||
"ifcfg.me",
|
||||
"ifconfig.co",
|
||||
"ip4.me",
|
||||
"ip-adress.eu",
|
||||
"ip.anysrc.net",
|
||||
"ipchicken.com",
|
||||
"ipecho.net",
|
||||
"ipinfo.info",
|
||||
"ip-secrets.com",
|
||||
"myexternalip.com",
|
||||
"myipaddress.com",
|
||||
"my-ip-address.net",
|
||||
"myipnumber.com",
|
||||
"vermiip.es",
|
||||
"whatismybrowser.com",
|
||||
"whatismyipaddress.com",
|
||||
"whatismyip.com",
|
||||
"whatismyip.com.br",
|
||||
"whatismyip.li",
|
||||
"whatismyip.net",
|
||||
"whatismyip.org",
|
||||
"whatismypublicip.com",
|
||||
"whatsmyip.ie",
|
||||
"whatsmyip.net",
|
||||
"whatsmyip.org",
|
||||
"wtfismyip.com",
|
||||
"ip-score.com",
|
||||
"xmyip.com"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
{
|
||||
"$schema": "http://json-schema.org/schema#",
|
||||
"title": "Validator for misp-warninglists",
|
||||
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"name": {
|
||||
"type": "string"
|
||||
},
|
||||
"version": {
|
||||
"type": "integer"
|
||||
},
|
||||
"list": {
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": {
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"matching_attributes": {
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
"list",
|
||||
"matching_attributes",
|
||||
"description",
|
||||
"version",
|
||||
"name"
|
||||
]
|
||||
}
|
|
@ -8,7 +8,7 @@ import json
|
|||
|
||||
alexa_url = "http://s3.amazonaws.com/alexa-static/top-1m.csv.zip"
|
||||
alexa_file = "top-1m.csv.zip"
|
||||
user_agent = {"User-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0"}
|
||||
user_agent = {"User-agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0"}
|
||||
r = requests.get(alexa_url, headers=user_agent)
|
||||
with open(alexa_file, 'wb') as fd:
|
||||
for chunk in r.iter_content(4096):
|
||||
|
@ -22,15 +22,17 @@ with zipfile.ZipFile(alexa_file, 'r') as alexa_lists:
|
|||
continue
|
||||
|
||||
alexa_warninglist = {}
|
||||
version = int(datetime.date.today().strftime('%Y%m%d'))
|
||||
|
||||
alexa_warninglist['description'] = "Event contains one or more entries from the top 1000 of the most used website (Alexa)."
|
||||
d = datetime.datetime.now()
|
||||
alexa_warninglist['version'] = "{0}{1:02d}{2:02d}".format(d.year,d.month,d.day)
|
||||
alexa_warninglist['version'] = version
|
||||
alexa_warninglist['name'] = "Top 1000 website from Alexa"
|
||||
alexa_warninglist['list'] = []
|
||||
alexa_warninglist['matching_attributes'] = ['hostname','domain']
|
||||
alexa_warninglist['matching_attributes'] = ['hostname', 'domain']
|
||||
|
||||
for site in top1000:
|
||||
v = str(site).split(',')[1]
|
||||
alexa_warninglist['list'].append(v[:-3])
|
||||
print (json.dumps(alexa_warninglist))
|
||||
alexa_warninglist['list'] = sorted(set(alexa_warninglist['list']))
|
||||
print(json.dumps(alexa_warninglist))
|
||||
|
|
|
@ -15,10 +15,10 @@ for address in office365.iter('address'):
|
|||
|
||||
warninglist = {}
|
||||
warninglist['name'] = 'List of known Office 365 URLs and IP address ranges'
|
||||
d = datetime.datetime.now()
|
||||
warninglist['version'] = "{0}{1:02d}{2:02d}".format(d.year, d.month, d.day)
|
||||
warninglist['version'] = int(datetime.date.today().strftime('%Y%m%d'))
|
||||
warninglist['description'] = 'Office 365 URLs and IP address ranges'
|
||||
warninglist['list'] = l
|
||||
warninglist['list'] = sorted(set(l))
|
||||
warninglist['matching_attributes'] = ["ip-src", "ip-dst", "domain|ip", "hostname"]
|
||||
|
||||
|
||||
print (json.dumps(warninglist))
|
||||
print(json.dumps(warninglist))
|
||||
|
|
|
@ -28,7 +28,7 @@ with open(csv_path) as csv_file:
|
|||
|
||||
for row in servers_list:
|
||||
if row[5] == '':
|
||||
try:
|
||||
try:
|
||||
ip = ipaddress.ip_address(row[0])
|
||||
|
||||
if ip.version == 4:
|
||||
|
@ -43,25 +43,25 @@ with open(csv_path) as csv_file:
|
|||
except ValueError as exc:
|
||||
logging.warning(str(exc))
|
||||
|
||||
version = datetime.datetime.now().strftime('%Y%m%d')
|
||||
version = int(datetime.date.today().strftime('%Y%m%d'))
|
||||
|
||||
out4_list = {}
|
||||
out4_list['name'] = 'List of known IPv4 public DNS resolvers'
|
||||
out4_list['version'] = version
|
||||
out4_list['description'] = 'Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set'
|
||||
out4_list['matching_attribute'] = [ 'ip-src', 'ip-dst', 'domain|ip' ]
|
||||
out4_list['list'] = sorted(ip4_list)
|
||||
out4_list['matching_attributes'] = ['ip-src', 'ip-dst', 'domain|ip']
|
||||
out4_list['list'] = sorted(set(ip4_list))
|
||||
|
||||
|
||||
out6_list = {}
|
||||
out6_list['name'] = 'List of known IPv6 public DNS resolvers'
|
||||
out6_list['version'] = version
|
||||
out6_list['description'] = 'Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set'
|
||||
out6_list['matching_attribute'] = [ 'ip-src', 'ip-dst', 'domain|ip' ]
|
||||
out6_list['list'] = sorted(ip6_list)
|
||||
out6_list['matching_attributes'] = ['ip-src', 'ip-dst', 'domain|ip']
|
||||
out6_list['list'] = sorted(set(ip6_list))
|
||||
|
||||
|
||||
#print(json.dumps(out4_list, indent=True))
|
||||
# print(json.dumps(out4_list, indent=True))
|
||||
with open(dns4_path, 'w') as dns4_file:
|
||||
dns4_file.write(json.dumps(out4_list, indent=4, sort_keys=True))
|
||||
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
./jq_all_the_things.sh
|
||||
|
||||
diffs=`git status --porcelain | wc -l`
|
||||
|
||||
if ! [ $diffs -eq 0 ]; then
|
||||
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for dir in lists/*/list.json
|
||||
do
|
||||
echo -n "${dir}: "
|
||||
jsonschema -i ${dir} schema.json
|
||||
echo ''
|
||||
done
|
||||
|
Loading…
Reference in New Issue