Commit Graph

417 Commits (48842431114c1d0c2c0d0e654d7f7ab9f412f5b9)

Author SHA1 Message Date
Alexandre Dulaunoy 892ac72da4
chg: [warning-lists] updated 2021-04-20 11:32:03 +02:00
Alexandre Dulaunoy 43592376c0
Merge branch 'main' of github.com:MISP/misp-warninglists into main 2021-03-29 11:58:38 +02:00
Alexandre Dulaunoy d109a1ce95
chg: [update] run on all 2021-03-29 11:56:56 +02:00
przemekzny 2183e33033
Update list.json
Added domains of PKO Bank Polski S.A.
2021-02-01 17:20:04 +01:00
Alexandre Dulaunoy 2ca8b466cb
chg: [public-resolver] revert to previous one as the source is dropping
many known public resolver such as quad9
2021-01-15 10:11:05 +01:00
Alexandre Dulaunoy 43c62d127e
chg: [updates] updated warning-lists 2021-01-15 08:22:43 +01:00
Alexandre Dulaunoy 54e2d5c91d
chg: [warning-lists] updated 2021-01-05 09:15:17 +01:00
Alexandre Dulaunoy af399ce3ed
chg: [updated] warning-lists updated 2020-12-24 11:23:44 +01:00
Alexandre Dulaunoy 7f740f0e79
chg: [warning-lists] updated 2020-12-16 10:40:23 +01:00
Alexandre Dulaunoy 0f5059627d
chg: [update] automatic update 2020-12-10 23:06:00 +01:00
Richard van den Berg 0ddff6c50b Add nioc-filehash 2020-12-05 10:50:50 +01:00
Cormac Doherty 1fdada3976 Corrected version number to one 2020-12-04 22:03:18 +00:00
Cormac Doherty f949bbe8bd jq all the things 2020-12-04 21:57:44 +00:00
DocArmoryTech 5e0af2a6b3
Added Neo23x0/ti-falsepositive warninglist
Neo23x0:Neo23x0/ti-falsepositive is a "hash generator for typical false positive hashes". 

This warninglist was generated using a modified version of the generator (see: DocArmoryTech:DocArmoryTech-mispwl)

`python3 ./fp-hashes.py > list.json`
2020-12-04 16:16:05 +00:00
Alexandre Dulaunoy deef186d58
chg: [updates] updated warning lists 2020-11-23 08:59:40 +01:00
Alexandre Dulaunoy d4ca35c25c
chg: [warning-list] updated 2020-11-16 13:35:02 +01:00
Raphaël Vinot a80da878b9 chg: Bump moz-top500 2020-11-16 13:05:31 +01:00
Alexandre Dulaunoy aa499f4059
chg: [update] misp-warninglists updated 2020-11-10 11:55:39 +01:00
Alexandre Dulaunoy 1f01f885c7
Merge pull request #172 from pettai/Fastly
Add Fastly IPs
2020-11-07 08:05:13 +01:00
pettai 164eb276f1 Add Fastly IPs
Add all Fastlys IP addresses
2020-11-06 18:50:12 +01:00
chrisr3d 7154bfc01f
add: A few more phone numbers regexes 2020-10-31 22:06:20 +01:00
chrisr3d 6d49d3386f
add: Added regexes for the american fictitious numbers in the list 2020-10-30 23:29:18 +01:00
Alexandre Dulaunoy 53a03c6277
chg: [warning-lists] updated to the latest version 2020-10-28 09:38:58 +01:00
chrisr3d 8a629209f2
chg: Changed name to be displayed as warning and description 2020-10-27 11:19:05 +01:00
chrisr3d a50c06c9eb
chg: Turned the regexes for audiovisual works into a single one 2020-10-27 10:38:45 +01:00
chrisr3d 543406dff4
add: New Warninglist for phone numbers that should never be attributed
- First examples filling the list of regexes: the
  phone numbers used for audiovisual works, or
  the communications companies internal numbers.
  Those phone numbers are reserved and should
  never be given to any user
- We'll add as well the numbers reserved for the
  american audiovisual works soon
2020-10-27 04:03:44 +01:00
pettai 89344f9b5f +jq_all_the_things.sh
missed to run jq_all_the_things.sh
2020-10-25 20:57:20 +01:00
pettai e2d6211b67 Add GCP IPs
Add GCP (Google Cloud Platform) IP addresses
2020-10-24 23:59:33 +02:00
Alexandre Dulaunoy 278f726f1d
chg: [warning-lists] updated 2020-10-16 12:38:48 +02:00
Alexandre Dulaunoy 41c2c01627
chg: [warning-lists] updated 2020-10-13 13:30:01 +02:00
Alexandre Dulaunoy acfaf672d4
chg: [update] following changes + regular update 2020-09-30 23:19:13 +02:00
Alexandre Dulaunoy 0549cad3df
chg: [automatic updates] all warning-lists 2020-09-29 17:13:43 +02:00
cyber288 5e03dc549a
Changed matching algorithm to string 2020-09-23 15:57:34 -04:00
cyber288 625a484306
Update version number 2020-09-23 15:56:05 -04:00
cyber288 85310d7a11
Update version number 2020-09-23 15:55:34 -04:00
cyber288 58481c2213
Update version number 2020-09-23 15:55:01 -04:00
cyber288 818839d506
Fix date 2020-09-23 15:54:31 -04:00
cyber288 709bdd94f0
Changed matching algorithm to string 2020-09-23 15:53:55 -04:00
cyber288 47c341fe1c
Changed matching algorithm to string 2020-09-23 15:52:53 -04:00
cyber288 29bd7bf7a0
Changed matching algorithm to string 2020-09-23 15:52:00 -04:00
cyber288 2d08c4ce35
Changed matching algorithm to string 2020-09-23 15:51:18 -04:00
cyber288 5e85c66bae
Changed matching algorithm to string 2020-09-23 15:50:36 -04:00
Alexandre Dulaunoy bcbb62d734
chg: [automatic] updated 2020-09-16 09:04:39 +02:00
Andras Iklody e0736d0b7a
fix: changed parsing algorithm to string, see #7c1de70 2020-09-16 00:27:55 +02:00
Alexandre Dulaunoy fa7cbb52f7
chg: [automatic] updated 2020-09-11 14:33:42 +02:00
Kevin Holvoet d7f01edbac Merge upstream, update lists, fix conflicts.
Merge remote-tracking branch 'upstream/main' into main
2020-09-11 13:48:51 +02:00
Bart 40ebba72d3
Add new domains 2020-09-10 21:27:06 +02:00
Alexandre Dulaunoy f19e7274e3
chg: [tranco] updated 2020-08-11 10:35:50 +02:00
Alexandre Dulaunoy e2bb53492a
chg: [public-dns] updated 2020-08-11 10:33:32 +02:00
Alexandre Dulaunoy fa325114ab
chg: [microsoft-azure] updated 2020-08-11 10:31:56 +02:00
Alexandre Dulaunoy 963381c839
chg: [tld] updated to the latest version 2020-08-11 10:29:32 +02:00
Alexandre Dulaunoy a2355251ac
chg: [aws] updated 2020-08-10 14:46:50 +02:00
Alexandre Dulaunoy fea9465eb5
chg: [office 365] updated 2020-08-10 14:45:58 +02:00
Alexandre Dulaunoy 746e0ba5d0
chg: [office 365] updated 2020-08-10 14:45:05 +02:00
Kevin Holvoet aa81303fd0 Merge remote-tracking branch 'upstream/main' into main 2020-07-27 10:56:55 +02:00
Kevin Holvoet a9c163ef20 Refactor last scripts, logging, central directory for downloads
* Refactored generate_moz-top50.py
* Download all file to new /tmp file to centralize all downloads
* Add central logging to generators.log file
* Create Bash script that generates all warninglists
* Add /tmp folder and extra files to .gitignore
* Start adding exception handling in download_to_file and write_to_file
2020-07-27 10:44:30 +02:00
Alexandre Dulaunoy 4636dc5640
chg: [mozilla-intermediate-CA] updated to the latest version 2020-07-27 10:17:17 +02:00
Kevin Holvoet 610292e90f Refactor more generators 2020-07-21 13:42:50 +02:00
Kevin Holvoet d3e87dc7ae Refactor code to make it simpler/more uniform 2020-07-21 01:21:28 +02:00
Kevin Holvoet d32eb23a58 Chg generator-publicdns: work with new CSV format
1. The CSV format has changed with the update on 2020-07-14.
2. The script also generates IPv4, IPv6, and the hostname lists at once.
3. Downloaded file added to .gitignore
2020-07-21 00:38:50 +02:00
Kevin Holvoet 9ba47c1463 Added multiple lists from Cisco Umbrella list. Solves issue #24 and #13 2020-07-17 12:31:29 +02:00
Kevin Holvoet 6837ba016c Updated lists after updating scripts 2020-07-17 10:10:04 +02:00
Kevin Holvoet e0b3968635 Merge tranco scripts,:generate_tranco.py generates both full and 10k list 2020-07-17 09:23:39 +02:00
Kevin Holvoet cde6059d73 Update Tranco & Tranco10k list 2020-07-14 16:38:12 +02:00
Alexandre Dulaunoy db0bf3305f
chg: [whats-my-ip] fix 152 2020-07-09 08:34:43 +02:00
Alexandre Dulaunoy 7a28900663
Merge branch 'main' of github.com:MISP/misp-warninglists into main 2020-07-08 14:54:14 +02:00
Jakub Onderka f493aa451d Update TLDs list 2020-07-06 16:20:48 +02:00
Houston c6a361c7a1
adding forms.gle which is for google forms.
adding forms.gle to the list. This is a short link for Google Forms managed by Google Firebase
2020-06-23 17:06:04 -05:00
Houston fbab4c59dc
added gvt1.com to Google domains warning list. 2020-06-19 11:03:32 -05:00
GlennHD dfa999922e
Fixed typo
Fixed typo in list.json
2020-06-11 11:30:36 -05:00
Alexandre Dulaunoy 067bd58464
chg: [jq] all 2020-06-11 18:19:26 +02:00
Alexandre Dulaunoy 32d98c4588
chg: [tranco10k] jq all the things 2020-06-11 18:16:03 +02:00
GlennHD a64b67ed85
Create tranco10k list.json 2020-06-11 10:08:36 -05:00
Alexandre Dulaunoy 78590f3526
chg: [amazon-aws] updated to the latest version 2020-05-19 16:28:49 +02:00
Alexandre Dulaunoy 470b86dba4
chg: [microsoft-office365] updated to the latest version 2020-05-19 16:26:42 +02:00
Bart d22e04f776
Update list.json
Make hostname only, same for another one already in the list.
2020-04-30 20:48:23 +02:00
Bart cd9b83878e
Update list.json 2020-04-29 22:07:46 +02:00
Raphaël Vinot 2c116cbd1f fix: Sort entries 2020-04-23 11:56:05 +02:00
Andras Iklody 58150d8b22
chg: [covid] added covidmemory.lu 2020-04-13 11:59:05 +02:00
iglocska 28687d90d5
jq the covid lists 2020-04-07 06:14:20 +02:00
iglocska 64e86acbf5
Merge branch 'master' of github.com:MISP/misp-warninglists 2020-04-07 06:13:06 +02:00
iglocska 10ddaf06d2
chg: covid lists bumped 2020-04-07 06:10:44 +02:00
Raphaël Vinot 300d823638 chg: Add script to make lists unique, and sort the keys.
Update covid lists.
2020-04-03 13:37:17 +02:00
iglocska bad8b17fff
chg: [covid] lists updated 2020-04-03 06:14:40 +02:00
iglocska c14634a031
new: added covid generators / lists 2020-04-01 12:00:55 +02:00
Alexandre Dulaunoy 17e72c085d
chg: [whats-my-ip] Fix #139 2020-04-01 11:10:20 +02:00
Armins Palms ac94a55fd2 version change 2020-04-01 09:53:45 +03:00
Armins Palms 2eca8bba64 arcgis whitelist 2020-04-01 09:51:17 +03:00
Alexandre Dulaunoy bf165aa26b
chg: [covid] aatishb.com added due to https://aatishb.com/covidtrends/
(thanks to @doegox)
2020-03-31 10:12:16 +02:00
Alexandre Dulaunoy 539c6bc8fd
chg: [covid] added Heliox_lab domain 2020-03-31 09:55:46 +02:00
Bart 2aea18106c
Update list.json
Add CAPEv2
2020-03-28 13:26:17 +01:00
Jean-Louis Huynen e6f9ebb171
chg: [covid] adding luxemburg's covid domains. 2020-03-27 14:41:12 +01:00
Sascha Rommelfangen b6e5123609
duplicate removed 2020-03-27 04:04:02 +01:00
Sascha Rommelfangen c3cdd6b274
added info-coronavirus.be 2020-03-26 16:05:09 +01:00
Andras Iklody 93ee083d72
update to the covid list 2020-03-26 14:27:59 +01:00
Christophe Vandeplas 035a6c8406 chg: [covid] added Portugal and Belgium 2020-03-26 10:59:18 +01:00
iglocska 00b6fafdff
new: added covid warninglist 2020-03-26 05:59:12 +01:00
Alexandre Dulaunoy 192d112728
chg: [tranco] updated to the latest version 2020-03-05 13:33:15 +01:00
iglocska c501dc5e71
new: added common warninglists 2020-02-26 10:52:09 +01:00
Alexandre Dulaunoy 659264240a
chg: [office365] updated to the latest version 2020-02-10 11:24:09 +01:00
Alexandre Dulaunoy b5a1b192bf
chg: [cloudflare] updated to the latest version 2020-02-10 11:20:16 +01:00
Alexandre Dulaunoy e504b9aaa7
chg: [aws] updated 2020-02-10 11:19:06 +01:00
GlennHD 467c1b0a95
Create list.json 2020-02-03 01:04:53 -06:00
Bart ff12879d94
Update list.json
Adds localizaip domains.
2020-02-02 21:10:42 +01:00
Houston e1859dca76
Added domain cutt.ly 2020-02-01 22:18:30 -06:00
StefanKelm 10b1ed7187
Update list.json
merky.de
2020-01-31 14:34:30 +01:00
David J f97ffb4ab9
Added windowsupdate.com domain
I received false positives and detections for this domain. Thought it should added.
2020-01-23 11:00:22 -06:00
Bart 7b1fb4719e
Update list.json
Adds ipv6-test
2020-01-21 19:19:41 +01:00
David André e5a5ac576b
Added domains using Azuredns-prd.info as Nameserver
azuredns-prd.info is verified as being Microsoft owned and operated for some Azure related domains
2020-01-13 12:31:43 +01:00
Trey Darley 20add1b22a add Tranco warning list (https://tranco-list.eu/) 2020-01-10 15:28:29 +01:00
Bart edcd8244a8
Update list.json
Bump version number, add/edit domains.
2020-01-09 21:40:28 +01:00
Bart 8a7c21452c
Update list.json
Add Extreme IP.
2020-01-06 19:36:34 +01:00
Alexandre Dulaunoy 260171d89b
chg: [cloudflare] updated 2019-12-12 07:47:39 +01:00
Alexandre Dulaunoy da9fb56f7e
Merge branch 'master' of github.com:MISP/misp-warninglists 2019-12-12 07:46:13 +01:00
Alexandre Dulaunoy 6351521254
chg: [office365] IP addresses and domains updated 2019-12-12 07:45:48 +01:00
Ԝеѕ 1e654dca9d
add sinkhole IP
https://dns.google.com/query?name=sinkhole.dynu.net
https://dns.google.com/query?name=a.sinkhole.yourtrap.com&type=A&dnssec=true
2019-11-12 16:15:51 -05:00
Bart cca1f833ad
Add domain 2019-11-10 22:46:40 +01:00
Bart 5758200902
Add sndbox 2019-11-08 20:20:25 +01:00
Ԝеѕ 3789dbf107
Add additional Sinkhole IPs
https://github.com/brakmic/Sinkholes/pull/10/files 
https://github.com/brakmic/Sinkholes/pull/12/files 
https://github.com/grettir/malware-sinkholes/pull/2/files
2019-11-08 01:43:53 -05:00
Alex Williams 8bae4eaec9
Fixed typo in akamai list description 2019-11-04 16:35:20 +00:00
Bart 5aba6bb296
Update list.json
Add some systems.
2019-10-31 19:52:16 +01:00
Jean-Louis Huynen cb3be69184
chg: [wikimedia] jq all the things 2019-09-12 11:12:32 +02:00
Jean-Louis Huynen 622bd3510e
add: [wikimedia] adds a warning list for wikimedia infrastructure. 2019-09-12 11:09:16 +02:00
Daniel Roethlisberger bb322b46e1 Remove erroneous space character and bump version 2019-08-09 10:39:22 +02:00
Alexandre Dulaunoy 554360add3
chg: [university_domains] updated to the latest version 2019-07-25 08:14:07 +02:00
Alexandre Dulaunoy f7255b53a8
chg: [disposable] updated to the latest version 2019-07-24 21:48:15 +02:00
Alexandre Dulaunoy 81e52bd18f
chg: [vpn] IP addresses updated 2019-07-24 21:45:59 +02:00
Alexandre Dulaunoy b5d4ba91a5
chg: [mozilla] CA list updated 2019-07-24 21:42:55 +02:00
elhoim 1183e52389 Added list for Googlebot crawler IP ranges 2019-07-24 17:37:35 +02:00
elhoim 4b5c9d6dd4 Added list with Google gmail sending IPs 2019-07-24 17:36:13 +02:00
elhoim d22c6902b3 Added list and tool to generate list for cloudflare IP ranges. 2019-07-24 17:35:39 +02:00
github-pba eacd74ec67 Name change ING, new bank Mainzer Volksbank 2019-07-19 11:33:28 +02:00
Alexandre Dulaunoy 2b571d2af3
chg: [empty-hashes] empty ssdeep hashes added 2019-05-24 10:13:53 +02:00
Alexandre Dulaunoy a05fbf3480
chg: [dax30] updated and fixed 2019-05-09 10:23:41 +02:00
cgi1 57d0f89e1d
Update list.json
Adding BMW
2019-05-08 11:59:22 +02:00
cgi1 4b0913a361 dax30 inital version 2019-05-08 11:54:53 +02:00
Alexandre Dulaunoy 4d8ce3986f
Merge pull request #106 from SteveClement/tools
fix: [alexa] The generator wants to decode things ;)
2019-04-24 15:38:25 +02:00
Steve Clement 5d9e43bd82 chg: [moz500] Fix actual list. 2019-04-24 14:44:39 +09:00
Steve Clement 14a675a70a fix: [moz500] Fix the confusion about Moz.com and Mozilla.com 2019-04-24 14:42:41 +09:00
Steve Clement a5a3567733 chg: [alexa] Updated with the script in tools 2019-04-24 10:55:44 +09:00
Steve Clement 190312cf0f chg: [moz500] Added Pages too. Updated list 2019-04-24 10:36:22 +09:00
Steve Clement f41f976ce6 chg: [moz500] Added info how to regenerate, added provisional urls/files
to topPages.
2019-04-24 10:23:40 +09:00
Steve Clement 9e0b2ebc75 new: [list] Added Mozilla Top 500 domains 2019-04-24 09:45:56 +09:00
Alexandre Dulaunoy f24f97fe87
chg: [security-provider-blogpost] version updated 2019-04-21 16:27:25 +02:00
Olivier BERT 65a32242ae Removed pastebin.com, as it is not a security provider.
It is often used by malware to download configuration or payloads.
2019-04-15 13:31:15 +02:00
Dario Lombardo 910db07435
Remove wrong line from vpn-ipv4. 2019-04-11 10:14:29 +02:00
zMathieu edaea7c3a6
Transform URL to domains for few entries
Remove / or http for some domains.
2019-04-08 15:45:26 +02:00
Vincent Brillault af7e5a188c
CAs: Fix final new line in json 2019-03-29 16:57:54 +01:00
Vincent Brillault d4e749c3e6
CAs: Fix json indentation (2 spaces, not 4) 2019-03-29 16:55:34 +01:00
Vincent Brillault a1c0e83bd4
Add warning lists based on Mozilla's trusted CA and Intermediates 2019-03-29 16:23:22 +01:00