misp-warninglists/lists/security-provider-blogpost/list.json

651 lines
16 KiB
JSON

{
"description": "Event contains one or more entries of known security providers/vendors blog domain with an IDS flag set",
"list": [
"0x1338.blogspot.be",
"2014.hack.lu",
"2014.zeronights.ru",
"about-threats.trendmicro.com",
"access.redhat.com",
"alienvault-labs-garage.googlecode.com",
"app.any.run",
"app.response.ncr.com",
"app.threatconnect.com",
"arstechnica.co.uk",
"arstechnica.com",
"artemonsecurity.com",
"asert.arbornetworks.com",
"assets.documentcloud.org",
"attack.mitre.org",
"autofocus.paloaltonetworks.com",
"aviatrix25.rssing.com",
"b0n1.blogspot.fr",
"b161268c3bf5a87bc67309e7c870820f5f39f672.googledrive.com",
"badcyber.com",
"baesystemsai.blogspot.com",
"baesystemsai.blogspot.fr",
"baesystemsai.blogspot.lu",
"bartblaze.blogspot.be",
"bartblaze.blogspot.com",
"bartblaze.blogspot.lu",
"benkowlab.blogspot.fr",
"bgpmon.net",
"bgpranking.circl.lu",
"bitninja.io",
"bizlive.vn",
"blockchain.info",
"blog.0day.jp",
"blog.0x3a.com",
"blog.9bplus.com",
"blog.airbuscybersecurity.com",
"blog.anomali.com",
"blog.appriver.com",
"blog.avast.com",
"blog.barracuda.com",
"blog.bit9.com",
"blog.cari.net",
"blog.cassidiancybersecurity.com",
"blog.cert.societegenerale.com",
"blog.checkpoint.com",
"blog.crowdstrike.com",
"blog.crysys.hu",
"blog.cyber4sight.com",
"blog.cylance.com",
"blog.deniable.org",
"blog.didierstevens.com",
"blog.domaintools.com",
"blog.dragonthreatlabs.com",
"blog.dynamoo.com",
"blog.emsisoft.com",
"blog.erratasec.com",
"blog.eset.ie",
"blog.fireeye.com",
"blog.fortinet.com",
"blog.fox-it.com",
"blog.gdatasoftware.com",
"blog.idiom.ca",
"blog.ioactive.com",
"blog.jpcert.or.jp",
"blog.kaspersky.com",
"blog.kleissner.org",
"blog.knownsec.com",
"blog.linuxmint.com",
"blog.lookout.com",
"blog.macnica.net",
"blog.malwarebytes.com",
"blog.malwarebytes.org",
"blog.malwareclipboard.com",
"blog.malwaremustdie.org",
"blog.malwaretracker.com",
"blog.morphisec.com",
"blog.mxlab.eu",
"blog.netlab.360.com",
"blog.newskysecurity.com",
"blog.opendns.com",
"blog.pagefair.com",
"blog.passivetotal.org",
"blog.rootshell.be",
"blog.ropchain.com",
"blog.safebit.mn",
"blog.secdo.com",
"blog.sensecy.com",
"blog.shadowserver.org",
"blog.sucuri.net",
"blog.talosintel.com",
"blog.talosintelligence.com",
"blog.team-cymru.org",
"blog.threatstop.com",
"blog.trendmicro.com",
"blog.trendmicro.de",
"blog.xanda.org",
"blog.zimperium.com",
"blogs.bromium.com",
"blogs.cisco.com",
"blogs.forcepoint.com",
"blogs.mcafee.com",
"blogs.norman.com",
"blogs.quickheal.com",
"blogs.rsa.com",
"blogs.securiteam.com",
"blogs.sophos.com",
"blogs.technet.com",
"blogs.technet.microsoft.com",
"boomstick.emergingthreats.net",
"breakingmalware.com",
"business.kaspersky.com",
"camas.comodo.com",
"cdn.securelist.com",
"cdn2.hubspot.net",
"censys.io",
"cert.gov.ua",
"christophe.rieunier.name",
"citizenlab.ca",
"citizenlab.org",
"code4hk.hackpad.com",
"comgenjournal.blogspot.be",
"community.blueliv.com",
"community.qualys.com",
"community.rapid7.com",
"community.riskiq.com",
"community.rsa.com",
"community.saas.hpe.com",
"community.ubnt.com",
"community.websense.com",
"contagiodump.blogspot.be",
"contagiodump.blogspot.com",
"contagiodump.blogspot.com.es",
"contagiodump.blogspot.de",
"contagiodump.blogspot.lu",
"cryptam.com",
"cryptome.org",
"csecybsec.com",
"cve.circl.lu",
"cyb3rsleuth.blogspot.be",
"cyb3rsleuth.blogspot.co.uk",
"cyber-peace.org",
"cyber.wtf",
"cybersecurity.att.com",
"cyberx-labs.com",
"cymon.io",
"cys-centrum.com",
"cysinfo.com",
"ddanchev.blogspot.com",
"ddecode.com",
"ddos.arbornetworks.com",
"dea.gov.ge",
"detux.org",
"devcentral.f5.com",
"didierstevens.com",
"digital-forensics.sans.org",
"digitasecurity.com",
"dirtycow.ninja",
"dns.robtex.com",
"dnsdb.isc.org",
"doc.emergingthreats.net",
"documents.trendmicro.com",
"download.bitdefender.com",
"download.microsoft.com",
"download01.norman.no",
"dragos.com",
"drops.wooyun.org",
"e.gov.vn",
"easyviruskilling.com",
"edu.arabsgate.com",
"en.community.dell.com",
"en.wikipedia.org",
"enigma0x3.net",
"enterprise.norman.com",
"eromang.zataz.com",
"eternal-todo.com",
"events.ccc.de",
"exchange.xforce.ibmcloud.com",
"extraexploit.blogspot.com",
"f5.com",
"fe-ddis.dk",
"feodotracker.abuse.ch",
"file.gdatasoftware.com",
"firstlook.org",
"forum.computerbetrug.de",
"forum.nginx.org",
"forums.malwarebytes.com",
"foxglovesecurity.com",
"freebeacon.com",
"garwarner.blogspot.lu",
"ghostbin.com",
"gist.github.com",
"gist.githubusercontent.com",
"github.com",
"gizmodo.com",
"go.recordedfuture.com",
"groups.google.com",
"gtrack.h3x.eu",
"hazmalware.wordpress.com",
"heimdalsecurity.com",
"helpx.adobe.com",
"henrybasset.blogspot.be",
"holisticinfosec.org",
"home.mcafee.com",
"hybrid-analysis.com",
"ics-cert.kaspersky.com",
"ics-cert.us-cert.gov",
"ics.sans.org",
"info.baesystemsdetica.com",
"info.isightpartners.com",
"info.lookout.com",
"info.phishlabs.com",
"info.publicintelligence.net",
"infoarmor.com",
"informationonsecurity.blogspot.be",
"infotomb.com",
"insider.domaintools.com",
"intelcrawler.com",
"ioc.forensicartifacts.com",
"iocbucket.com",
"iranthreats.github.i",
"iranthreats.github.io",
"isc.sans.edu",
"itsicherheitsblog.de",
"joedd.joesecurity.org",
"joesecurity.org",
"journeyintoir.blogspot.de",
"kas.pr",
"kasperskycontenthub.com",
"kc.mcafee.com",
"kernelmode.info",
"krebsonsecurity.com",
"kyuutaro.wordpress.com",
"kz-cert.kz",
"la.trendmicro.com",
"lab.anchiva.com",
"labs.alienvault.com",
"labs.bitdefender.com",
"labs.lastline.com",
"labs.m86security.com",
"labs.opendns.com",
"labs.snort.org",
"labs.sucuri.net",
"labs.umbrella.com",
"labsblog.f-secure.com",
"lavasoft.com",
"lists.clean-mx.com",
"live.paloaltonetworks.com",
"lockboxx.blogspot.com.es",
"luminosity.link",
"malware-research.org",
"malware-traffic-analysis.net",
"malware.dontneedcoffee.com",
"malware.prevenity.com",
"malware.sekoia.fr",
"malwarebreakdown.com",
"malwareconfig.com",
"malwaredb.malekal.com",
"malwarefor.me",
"malwarejake.blogspot.fr",
"malwarelab.zendesk.com",
"malwr.com",
"malwrpost.wordpress.com",
"marcmaiffret.com",
"marcoramilli.blogspot.dk",
"marcoramilli.blogspot.it",
"marcoramilli.blogspot.nl",
"medium.com",
"middleeastmalware.blogspot.com",
"missatsamtal.se",
"mjolnirsecurity.com",
"mlwre.github.io",
"mobile.reuters.com",
"mobile.twitter.com",
"money.cnn.com",
"morphians.wordpress.com",
"morphick.net",
"morris.guru",
"motherboard.vice.com",
"my.opera.com",
"myonlinesecurity.co.uk",
"nakedsecurity.sophos.com",
"netzpolitik.org",
"news.drweb.com",
"news.netcraft.com",
"newsroom.trendmicro.com",
"niebezpiecznik.pl",
"normanshark.com",
"noticeofpleadings.com",
"novetta.com",
"now.avg.com",
"nvd.nist.gov",
"nyxbone.com",
"objective-see.com",
"ocelot.li",
"ossectools.blogspot.be",
"otx.alienvault.com",
"pages.arbornetworks.com",
"paloaltonetworks.com",
"panacea.threatgrid.com",
"paper.seebug.org",
"passivedns.mnemonic.no",
"passivetotal.org",
"pastebin.lu",
"permalink.gmane.org",
"persaxac.blogspot.be",
"phishing-mails.blogspot.de",
"phishme.com",
"podcasts.mcafee.com",
"portal.sec.ibm.com",
"productforums.google.com",
"proofpoint.com",
"public.gdatasoftware.com",
"publicintelligence.net",
"puluka.com",
"pwc.blogs.com",
"pytosquatting.org",
"r.virscan.org",
"raw.github.com",
"raw.githubusercontent.com",
"reaqta.com",
"recon.cx",
"rednaga.io",
"remchp.com",
"reqrypt.org",
"research.riskiq.net",
"research.zscaler.com",
"researchcenter.paloaltonetworks.com",
"resources.infosecinstitute.com",
"resources.netskope.com",
"resources.sei.cmu.edu",
"reverse.put.as",
"reversewhois.domaintools.com",
"s3-eu-west-1.amazonaws.com",
"s3-us-west-2.amazonaws.com",
"sandbox.deepviz.com",
"sec.sexy",
"seclists.org",
"securelist.com",
"securelist.ru",
"securingtomorrow.mcafee.com",
"security-is-just-an-illusion.blogspot.nl",
"security.googleblog.com",
"security.web.cern.ch",
"securityaffairs.co",
"securityblog.s21sec.com",
"securityblog.switch.ch",
"securitydaily.org",
"securityfactory.tistory.com",
"securityintelligence.com",
"securityledger.com",
"securitymadein.lu",
"sensorstechforum.com",
"sentinelone.com",
"serveradmin.ru",
"sf.riskiq.net",
"shoplift.byte.nl",
"sitecheck.sucuri.net",
"sites.google.com",
"sjc1-te-ftp.trendmicro.com",
"soc.tdc.dk",
"sophosnews.files.wordpress.com",
"sslbl.abuse.ch",
"stackoverflow.com",
"stopmalvertising.com",
"sub0day.com",
"support.microsoft.com",
"sync.me",
"t.co",
"takahiroharuyama.github.io",
"talosintel.com",
"targetedthreats.net",
"techanarchy.net",
"techcrunch.com",
"techhelplist.com",
"technet.microsoft.com",
"telussecuritylabs.com",
"thehackernews.com",
"theintercept.com",
"thisissecurity.net",
"threatbook.cn",
"threatconnect.com",
"threatgeek.typepad.com",
"threatintel.proofpoint.com",
"threatpost.com",
"tif.mcafee.com",
"tools.cisco.com",
"totalhash.com",
"twitter.com",
"ubuntuforums.org",
"urlquery.net",
"urlscan.io",
"usa.kaspersky.com",
"v2ex.com",
"vb.vip600.com",
"virusguides.com",
"virusradar.com",
"virustotal.com",
"vms.drweb.com",
"vms.drweb.ru",
"vrt-blog.snort.org",
"web.archive.org",
"webcache.googleusercontent.com",
"wepawet.iseclab.org",
"whoisology.com",
"wiki.egi.eu",
"williamshowalter.com",
"www.419scam.org",
"www.4armed.com",
"www.abuse.ch",
"www.ad.nl",
"www.agi.it",
"www.alienvault.com",
"www.antiy.net",
"www.aptgroups.com",
"www.aqniu.com",
"www.arbornetworks.com",
"www.baesystems.com",
"www.bangkokpost.com",
"www.bbc.co.uk",
"www.bellingcat.com",
"www.blackhat.com",
"www.blacknurse.dk",
"www.bleepingcomputer.com",
"www.bloomberg.com",
"www.bluecoat.com",
"www.blueliv.com",
"www.broadanalysis.com",
"www.bsk-consulting.de",
"www.ca.com",
"www.carbonblack.com",
"www.cert.pl",
"www.cert.ssi.gouv.fr",
"www.certego.net",
"www.checkpoint.com",
"www.circl.lu",
"www.clearskysec.com",
"www.cloudsek.com",
"www.cmcm.com",
"www.cobaltstrike.com",
"www.codeandsec.com",
"www.commandfive.com",
"www.coresecurity.com",
"www.crowdstrike.com",
"www.crysys.hu",
"www.csis.dk",
"www.csoonline.com",
"www.cve.mitre.org",
"www.cybereason.com",
"www.cyberengineeringservices.com",
"www.cyberesi.com",
"www.cybermerchantsofdeath.com",
"www.cyberoam.com",
"www.cyberscoop.com",
"www.cybersixgill.com",
"www.cybersquared.com",
"www.cyintanalysis.com",
"www.cylance.com",
"www.cymmetria.com",
"www.cyphort.com",
"www.damballa.com",
"www.daniweb.com",
"www.darkreading.com",
"www.deependresearch.org",
"www.defcon.org",
"www.devttys0.com",
"www.dfn-cert.de",
"www.digitalbond.com",
"www.digitalshadows.com",
"www.drchaos.com",
"www.dropbox.com",
"www.dshield.org",
"www.eff.org",
"www.eldo.lu",
"www.emc.com",
"www.endgame.com",
"www.ewon.be",
"www.exploit-db.com",
"www.f-secure.com",
"www.facebook.com",
"www.fidelissecurity.com",
"www.fireeye.com",
"www.flashpoint-intel.com",
"www.fortinet.com",
"www.fox-it.com",
"www.gdata.fr",
"www.gdatasoftware.com",
"www.govcert.admin.ch",
"www.group-ib.com",
"www.guardicore.com",
"www.hauri.co.kr",
"www.heise.de",
"www.helpnetsecurity.com",
"www.hotforsecurity.com",
"www.hybrid-analysis.com",
"www.ibpt.be",
"www.icebrg.io",
"www.ilspy.net",
"www.infosecdailynews.com",
"www.infosecurity-magazine.com",
"www.intego.com",
"www.intezer.com",
"www.invincea.com",
"www.isightpartners.com",
"www.itnews.com.au",
"www.joesandbox.com",
"www.kahusecurity.com",
"www.kam.lt",
"www.kaspersky.com",
"www.kernelmode.info",
"www.kpmg.com",
"www.krcert.or.kr",
"www.kudelskisecurity.com",
"www.lac.co.jp",
"www.lacoon.com",
"www.lancope.com",
"www.lexsi.com",
"www.link11.de",
"www.listaspam.com",
"www.liveleak.com",
"www.macrumors.com",
"www.macworld.com",
"www.malware-reversing.com",
"www.malware-traffic-analysis.net",
"www.malware.lu",
"www.malware.unam.mx",
"www.malwaredigger.com",
"www.malwaretech.com",
"www.malwaretracker.com",
"www.mandiant.com",
"www.marc.info",
"www.mcafee.com",
"www.mediafire.com",
"www.melani.admin.ch",
"www.microsoft.com",
"www.mysonicwall.com",
"www.nbu.gov.sk",
"www.nccgroup.com",
"www.ncsc.gov.uk",
"www.netresec.com",
"www.netsarang.com",
"www.netskope.com",
"www.norse-corp.com",
"www.noticeofpleadings.com",
"www.novetta.com",
"www.nsslabs.com",
"www.nttsecurity.com",
"www.nytimes.com",
"www.nyxbone.com",
"www.operationblockbuster.com",
"www.oracle.com",
"www.packetmail.net",
"www.paloaltonetworks.com",
"www.pandasecurity.com",
"www.passivetotal.org",
"www.pcmag.com",
"www.phishtank.com",
"www.polizei-praevention.de",
"www.prensa.com",
"www.prnewswire.com",
"www.proofpoint.com",
"www.pwc.co.uk",
"www.rackspace.com",
"www.recordedfuture.com",
"www.reddit.com",
"www.reuters.com",
"www.reverse.it",
"www.reversinglabs.com",
"www.riskiq.com",
"www.robtex.com",
"www.rooksecurity.com",
"www.root9b.com",
"www.rsa.com",
"www.rsaconference.com",
"www.rtl.lu",
"www.scam.cz",
"www.scmagazine.com",
"www.seculert.com",
"www.securelist.com",
"www.securemac.com",
"www.secureworks.com",
"www.securityartwork.es",
"www.securityweek.com",
"www.sekoia.fr",
"www.sentinelone.com",
"www.serkey.com",
"www.shodanhq.com",
"www.skycure.com",
"www.slideshare.net",
"www.sophos.com",
"www.spiegel.de",
"www.symantec.com",
"www.talosintel.com",
"www.technologyreview.com",
"www.theregister.co.uk",
"www.thesafemac.com",
"www.threatconnect.com",
"www.threatexpert.com",
"www.threatgeek.com",
"www.threatminer.org",
"www.threatstop.com",
"www.threatstream.com",
"www.threattracksecurity.com",
"www.tigersecurity.pro",
"www.trendmicro.com",
"www.trustwave.com",
"www.us-cert.gov",
"www.verfassungsschutz.de",
"www.virusbtn.com",
"www.virusbulletin.com",
"www.virusradar.com",
"www.virustotal.com",
"www.vkremez.com",
"www.volexity.com",
"www.votiro.com",
"www.vxsecurity.sg",
"www.washingtontimes.com",
"www.welivesecurity.com",
"www.whoismind.com",
"www.windowscentral.com",
"www.wipo.int",
"www.wired.com",
"www.wirtschaftsschutz.info",
"www.wordfence.com",
"www.xylibox.com",
"www.youtube.com",
"www.zdnet.com",
"www.zscaler.com",
"www2.fireeye.com",
"yararules.com",
"zairon.wordpress.com",
"zaufanatrzeciastrona.pl",
"zerophagemalware.com",
"zeustracker.abuse.ch",
"zulu.zscaler.com"
],
"matching_attributes": [
"domain",
"domain|ip",
"hostname",
"url",
"uri",
"link"
],
"name": "List of known security providers/vendors blog domain",
"type": "hostname",
"version": 4
}