mirror of https://github.com/MISP/misp-website
1730 lines
47 KiB
Plaintext
1730 lines
47 KiB
Plaintext
# Changelog
|
||
|
||
|
||
## v2.4.152 (2021-12-22)
|
||
|
||
### Changes
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [lists] updated. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #199 from drewm27/main. [Alexandre Dulaunoy]
|
||
|
||
New sinkhole hosts reported from riskrecon.com
|
||
|
||
* New sinkhole hosts reported from riskrecon.com. [Drew Middlesworth]
|
||
|
||
* Merge pull request #198 from LouAlbano/patch-1. [Alexandre Dulaunoy]
|
||
|
||
update list
|
||
|
||
* Update list. [Francis Trudeau]
|
||
|
||
https://www.tunnelbear.com/whats-my-ip
|
||
|
||
* Merge pull request #197 from drewm27/main. [Alexandre Dulaunoy]
|
||
|
||
Two more sinkholes from bitsight.com that are in use
|
||
|
||
* Two more sinkholes from bitsight.com that are in use. [Drew Middlesworth]
|
||
|
||
* Merge pull request #196 from cantarini/patch-1. [Alexandre Dulaunoy]
|
||
|
||
incorrect regex update
|
||
|
||
* Incorrect regex update. [Daniele Cantarini]
|
||
|
||
As described in issue #195 the regex "/((?:\\+|00)61)?1(3|8)00975707|08|09|10|11/g" should be corrected in "/((?:\\+|00)61)?1(3|8)00975707(08|09|10|11)/g"
|
||
|
||
|
||
## v2.4.151 (2021-11-19)
|
||
|
||
### New
|
||
|
||
* Include dnscrypt-resolvers IP addresses to public-dns lists. [Jakub Onderka]
|
||
|
||
### Changes
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [[publicdns] update the golden list. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #194 from drewm27/main. [Alexandre Dulaunoy]
|
||
|
||
Additional sinkholes found for shadowserver and looking up neighbor IP ranges for sinkhole DNS names
|
||
|
||
* Sinkhole.fitsec.com revese DNS. [Drew Middlesworth]
|
||
|
||
* Reverse lookup of this IP shows sinkhole.hyas.com. [Drew Middlesworth]
|
||
|
||
* This range all has reverse DNS lookup info pointing to sinkholed.by.zinkhole.org. [Drew Middlesworth]
|
||
|
||
* Combine cert.pl range, a significant number of these IPs revese lookup to sinkhole.cert.pl. [Drew Middlesworth]
|
||
|
||
* 5 of the hosts in this range are also shadowserver sinkholes according to their reverse DNS. [Drew Middlesworth]
|
||
|
||
* Reverse looking up all these addresses in this range mention sinkhole. [Drew Middlesworth]
|
||
|
||
* Added sinkhole used for abuseat.org and spamhaus. [Drew Middlesworth]
|
||
|
||
* Merge pull request #193 from drewm27/main. [Alexandre Dulaunoy]
|
||
|
||
New sinkholes from a few sources
|
||
|
||
* Fix order. [Drew Middlesworth]
|
||
|
||
* New sinkholes detected from work with riskrecon.com and other security sites. Running curl on any of these IPs pretty well shows they are sinkholes. [Drew Middlesworth]
|
||
|
||
* Merge pull request #191 from JakubOnderka/dnscrypt. [Alexandre Dulaunoy]
|
||
|
||
new: Include dnscrypt-resolvers IP addresses to public-dns lists
|
||
|
||
|
||
## v2.4.148 (2021-08-09)
|
||
|
||
### Changes
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
|
||
## v2.4.147 (2021-07-27)
|
||
|
||
### Changes
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [tools] add golden IPv4 DNS server in the generate-publicdns.py script. [Alexandre Dulaunoy]
|
||
|
||
One of the source is regularly dropping 9.9.9.9 as a source of
|
||
publicdns. This additional list can be used to ensure these known golden
|
||
DNS public resolver are there.
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [dynamic-dns] jq all the things. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [public-dns] 9.9.9.9 added. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Fix typo in the license part. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'ekamioka-patch-2' into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'patch-2' of https://github.com/ekamioka/misp-warninglists into ekamioka-patch-2. [Alexandre Dulaunoy]
|
||
|
||
* Add more dynamic DNS domains. [ekamioka]
|
||
|
||
|
||
## v2.4.145 (2021-06-28)
|
||
|
||
### New
|
||
|
||
* List of known SMTP receiving IP addresses. [Jakub Onderka]
|
||
|
||
* List of known SMTP sending IP ranges. [Jakub Onderka]
|
||
|
||
* Generator for Akamai. [Jakub Onderka]
|
||
|
||
* [crl] Genreate domains and IPs directly from Mozilla intermediate list. [Jakub Onderka]
|
||
|
||
* [apple] IP ranges assigned to Apple. [Jakub Onderka]
|
||
|
||
* [google-gmail-sending-ips] Add generator and update to latest version. [Jakub Onderka]
|
||
|
||
* [google-gcp] Add generator and update to latest version. [Jakub Onderka]
|
||
|
||
* [azure] List for Azure China, Germany and US Gov cloud. [Jakub Onderka]
|
||
|
||
* [second-level-tlds] Add generator and update to latest version. [Jakub Onderka]
|
||
|
||
### Changes
|
||
|
||
* [doc] list updated. [Alexandre Dulaunoy]
|
||
|
||
* [update] update of all the warning-lists. [Alexandre Dulaunoy]
|
||
|
||
* [cidr] Consolidate CIDR networks. [Jakub Onderka]
|
||
|
||
* [microsoft-office365-cn] Update to latest version. [Jakub Onderka]
|
||
|
||
* [doc] list of warning-lists updated. [Alexandre Dulaunoy]
|
||
|
||
* [ovh-cluster] Change list typo to cidr. [Jakub Onderka]
|
||
|
||
* [rfc] Normalize RFC lists description. [Jakub Onderka]
|
||
|
||
* [doc] warning-lists updated. [Alexandre Dulaunoy]
|
||
|
||
* [dynamic-dns] jq all the things. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [script] typo in one of the script name. [Alexandre Dulaunoy]
|
||
|
||
* [mozilla-IntermediateCA] Typo. [Jakub Onderka]
|
||
|
||
* [google-gmail-sending-ips] typo. [Jakub Onderka]
|
||
|
||
* [stackpath] List was empty. [Jakub Onderka]
|
||
|
||
* [moz] Moz is not Mozilla. [Jakub Onderka]
|
||
|
||
* [publicdns] IP addresses should be cidr. [Jakub Onderka]
|
||
|
||
* [schema] wildmask is not valid type. [Jakub Onderka]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #190 from JakubOnderka/smtp. [Alexandre Dulaunoy]
|
||
|
||
new: List of known SMTP sending IP ranges
|
||
|
||
* Merge pull request #189 from JakubOnderka/consolidate-networks. [Alexandre Dulaunoy]
|
||
|
||
chg: [cidr] Consolidate CIDR networks
|
||
|
||
* Merge pull request #188 from JakubOnderka/office365-cn. [Alexandre Dulaunoy]
|
||
|
||
chg: [microsoft-office365-cn] Update to latest version
|
||
|
||
* Merge pull request #185 from JakubOnderka/crl. [Alexandre Dulaunoy]
|
||
|
||
new: [crl] Genreate domains and IPs directly from Mozilla
|
||
|
||
* Merge pull request #184 from JakubOnderka/update. [Alexandre Dulaunoy]
|
||
|
||
Update
|
||
|
||
* Merge branch 'ekamioka-main' into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'main' of https://github.com/ekamioka/misp-warninglists into ekamioka-main. [Alexandre Dulaunoy]
|
||
|
||
* Init a list of dyn DNS TLD domains. [ekamioka]
|
||
|
||
|
||
## v2.4.144 (2021-06-07)
|
||
|
||
### New
|
||
|
||
* [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
### Changes
|
||
|
||
* [update] MISP warning-lists updated. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #181 from Wiscy-Security/main. [Andras Iklody]
|
||
|
||
generate-stackpath.py: Added scraper on website to get new link for ipblocks.txt file
|
||
|
||
* Generate-stackpath.py: Added scraper on website to get new link for ipblocks.txt file. [Kevin Holvoet]
|
||
|
||
* Set theme jekyll-theme-minimal. [Alexandre Dulaunoy]
|
||
|
||
|
||
## v2.4.143 (2021-05-14)
|
||
|
||
### New
|
||
|
||
* [tools] simple python script to generate the list of warning-lists in Markdown. [Alexandre Dulaunoy]
|
||
|
||
### Changes
|
||
|
||
* [doc] fix link and description. [Alexandre Dulaunoy]
|
||
|
||
* [doc] warning list updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] list updated. [Alexandre Dulaunoy]
|
||
|
||
* [url-shortners] fix #177. [Alexandre Dulaunoy]
|
||
|
||
* [nioc] sorted/jq. [Alexandre Dulaunoy]
|
||
|
||
* [tools] fix the link for the documentation generator. [Alexandre Dulaunoy]
|
||
|
||
* [config] gitchangelog configuration added. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge branch 'RichieB2B-nioc-filehash' into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'nioc-filehash' of https://github.com/RichieB2B/misp-warninglists into RichieB2B-nioc-filehash. [Alexandre Dulaunoy]
|
||
|
||
* Add nioc-filehash. [Richard van den Berg]
|
||
|
||
|
||
## v2.4.142 (2021-04-26)
|
||
|
||
### New
|
||
|
||
* GH workflow. [Raphaël Vinot]
|
||
|
||
* Added covid generators / lists. [iglocska]
|
||
|
||
* Added covid warninglist. [iglocska]
|
||
|
||
* Added common warninglists. [iglocska]
|
||
|
||
* [list] The Moz Top 500 Domains and Pages (#104) [Steve Clement]
|
||
|
||
new: [list] The Moz Top 500 Domains and Pages
|
||
|
||
* [list] Added Mozilla Top 500 domains. [Steve Clement]
|
||
|
||
* [tool] Generate The Moz top 500 Domain list from https://moz.com/top500. [Steve Clement]
|
||
|
||
* [disposal-email] added. [Alexandre Dulaunoy]
|
||
|
||
* [disposal-email] a list of disposable and temporary email address domains. [Alexandre Dulaunoy]
|
||
|
||
From https://github.com/martenson/disposable-email-domains
|
||
|
||
Fix https://github.com/MISP/misp-taxonomies/issues/136
|
||
|
||
* [VPN] lists of common VPN IPv4 and IPv6 addresses added. [Alexandre Dulaunoy]
|
||
|
||
Source of the IPv4/IPv6 is https://github.com/ejrv/VPNs
|
||
|
||
### Changes
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [stackpath] host IPv6 addresses are without subnet. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [update] run on all. [Alexandre Dulaunoy]
|
||
|
||
* [public-resolver] revert to previous one as the source is dropping many known public resolver such as quad9. [Alexandre Dulaunoy]
|
||
|
||
* [updates] updated warning-lists. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [updated] warning-lists updated. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [update] automatic update. [Alexandre Dulaunoy]
|
||
|
||
* Add PR to GH actions. [Raphaël Vinot]
|
||
|
||
* [doc] Travis removed. [Alexandre Dulaunoy]
|
||
|
||
* [updates] updated warning lists. [Alexandre Dulaunoy]
|
||
|
||
* [warning-list] updated. [Alexandre Dulaunoy]
|
||
|
||
* Bump moz-top500. [Raphaël Vinot]
|
||
|
||
* [update] misp-warninglists updated. [Alexandre Dulaunoy]
|
||
|
||
* [schema] wildmask type added to prepare the merge into MISP. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* Changed name to be displayed as warning and description. [chrisr3d]
|
||
|
||
* Turned the regexes for audiovisual works into a single one. [chrisr3d]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [warning-lists] updated. [Alexandre Dulaunoy]
|
||
|
||
* [update] following changes + regular update. [Alexandre Dulaunoy]
|
||
|
||
* [automatic updates] all warning-lists. [Alexandre Dulaunoy]
|
||
|
||
* [automatic] updated. [Alexandre Dulaunoy]
|
||
|
||
* [automatic] updated. [Alexandre Dulaunoy]
|
||
|
||
* [tranco] updated. [Alexandre Dulaunoy]
|
||
|
||
* [public-dns] updated. [Alexandre Dulaunoy]
|
||
|
||
* [microsoft-azure] updated. [Alexandre Dulaunoy]
|
||
|
||
* [tld] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [aws] updated. [Alexandre Dulaunoy]
|
||
|
||
* [office 365] updated. [Alexandre Dulaunoy]
|
||
|
||
* [office 365] updated. [Alexandre Dulaunoy]
|
||
|
||
* [mozilla-intermediate-CA] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* Chmod +x for new scripts in tools folder. [Kevin Holvoet]
|
||
|
||
* [whats-my-ip] fix 152. [Alexandre Dulaunoy]
|
||
|
||
* [jq] all. [Alexandre Dulaunoy]
|
||
|
||
* [tranco10k] jq all the things. [Alexandre Dulaunoy]
|
||
|
||
* [amazon-aws] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [microsoft-office365] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [covid] added covidmemory.lu. [Andras Iklody]
|
||
|
||
* Update validate all. [Raphaël Vinot]
|
||
|
||
* Add script to make lists unique, and sort the keys. [Raphaël Vinot]
|
||
|
||
Update covid lists.
|
||
|
||
* Covid lists bumped. [iglocska]
|
||
|
||
* [covid] lists updated. [iglocska]
|
||
|
||
* [whats-my-ip] Fix #139. [Alexandre Dulaunoy]
|
||
|
||
* [covid] aatishb.com added due to https://aatishb.com/covidtrends/ [Alexandre Dulaunoy]
|
||
|
||
(thanks to @doegox)
|
||
|
||
* [covid] added Heliox_lab domain. [Alexandre Dulaunoy]
|
||
|
||
* [covid] adding luxemburg's covid domains. [Jean-Louis Huynen]
|
||
|
||
* [doc] updated readme with covid list. [Christophe Vandeplas]
|
||
|
||
* [covid] added Portugal and Belgium. [Christophe Vandeplas]
|
||
|
||
* [tranco] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [office365] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [cloudflare] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [aws] updated. [Alexandre Dulaunoy]
|
||
|
||
* [cloudflare] updated. [Alexandre Dulaunoy]
|
||
|
||
* [office365] IP addresses and domains updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] wikimedia warning-list added. [Alexandre Dulaunoy]
|
||
|
||
* [wikimedia] jq all the things. [Jean-Louis Huynen]
|
||
|
||
* [university_domains] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [disposable] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [vpn] IP addresses updated. [Alexandre Dulaunoy]
|
||
|
||
* [mozilla] CA list updated. [Alexandre Dulaunoy]
|
||
|
||
* [empty-hashes] empty ssdeep hashes added. [Alexandre Dulaunoy]
|
||
|
||
* [dax30] updated and fixed. [Alexandre Dulaunoy]
|
||
|
||
* [alexa] Updated with the script in tools. [Steve Clement]
|
||
|
||
* [moz500] Fix actual list. [Steve Clement]
|
||
|
||
* [moz500] Added Pages too. Updated list. [Steve Clement]
|
||
|
||
* [moz500] Added info how to regenerate, added provisional urls/files to topPages. [Steve Clement]
|
||
|
||
* [security-provider-blogpost] version updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] list of warning-lists updated. [Alexandre Dulaunoy]
|
||
|
||
* [o365 ip] title of the warning list changed. [Alexandre Dulaunoy]
|
||
|
||
* [o365 tools] fix title of the IP address warning list. [Alexandre Dulaunoy]
|
||
|
||
* [o365] separate Microsoft Office 365 lists (hostname and IP addresses) [Alexandre Dulaunoy]
|
||
|
||
* [o365] jq all the things. [Alexandre Dulaunoy]
|
||
|
||
* [tools] alexa script fixed. [Alexandre Dulaunoy]
|
||
|
||
* [alexa] updated to the latest version (seems to be back) [Alexandre Dulaunoy]
|
||
|
||
* [tools] fix cisco script. [Alexandre Dulaunoy]
|
||
|
||
* [cisco/umbrella top list] updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [amazon-aws] updated to the latest version available. [Alexandre Dulaunoy]
|
||
|
||
* [README] added university domains. [Alexandre Dulaunoy]
|
||
|
||
* [doc] akamai network added. [Alexandre Dulaunoy]
|
||
|
||
* [akamai] jq everything. [Alexandre Dulaunoy]
|
||
|
||
* [doc] CRL list added. [Alexandre Dulaunoy]
|
||
|
||
* [public-dns-v6] cloudflare dns added. [Alexandre Dulaunoy]
|
||
|
||
* [public-dns-v4] cloudflare recursive dns added. [Alexandre Dulaunoy]
|
||
|
||
* [amazon-aws] updated to the recent version. [Alexandre Dulaunoy]
|
||
|
||
* [sinkholes] duplicate entry removed. [Alexandre Dulaunoy]
|
||
|
||
* [sinkholes] added. [Alexandre Dulaunoy]
|
||
|
||
* [doc] new lists added. [Alexandre Dulaunoy]
|
||
|
||
* List of warning-lists updated. [Alexandre Dulaunoy]
|
||
|
||
* Lists/microsoft-attack-simulator/list.json added. [Alexandre Dulaunoy]
|
||
|
||
* Enforce type in schema. [Raphaël Vinot]
|
||
|
||
* Remove exec flag on json files. [Raphaël Vinot]
|
||
|
||
### Fix
|
||
|
||
* Python 3.9 compat, take 2. [Raphaël Vinot]
|
||
|
||
* Python 3.9 compat. [Raphaël Vinot]
|
||
|
||
* Changed parsing algorithm to string, see #7c1de70. [Andras Iklody]
|
||
|
||
* Sort entries. [Raphaël Vinot]
|
||
|
||
* [schema] regexp added as supported type. [Alexandre Dulaunoy]
|
||
|
||
* [alex] The generator wants to decode things ;) [Steve Clement]
|
||
|
||
* [moz500] Fix the confusion about Moz.com and Mozilla.com (#107) [Steve Clement]
|
||
|
||
fix: [moz500] Fix the confusion about Moz.com and Mozilla.com
|
||
|
||
* [moz500] Fix the confusion about Moz.com and Mozilla.com. [Steve Clement]
|
||
|
||
* [tools] Made python scripts executable. (#105) [Steve Clement]
|
||
|
||
fix: [tools] Made python scripts executable.
|
||
|
||
* [tools] Made python scripts executable. [Steve Clement]
|
||
|
||
* Wrong file name in the scripts. [Raphaël Vinot]
|
||
|
||
* Flienames of new warning lists. [Raphaël Vinot]
|
||
|
||
* Common IOC warning list added. [Alexandre Dulaunoy]
|
||
|
||
* Various fixes + add number of elements in each lists. [Alexandre Dulaunoy]
|
||
|
||
* Perfect match is string ;-) [Alexandre Dulaunoy]
|
||
|
||
* Reverse.it added to the list of dynamic malware analysis tools. [Alexandre Dulaunoy]
|
||
|
||
* CIDR block added. [Alexandre Dulaunoy]
|
||
|
||
* Public-dns-hostname not following schema. [Raphaël Vinot]
|
||
|
||
* Resolver expressed as hostname removed. [Alexandre Dulaunoy]
|
||
|
||
* Typo fixed for Travis. [Alexandre Dulaunoy]
|
||
|
||
* Jq output to /dev/null - Travis. [Alexandre Dulaunoy]
|
||
|
||
* JSON tests. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #178 from Wiscy-Security/main. [Alexandre Dulaunoy]
|
||
|
||
Added new warninglist for Stackpath CDN
|
||
|
||
* Add stackpath to generate_all.sh script. [Kevin Holvoet]
|
||
|
||
* Gave execute permissions to generate_phone_numbers.py. [Kevin Holvoet]
|
||
|
||
* Created new Stackpath CDN IP list. [Kevin Holvoet]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #176 from przemekzny/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [przemekzny]
|
||
|
||
Added domains of PKO Bank Polski S.A.
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #173 from DocArmoryTech/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Added Neo23x0/ti-falsepositive warninglist
|
||
|
||
* Corrected version number to one. [Cormac Doherty]
|
||
|
||
* Jq all the things. [Cormac Doherty]
|
||
|
||
* Added Neo23x0/ti-falsepositive warninglist. [DocArmoryTech]
|
||
|
||
Neo23x0:Neo23x0/ti-falsepositive is a "hash generator for typical false positive hashes".
|
||
|
||
This warninglist was generated using a modified version of the generator (see: DocArmoryTech:DocArmoryTech-mispwl)
|
||
|
||
`python3 ./fp-hashes.py > list.json`
|
||
|
||
* Merge pull request #172 from pettai/Fastly. [Alexandre Dulaunoy]
|
||
|
||
Add Fastly IPs
|
||
|
||
* Add Fastly IPs. [pettai]
|
||
|
||
Add all Fastlys IP addresses
|
||
|
||
* Merge pull request #170 from chrisr3d/main. [Alexandre Dulaunoy]
|
||
|
||
Added a few more entries to the phone numbers warninglist
|
||
|
||
* Add: A few more phone numbers regexes. [chrisr3d]
|
||
|
||
* Add: Added regexes for the american fictitious numbers in the list. [chrisr3d]
|
||
|
||
* Merge pull request #168 from chrisr3d/main. [Alexandre Dulaunoy]
|
||
|
||
New warning list for unattributed phone numbers
|
||
|
||
* Add: Added phone numbers warninglist to the list. [chrisr3d]
|
||
|
||
* Add: New Warninglist for phone numbers that should never be attributed. [chrisr3d]
|
||
|
||
- First examples filling the list of regexes: the
|
||
phone numbers used for audiovisual works, or
|
||
the communications companies internal numbers.
|
||
Those phone numbers are reserved and should
|
||
never be given to any user
|
||
- We'll add as well the numbers reserved for the
|
||
american audiovisual works soon
|
||
|
||
* Merge pull request #166 from pettai/GCP. [Alexandre Dulaunoy]
|
||
|
||
Add GCP IPs
|
||
|
||
* +jq_all_the_things.sh. [pettai]
|
||
|
||
missed to run jq_all_the_things.sh
|
||
|
||
* Add GCP IPs. [pettai]
|
||
|
||
Add GCP (Google Cloud Platform) IP addresses
|
||
|
||
* Merge pull request #165 from HugeekMcGill/main. [Alexandre Dulaunoy]
|
||
|
||
Adding replacement for wildcard and dash inputs
|
||
|
||
* Adding replacement for wildcard and dash inputs. [hugeek]
|
||
|
||
* Merge pull request #164 from cyber288/main. [Alexandre Dulaunoy]
|
||
|
||
Change hostname type to string type for multiple lists
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Update version number. [cyber288]
|
||
|
||
* Update version number. [cyber288]
|
||
|
||
* Update version number. [cyber288]
|
||
|
||
* Fix date. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Changed matching algorithm to string. [cyber288]
|
||
|
||
* Merge pull request #163 from rhaist/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Create requirements.txt
|
||
|
||
* Create requirements.txt. [Robert Haist]
|
||
|
||
Those are the additional Python3 requirements I needed to generate all the lists.
|
||
|
||
* Changed matching algorithm to string. [Andras Iklody]
|
||
|
||
Example for a dangerous entry: dropbox.com with the hostname algorithm and url as a valid attribute type means that https://dropbox.com/malicious/files.exe would get excluded from the automation systems when using the warninglist.
|
||
|
||
I've changed the algorithm to full string matches.
|
||
|
||
* Merge pull request #162 from Wiscy-Security/main. [Alexandre Dulaunoy]
|
||
|
||
Refactor last scripts, central logging, central directory for downloads, automation script
|
||
|
||
* Merge upstream, update lists, fix conflicts. [Kevin Holvoet]
|
||
|
||
Merge remote-tracking branch 'upstream/main' into main
|
||
|
||
* Merge pull request #161 from bartblaze/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Add new domains
|
||
|
||
* Add new domains. [Bart]
|
||
|
||
* Merge pull request #157 from sustefil/fix-issue-156. [Alexandre Dulaunoy]
|
||
|
||
Fix generator.py:download_to_file
|
||
|
||
* Fix generator.py:download_to_file. [Filip Suster]
|
||
|
||
When some script which is using generator.py module (e.g. generate-publicdns.py) is run for the
|
||
first time, the file is missing and unhandled exception is thrown
|
||
|
||
* Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet]
|
||
|
||
* Merge pull request #154 from Wiscy-Security/main. [Alexandre Dulaunoy]
|
||
|
||
Refactoring of code + updates of warninglists
|
||
|
||
* Refactor last scripts, logging, central directory for downloads. [Kevin Holvoet]
|
||
|
||
* Refactored generate_moz-top50.py
|
||
* Download all file to new /tmp file to centralize all downloads
|
||
* Add central logging to generators.log file
|
||
* Create Bash script that generates all warninglists
|
||
* Add /tmp folder and extra files to .gitignore
|
||
* Start adding exception handling in download_to_file and write_to_file
|
||
|
||
* Refactor more generators. [Kevin Holvoet]
|
||
|
||
* Remove extra .txt extension from downloaded filed. [Kevin Holvoet]
|
||
|
||
* Add check if downloaded file has changed on server before downloading. [Kevin Holvoet]
|
||
|
||
* Refactor code to make it simpler/more uniform. [Kevin Holvoet]
|
||
|
||
* Chg generator-publicdns: work with new CSV format 1. The CSV format has changed with the update on 2020-07-14. 2. The script also generates IPv4, IPv6, and the hostname lists at once. 3. Downloaded file added to .gitignore. [Kevin Holvoet]
|
||
|
||
* Solved LGTM alerts. [Kevin Holvoet]
|
||
|
||
* Added multiple lists from Cisco Umbrella list. Solves issue #24 and #13. [Kevin Holvoet]
|
||
|
||
* Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet]
|
||
|
||
* Merge pull request #153 from Wiscy-Security/main. [Alexandre Dulaunoy]
|
||
|
||
Change tool/scripts permission + update tranco lists
|
||
|
||
* Updated lists after updating scripts. [Kevin Holvoet]
|
||
|
||
* Add .gitignore for downloaded files, refactor code for generators: use central module, remove useless code, fix minor issues. [Kevin Holvoet]
|
||
|
||
* Fix Microsoft Azure generator: format changed from XML to JSON + download link changed. [Kevin Holvoet]
|
||
|
||
* Merge tranco scripts,:generate_tranco.py generates both full and 10k list. [Kevin Holvoet]
|
||
|
||
* Automatically copy output to list.json file in correct folder. [Kevin Holvoet]
|
||
|
||
* Refactored mozilla certificate generator: solve relative path issue, remove unused code, refactor structure of code. [Kevin Holvoet]
|
||
|
||
* Renamed cisco top1m to top1k to reflect reality. [Kevin Holvoet]
|
||
|
||
* Update Tranco & Tranco10k list. [Kevin Holvoet]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #151 from JakubOnderka/tlds-update. [Alexandre Dulaunoy]
|
||
|
||
Update TLDs list
|
||
|
||
* Update TLDs list. [Jakub Onderka]
|
||
|
||
* Merge pull request #150 from houey/patch-3. [Alexandre Dulaunoy]
|
||
|
||
adding forms.gle which is for google forms.
|
||
|
||
* Adding forms.gle which is for google forms. [Houston]
|
||
|
||
adding forms.gle to the list. This is a short link for Google Forms managed by Google Firebase
|
||
|
||
* Merge pull request #149 from houey/patch-2. [Alexandre Dulaunoy]
|
||
|
||
added gvt1.com to Google domains warning list.
|
||
|
||
* Added gvt1.com to Google domains warning list. [Houston]
|
||
|
||
* Merge pull request #148 from GlennHD/master. [Alexandre Dulaunoy]
|
||
|
||
Fixed typo in list.json of Tranco10k
|
||
|
||
* Fixed typo. [GlennHD]
|
||
|
||
Fixed typo in list.json
|
||
|
||
* Merge branch 'GlennHD-master' [Alexandre Dulaunoy]
|
||
|
||
* Update README.md. [GlennHD]
|
||
|
||
* Added Tranco10k list. [GlennHD]
|
||
|
||
* Create tranco10k list.json. [GlennHD]
|
||
|
||
* Added tranco10k. [GlennHD]
|
||
|
||
* Merge pull request #146 from GlennHD/patch-3. [Alexandre Dulaunoy]
|
||
|
||
Added Majestic Million to Readme
|
||
|
||
* Added Majestic Million to Readme. [GlennHD]
|
||
|
||
Added Majestic Million to Readme
|
||
|
||
* Merge pull request #145 from JakubOnderka/validate-values. [Andras Iklody]
|
||
|
||
Validate values in CI
|
||
|
||
* Validate values in CI. [Jakub Onderka]
|
||
|
||
* Merge pull request #143 from bartblaze/patch-9. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Make hostname only, same for another one already in the list.
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
* Jq the covid lists. [iglocska]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [iglocska]
|
||
|
||
* Merge pull request #140 from kirzaks/master. [Alexandre Dulaunoy]
|
||
|
||
Arcgis whitelistening
|
||
|
||
* Version change. [Armins Palms]
|
||
|
||
* Arcgis whitelist. [Armins Palms]
|
||
|
||
* Merge pull request #138 from bartblaze/patch-8. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Add CAPEv2
|
||
|
||
* Merge pull request #137 from gallypette/patch-1. [Alexandre Dulaunoy]
|
||
|
||
chg: [covid] adding luxemburg's covid domains.
|
||
|
||
* Merge pull request #136 from rommelfs/patch-2. [Alexandre Dulaunoy]
|
||
|
||
duplicate removed
|
||
|
||
* Duplicate removed. [Sascha Rommelfangen]
|
||
|
||
* Merge pull request #135 from rommelfs/patch-1. [Christophe Vandeplas]
|
||
|
||
added info-coronavirus.be
|
||
|
||
* Added info-coronavirus.be. [Sascha Rommelfangen]
|
||
|
||
* Update to the covid list. [Andras Iklody]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #133 from GlennHD/patch-2. [Alexandre Dulaunoy]
|
||
|
||
Create list.json
|
||
|
||
* Create list.json. [GlennHD]
|
||
|
||
* Merge pull request #132 from GlennHD/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Create generate_majestic-million.py
|
||
|
||
* Create generate_majestic-million.py. [GlennHD]
|
||
|
||
Pulls top 10K of the most referred to hosts from Majestic Million.
|
||
|
||
* Merge pull request #131 from bartblaze/patch-7. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Adds localizaip domains.
|
||
|
||
* Merge pull request #130 from houey/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Added domain cutt.ly
|
||
|
||
* Added domain cutt.ly. [Houston]
|
||
|
||
* Merge pull request #129 from StefanKelm/master. [Andras Iklody]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [StefanKelm]
|
||
|
||
merky.de
|
||
|
||
* Merge pull request #128 from davidljohnson/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Added windowsupdate.com domain
|
||
|
||
* Added windowsupdate.com domain. [David J]
|
||
|
||
I received false positives and detections for this domain. Thought it should added.
|
||
|
||
* Merge pull request #127 from bartblaze/patch-6. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Adds ipv6-test
|
||
|
||
* Merge pull request #126 from elhoim/master. [Andras Iklody]
|
||
|
||
Added domains using Azuredns-prd.info as Nameserver
|
||
|
||
* Added domains using Azuredns-prd.info as Nameserver. [David André]
|
||
|
||
azuredns-prd.info is verified as being Microsoft owned and operated for some Azure related domains
|
||
|
||
* Merge pull request #125 from certbe-trey/master. [Alexandre Dulaunoy]
|
||
|
||
Add Tranco warning list (and generator)
|
||
|
||
* Add Tranco warning list to README. [Trey Darley]
|
||
|
||
* Add Tranco warning list (https://tranco-list.eu/) [Trey Darley]
|
||
|
||
* Add script to generate warning list from Tranco (https://tranco-list.eu/) [Trey Darley]
|
||
|
||
* Merge pull request #124 from bartblaze/patch-5. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Bump version number, add/edit domains.
|
||
|
||
* Merge pull request #123 from bartblaze/patch-4. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Add Extreme IP.
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #122 from wesinator/patch-1. [Alexandre Dulaunoy]
|
||
|
||
add sinkhole IP
|
||
|
||
* Add sinkhole IP. [Ԝеѕ]
|
||
|
||
https://dns.google.com/query?name=sinkhole.dynu.net
|
||
https://dns.google.com/query?name=a.sinkhole.yourtrap.com&type=A&dnssec=true
|
||
|
||
* Merge pull request #121 from bartblaze/patch-3. [Alexandre Dulaunoy]
|
||
|
||
Add domain
|
||
|
||
* Add domain. [Bart]
|
||
|
||
* Merge pull request #120 from bartblaze/patch-2. [Alexandre Dulaunoy]
|
||
|
||
Add sndbox
|
||
|
||
* Add sndbox. [Bart]
|
||
|
||
* Merge pull request #119 from wesinator/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Add additional Sinkhole IPs
|
||
|
||
* Add additional Sinkhole IPs. [Ԝеѕ]
|
||
|
||
https://github.com/brakmic/Sinkholes/pull/10/files
|
||
https://github.com/brakmic/Sinkholes/pull/12/files
|
||
https://github.com/grettir/malware-sinkholes/pull/2/files
|
||
|
||
* Merge pull request #118 from mkb2091/master. [Alexandre Dulaunoy]
|
||
|
||
Fixed typo in akamai list description
|
||
|
||
* Fixed typo in akamai list description. [Alex Williams]
|
||
|
||
* Merge pull request #117 from bartblaze/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Update list.json
|
||
|
||
* Update list.json. [Bart]
|
||
|
||
Add some systems.
|
||
|
||
* Merge pull request #115 from gallypette/master. [Alexandre Dulaunoy]
|
||
|
||
Wikimedia
|
||
|
||
* Add: [wikimedia] adds a warning list for wikimedia infrastructure. [Jean-Louis Huynen]
|
||
|
||
* Merge pull request #113 from droe/master. [Alexandre Dulaunoy]
|
||
|
||
Fix minor field syntax error in google-gmail-sending-ips
|
||
|
||
* Remove erroneous space character and bump version. [Daniel Roethlisberger]
|
||
|
||
* Merge pull request #112 from elhoim/master. [Andras Iklody]
|
||
|
||
Three new warning lists
|
||
|
||
* Modified README to includ three new added warning lists. [elhoim]
|
||
|
||
* Added list for Googlebot crawler IP ranges. [elhoim]
|
||
|
||
* Added list with Google gmail sending IPs. [elhoim]
|
||
|
||
* Added list and tool to generate list for cloudflare IP ranges. [elhoim]
|
||
|
||
* Merge pull request #111 from github-pba/more-german-banks. [Alexandre Dulaunoy]
|
||
|
||
URL change ING, new bank Mainzer Volksbank
|
||
|
||
* Name change ING, new bank Mainzer Volksbank. [github-pba]
|
||
|
||
* Update list.json. [cgi1]
|
||
|
||
Adding BMW
|
||
|
||
* Dax30 inital version. [cgi1]
|
||
|
||
* Merge pull request #106 from SteveClement/tools. [Alexandre Dulaunoy]
|
||
|
||
fix: [alexa] The generator wants to decode things ;)
|
||
|
||
* Merge pull request #103 from obert01/remove-pastebin. [Alexandre Dulaunoy]
|
||
|
||
Removed pastebin.com, as it is not a security provider.
|
||
|
||
* Removed pastebin.com, as it is not a security provider. [Olivier BERT]
|
||
|
||
It is often used by malware to download configuration or payloads.
|
||
|
||
* Merge pull request #101 from crondaemon/crondaemon. [Alexandre Dulaunoy]
|
||
|
||
Remove wrong line from vpn-ipv4.
|
||
|
||
* Remove wrong line from vpn-ipv4. [Dario Lombardo]
|
||
|
||
* Merge pull request #100 from zMathieu/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Transform URL to domains for few entries
|
||
|
||
* Transform URL to domains for few entries. [zMathieu]
|
||
|
||
Remove / or http for some domains.
|
||
|
||
* Add: [doc] mozilla CA and intermediate CA added. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #99 from CERN-CERT/certificates. [Alexandre Dulaunoy]
|
||
|
||
Add warning lists based on Mozilla's trusted CA and Intermediates
|
||
|
||
* CAs: Fix final new line in json. [Vincent Brillault]
|
||
|
||
* CAs: Fix json indentation (2 spaces, not 4) [Vincent Brillault]
|
||
|
||
* Mozilla CA/intermediate: also match x509-fingerprint-* [Vincent Brillault]
|
||
|
||
* Add warning lists based on Mozilla's trusted CA and Intermediates. [Vincent Brillault]
|
||
|
||
* Add: Test for list.json filename. [Raphaël Vinot]
|
||
|
||
* Merge pull request #98 from liviuvalsan/domain_ips. [Alexandre Dulaunoy]
|
||
|
||
Make sure that matching attributes are consistent for lists that include domains
|
||
|
||
* Make sure that matching attributes are consistent for lists that include domains. [Liviu Valsan]
|
||
|
||
* Merge pull request #97 from kx499/master. [Alexandre Dulaunoy]
|
||
|
||
A couple of office 365 list fixes
|
||
|
||
* Updated office 365 file names, changed string to substring, and changed lists.json to list.json. [Faber]
|
||
|
||
* Merge branch 'kx499-master' [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of https://github.com/kx499/misp-warninglists into kx499-master. [Alexandre Dulaunoy]
|
||
|
||
* Updated MS O365 script to handle json and updated list.json. [Faber]
|
||
|
||
* Merge branch 'kx499-master' [Alexandre Dulaunoy]
|
||
|
||
* Adding akamai warning list. [Faber]
|
||
|
||
* Merge pull request #93 from ater49/master. [Alexandre Dulaunoy]
|
||
|
||
Adding university domains warninglist
|
||
|
||
* Correcting updater. [ater49]
|
||
|
||
* Correcting updater. [ater49]
|
||
|
||
* Correction of duplicate. [ater49]
|
||
|
||
* Adding updater for crl warninglist. [ater49]
|
||
|
||
* Adding update tool for university domains list. [ater49]
|
||
|
||
* Adding university domains warninglist from issue #38. [ater49]
|
||
|
||
* Merge pull request #91 from ater49/master. [Alexandre Dulaunoy]
|
||
|
||
Adding CRL Whistelist (Issue #83)
|
||
|
||
* Modifying type from string to substring. [ater49]
|
||
|
||
* Modifying version number to int. [ater49]
|
||
|
||
* Correction for non-unique values in json. [ater49]
|
||
|
||
* Adding CRL Whistelist (Issue #83) [ater49]
|
||
|
||
* Merge pull request #90 from ater49/master. [Alexandre Dulaunoy]
|
||
|
||
Adding cape.contextis.com in sandbox warninglist
|
||
|
||
* JQing all the things. [ater49]
|
||
|
||
* Adding "cape.contextis.com" to sandbox warninglists. [ater49]
|
||
|
||
* Merge pull request #89 from robertnixon2003/master. [Andras Iklody]
|
||
|
||
Updated Cisco warninglist
|
||
|
||
* Added type. [Robert Nixon]
|
||
|
||
* Fixed with jq all the things. [Robert Nixon]
|
||
|
||
* Add files via upload. [Robert Nixon]
|
||
|
||
* Update list.json. [Robert Nixon]
|
||
|
||
* Create list.json. [Robert Nixon]
|
||
|
||
* Delete list.json. [Robert Nixon]
|
||
|
||
* Merge pull request #87 from wotschel/master. [Alexandre Dulaunoy]
|
||
|
||
added the shortener of the german state rlp
|
||
|
||
* Added the shortener of the german state rlp. [Bjoern Mainz]
|
||
|
||
added the shortener of the german state rhineland-palatinate (rlp)
|
||
|
||
* Merge pull request #86 from StefanKelm/master. [Alexandre Dulaunoy]
|
||
|
||
more german bank sites
|
||
|
||
* More german bank sites. [StefanKelm]
|
||
|
||
* Merge pull request #85 from mlodic/master. [Alexandre Dulaunoy]
|
||
|
||
fixed value in ovh-cluster and added new url shortener
|
||
|
||
* Fixed value in ovh-cluster and added new url shortener. [Matteo Lodi]
|
||
|
||
* Merge pull request #84 from liviuvalsan/update-security-provider-blogpost. [Alexandre Dulaunoy]
|
||
|
||
Removing imgur.com from the list of known security providers/vendors blog domains
|
||
|
||
* Removing imgur.com from the list of known security providers/vendors blog domains. [Liviu Valsan]
|
||
|
||
* Merge pull request #82 from robertnixon2003/master. [Alexandre Dulaunoy]
|
||
|
||
Updated Cisco Top 1000 List
|
||
|
||
* Updated list "version": 20181012. [Robert Nixon]
|
||
|
||
* Deleting list to add updated list. [Robert Nixon]
|
||
|
||
* Add: [doc] added the new sinkholes list. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #80 from ater49/master. [Alexandre Dulaunoy]
|
||
|
||
New warninglist for bank websites.
|
||
|
||
* New warninglist for bank websites. The list is based on university proxylist (ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/bank.tar.gz). [ater49]
|
||
|
||
* Merge pull request #79 from StefanKelm/master. [Alexandre Dulaunoy]
|
||
|
||
New list: Windows 10 connection endpoints
|
||
|
||
* Win10 connection endpoints. [Stefan Kelm]
|
||
|
||
* New list: win10 connection endpoints. [Stefan Kelm]
|
||
|
||
* Merge pull request #78 from robertnixon2003/master. [Alexandre Dulaunoy]
|
||
|
||
Fixed cisco gen script
|
||
|
||
* Pulled list again after fixing generation script. [Robert Nixon]
|
||
|
||
* Fixed TLD truncation issue. [Robert Nixon]
|
||
|
||
Fixed TLD truncation issue
|
||
|
||
* Merge pull request #76 from robertnixon2003/master. [Alexandre Dulaunoy]
|
||
|
||
replace Alexa with Cisco Umbrella
|
||
|
||
* Added Alexa list back. [Robert Nixon]
|
||
|
||
* Added generate_alexa.py back and added type param. [Robert Nixon]
|
||
|
||
* Updated list. [Robert Nixon]
|
||
|
||
* Not sure why Travis is failing. [Robert Nixon]
|
||
|
||
* Added type for Travis. [Robert Nixon]
|
||
|
||
* Removing gen Alexa. [Robert Nixon]
|
||
|
||
* New script to generate Cisco Umbrella Top 1000. [Robert Nixon]
|
||
|
||
* Created new list. [Robert Nixon]
|
||
|
||
* Removed Alexa List. [Robert Nixon]
|
||
|
||
* Add: [microsoft-attack-simulator] warning list about phishing campaign for "security awareness" [Alexandre Dulaunoy]
|
||
|
||
* Add: common IOC false-positives as mentioned by Florian Roth. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #73 from raw-data/master. [Alexandre Dulaunoy]
|
||
|
||
[add] new domain for whats-my-ip section
|
||
|
||
* [add] new domain for whats-my-ip section. [raw-data]
|
||
|
||
* Merge pull request #71 from xbmc-goph/patch-2. [Alexandre Dulaunoy]
|
||
|
||
Update version file
|
||
|
||
* Update version file. [xbmc-goph]
|
||
|
||
* Merge pull request #70 from xbmc-goph/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Updated with italian "what's my ip" services
|
||
|
||
* Added the required separtor #2. [xbmc-goph]
|
||
|
||
* Added the required separator. [xbmc-goph]
|
||
|
||
* Updated with italian "what's my ip" services. [xbmc-goph]
|
||
|
||
* Merge pull request #69 from raw-data/master. [Alexandre Dulaunoy]
|
||
|
||
[ADD] new domains for whats-my-ip section and url-shortener section
|
||
|
||
* [ADD] 1 new domain for url-shortener section. [raw-data]
|
||
|
||
* [ADD] 3 new domains for whats-my-ip section. [raw-data]
|
||
|
||
* Merge pull request #68 from raw-data/master. [Alexandre Dulaunoy]
|
||
|
||
[ADD] 3 new domains for whats-my-ip section
|
||
|
||
* [ADD] 1 new domain for url-shortener section. [raw-data]
|
||
|
||
* [ADD] 3 new domains for whats-my-ip section. [raw-data]
|
||
|
||
* [ADD] 3 new domains for whats-my-ip section. [raw-data]
|
||
|
||
* Merge pull request #67 from droe/master. [Alexandre Dulaunoy]
|
||
|
||
Add reference to PyMISPWarningLists
|
||
|
||
* Add reference to PyMISPWarningLists. [Daniel Roethlisberger]
|
||
|
||
* Add: BIT gTLD was missing. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #65 from StefanKelm/master. [Alexandre Dulaunoy]
|
||
|
||
add RFC 6761 list
|
||
|
||
* Update list.json. [StefanKelm]
|
||
|
||
* Update README.md. [StefanKelm]
|
||
|
||
* Update list.json. [StefanKelm]
|
||
|
||
* Update list.json. [StefanKelm]
|
||
|
||
* Create list.json. [StefanKelm]
|
||
|
||
* Merge branch 'gizolka-master' [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of https://github.com/gizolka/misp-warninglists into gizolka-master. [Alexandre Dulaunoy]
|
||
|
||
* Created a converter of MISP warning lists to asciidoctor format. [Joanna]
|
||
|
||
* Fix #64. [Alexandre Dulaunoy]
|
||
|
||
* Indeed LoL is not a security provider ;-) Fix #62. [Alexandre Dulaunoy]
|
||
|
||
* Add: OVH cluster. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #61 from ater49/dev. [Alexandre Dulaunoy]
|
||
|
||
Adding Ovh-cluster WarningList
|
||
|
||
* Modification of errors in json. [ater49]
|
||
|
||
* Modify errors. [ater49]
|
||
|
||
* Revert "New WarningList for OVH Cluster" [ater49]
|
||
|
||
Thir reverts commit 2bf5201110859bbc2b108178ee673b858bb4e3d5.
|
||
|
||
* New WarningList for OVH Cluster. [ater49]
|
||
|
||
* OVH Cluster IP add to misp-warninglists. [ater49]
|
||
|
||
* Merge pull request #57 from eCrimeLabs/master. [Alexandre Dulaunoy]
|
||
|
||
Bugfix and update
|
||
|
||
* Updated with IPv6 addresses. [eCrimeLabs]
|
||
|
||
* Bugfix (l.append) [eCrimeLabs]
|
||
|
||
* Add: amazon-aws warning lists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #55 from eCrimeLabs/master. [Alexandre Dulaunoy]
|
||
|
||
Amazon AWS IP range for Warninglists
|
||
|
||
* Bugfix type. [eCrimeLabs]
|
||
|
||
* Fixed typo. [eCrimeLabs]
|
||
|
||
* "type": "cidr", [eCrimeLabs]
|
||
|
||
* Added "type": "cidr", [eCrimeLabs]
|
||
|
||
* Update generate-amazon-aws.py. [eCrimeLabs]
|
||
|
||
* Added Warninglists for Amazon AWS. [root]
|
||
|
||
* Merge pull request #1 from eCrimeLabs/eCrimeLabs-dev. [eCrimeLabs]
|
||
|
||
Generate json file of Amazon AWS IP's
|
||
|
||
* Generate json file of Amazon AWS IP's. [eCrimeLabs]
|
||
|
||
* Merge pull request #56 from sebdraven/master. [Alexandre Dulaunoy]
|
||
|
||
add app.any.run in warninglists
|
||
|
||
* Add app.any.run in warninglists. [Sébastien Larinier]
|
||
|
||
* Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy]
|
||
|
||
add security provider blogpost warninglist
|
||
|
||
* Elements must be unique. [Deborah Servili]
|
||
|
||
* Add security provider blogpost warninglist. [Deborah Servili]
|
||
|
||
* Merge pull request #52 from cgi1/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Resolving outdated list from #51
|
||
|
||
* Resolving outdated list from #51. [cgi1]
|
||
|
||
@adulau
|
||
|
||
* Merge pull request #48 from elhoim/patch-2. [Andras Iklody]
|
||
|
||
Added some security vendors sites
|
||
|
||
* Added some security vendors sites. [David André]
|
||
|
||
* Add: regex type added as now available in MISP https://github.com/MISP/MISP/commit/98e07175a898434a0cdc82f3dff0e957bd28ea29. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #47 from elhoim/patch-1. [Andras Iklody]
|
||
|
||
Changed matching algorithm to domain to avoid false positive matches
|
||
|
||
* Changed matching algorithm to domain to avoid false positive matches. [David André]
|
||
|
||
Changed matching algorithm to domain to avoid false positive matches + version bump
|
||
|
||
* Version bump. [iglocska]
|
||
|
||
* Wrong algorithm. [iglocska]
|
||
|
||
* Changed matching algorithm to domain to avoid false positive matches. [iglocska]
|
||
|
||
* Merge pull request #46 from c-goes/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Fix link to ipv6-linklocal list
|
||
|
||
* Fix link to ipv6-linklocal list. [c-goes]
|
||
|
||
* Add: automated-malware-analysis known domain list. [Alexandre Dulaunoy]
|
||
|
||
Fix #45
|
||
|
||
* Add: Microsoft Azure Datacenter IP Ranges added including tool to generate the JSON. [Alexandre Dulaunoy]
|
||
|
||
Fix #43
|
||
|
||
* Fix (temp): office 365 warning list only matching as substring (new list for CIDR block matching required) [Alexandre Dulaunoy]
|
||
|
||
* Add: list of Microsoft office365/azure in China + extraction tool added. [Alexandre Dulaunoy]
|
||
|
||
fix #42
|
||
|
||
* Office 365 warning-list updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Changed type and parser for hostname based public resolver list. [iglocska]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #44 from cvandeplas/master. [Alexandre Dulaunoy]
|
||
|
||
quad9 project
|
||
|
||
* Quad9 project. [Christophe Vandeplas]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot]
|
||
|
||
* Merge pull request #39 from ater49/patch-1. [Alexandre Dulaunoy]
|
||
|
||
checkip.amazonaws.com added into warninglist
|
||
|
||
* Update list.json. [ater49]
|
||
|
||
Comma added to the line
|
||
|
||
* Update list.json. [ater49]
|
||
|
||
Just to add checkip.amazonaws.com into WarningList
|
||
|
||
* List of known public DNS resolvers expressed as hostname added. [Alexandre Dulaunoy]
|
||
|
||
The list has been separated from ipv4 list to be sure matching works in
|
||
MISP
|
||
|
||
* Changed warninglist from sting matches to hostname type. [Andras Iklody]
|
||
|
||
* Merge pull request #35 from rmarsollier/ggl. [Alexandre Dulaunoy]
|
||
|
||
adding some google owned domains v2
|
||
|
||
* Solving last problem with google domain list. [rmarsollier]
|
||
|
||
* Adding wikipedia scrapper for google domains. [rmarsollier]
|
||
|
||
* Importing google domains from wikipedia. [rmarsollier]
|
||
|
||
* Merge pull request #31 from rmarsollier/patch-2. [Alexandre Dulaunoy]
|
||
|
||
Fixing #23
|
||
|
||
* Fix typo. [RbN]
|
||
|
||
* Adding domains of #23. [RbN]
|
||
|
||
* Merge pull request #30 from rmarsollier/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Adding sha224 to empty_hashs
|
||
|
||
* Adding sha224. [RbN]
|
||
|
||
d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f is a sha224, let's use it.
|
||
|
||
* Fixed #25 adding more URL shorteners. [Alexandre Dulaunoy]
|
||
|
||
* Run JQ on empty-hashes. [Raphaël Vinot]
|
||
|
||
* Matching_attributes isn't required. [Raphaël Vinot]
|
||
|
||
* Merge pull request #22 from devnull-/eicar.com. [Andras Iklody]
|
||
|
||
No attribute filtering -- eicar.com
|
||
|
||
* Add matching_attributes. [devnull-]
|
||
|
||
* Merge pull request #21 from devnull-/empty-hashes. [Andras Iklody]
|
||
|
||
No attribute filtering -- empty-hashes
|
||
|
||
* Formating. [devnull-]
|
||
|
||
* Add matching_attributes. [devnull-]
|
||
|
||
* Merge pull request #1 from MISP/master. [devnull-]
|
||
|
||
Pull update
|
||
|
||
* Do not allow additional properties in the schema. [Raphaël Vinot]
|
||
|
||
* Update travis. [Raphaël Vinot]
|
||
|
||
* Fix JQ all the things. [Raphaël Vinot]
|
||
|
||
* Revert "JQ all the things" [Raphaël Vinot]
|
||
|
||
This reverts commit d422560a4e773d1fd58193a2fa3633e1d9265217.
|
||
|
||
* Install dep. [Raphaël Vinot]
|
||
|
||
* Fix travis. [Raphaël Vinot]
|
||
|
||
* JQ all the things. [Raphaël Vinot]
|
||
|
||
* Update lists, add schema. [Raphaël Vinot]
|
||
|
||
* EICAR added in the README. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #20 from michael-hamm/eicar.com. [Alexandre Dulaunoy]
|
||
|
||
Hashes for EICAR, EICAR zip and EICAR 2x zip.
|
||
|
||
* Hashes for EICAR, EICAR zip and EICAR 2x zip. [Michael Hamm]
|
||
|
||
* RFC 6598 added in the README. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #19 from michael-hamm/rfc6598. [Alexandre Dulaunoy]
|
||
|
||
RFC 6598 - Carrier- Grade NAT (CGN) devices
|
||
|
||
* RFC 6598 - Carrier- Grade NAT (CGN) devices. [Michael Hamm]
|
||
|
||
* Merge pull request #18 from nbareil/master. [Alexandre Dulaunoy]
|
||
|
||
No attribute filtering
|
||
|
||
* Adds matching_attribute. [Nicolas Bareil]
|
||
|
||
* Typo in the name. [Nicolas Bareil]
|
||
|
||
* Type of warning-list added. [Alexandre Dulaunoy]
|
||
|
||
* Bumped the date to force an update. [Iglocska]
|
||
|
||
* Merge branch 'master' of https://github.com/MISP/misp-warninglists. [Iglocska]
|
||
|
||
* Date updated. [Alexandre Dulaunoy]
|
||
|
||
* Switched alexa to the "hostname" list. [Iglocska]
|
||
|
||
* Added url type to the alexa list. [Iglocska]
|
||
|
||
* Type was not declared as substring. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #16 from devnull-/URL-shortener-services. [Alexandre Dulaunoy]
|
||
|
||
Warning list URL shorteners services
|
||
|
||
* Merge branch 'master' into URL-shortener-services. [devnull-]
|
||
|
||
* Merge pull request #15 from devnull-/whats-my-ip. [Alexandre Dulaunoy]
|
||
|
||
Warning list "What's my IP" domains
|
||
|
||
* Add types URI & URL. [devnull-]
|
||
|
||
* Add ip-score.com. [devnull-]
|
||
|
||
* Warning list "What's my IP" service. [devnull-]
|
||
|
||
* Warning list URL shorteners services. [devnull-]
|
||
|
||
* Substring added (to support the new substring matching) [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #12 from CZ-NIC/master. [Alexandre Dulaunoy]
|
||
|
||
Checks for open resolvers in the list of IPs.
|
||
|
||
* Checks for open resolvers in the list of IPs. [Edvard Rejthar]
|
||
|
||
Is able to fetch the MISP warning list a say if there are some resolvers.
|
||
|
||
* Add version and name to the office365 warning list. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #10 from Maijin/master. [Raphaël Vinot]
|
||
|
||
Add Comodo public DNS
|
||
|
||
* Add Comodo public DNS. [Maijin]
|
||
|
||
* Office 365 URLs and IP address ranges added. [Alexandre Dulaunoy]
|
||
|
||
* Known microsoft domains added. [Alexandre Dulaunoy]
|
||
|
||
* Warning list of known microsoft domains added. [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #8 from claudex/fix-travis. [Alexandre Dulaunoy]
|
||
|
||
Fix travis build
|
||
|
||
* View error output from jq. [Xavier Claude]
|
||
|
||
* Fix travis build using jq from packages. [Xavier Claude]
|
||
|
||
* License clarified. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #6 from claudex/dns. [Alexandre Dulaunoy]
|
||
|
||
Use DNS list from http://public-dns.info/
|
||
|
||
* Add public dns v4 and v6 resolvers IP from the tool. [Xavier Claude]
|
||
|
||
* Add a tool to generate public dns resolver list. [Xavier Claude]
|
||
|
||
The tool generate two lists, one for IPv4 (list4.json) and one for IPv6
|
||
(list6.json) to allow the user to only enable one of the two.
|
||
|
||
The list is downloaded from http://public-dns.info/ and a sample of the
|
||
list was tested with:
|
||
|
||
for dns in $( awk -F "," '{ print $1 }' < nameservers.csv ) ; do dig +noedns @$dns google.com | grep NOERROR 1>/dev/null || echo $dns ; done
|
||
|
||
~95% of the tested servers responded. So the list is not all crap.
|
||
|
||
* Merge pull request #7 from claudex/rfc4291. [Alexandre Dulaunoy]
|
||
|
||
Add IPv6 link local prefix
|
||
|
||
* Add IPv6 link local prefix. [Xavier Claude]
|
||
|
||
* Merge pull request #5 from claudex/alexa. [Alexandre Dulaunoy]
|
||
|
||
Alexa
|
||
|
||
* Actualy put alexa 1000 top domains in the output list. [Xavier Claude]
|
||
|
||
* Write the alexa top1M zip file after download. [Xavier Claude]
|
||
|
||
* Fix alexa top1M url. [Xavier Claude]
|
||
|
||
* Merge pull request #4 from claudex/rfc3849. [Alexandre Dulaunoy]
|
||
|
||
Add RFC 3849 - IPv6 prefix for documentation
|
||
|
||
* Add RFC 3849 - IPv6 prefix for documentation. [Xavier Claude]
|
||
|
||
* Merge branch 'list_updates' [Iglocska]
|
||
|
||
* Updated warninglists with domains or IP addresses to also include domain|ip type attributes. [Iglocska]
|
||
|
||
- fixes issue as reported by @Delta-Sierra
|
||
|
||
* Build status icon added. [Alexandre Dulaunoy]
|
||
|
||
* Travis test scripts added. [Alexandre Dulaunoy]
|
||
|
||
* RFC 5735 added. [Alexandre Dulaunoy]
|
||
|
||
* Alexa top 1000 list added. [Alexandre Dulaunoy]
|
||
|
||
* Alexa top 1000 MISP warning list added including generation tool. [Alexandre Dulaunoy]
|
||
|
||
* Multicast CIDR blocks added. [Alexandre Dulaunoy]
|
||
|
||
* Rfc5771 added. [Alexandre Dulaunoy]
|
||
|
||
* More public DNS servers added. [Alexandre Dulaunoy]
|
||
|
||
* Google added. [Alexandre Dulaunoy]
|
||
|
||
* List of known google domains and hostnames. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #3 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy]
|
||
|
||
Expand second level tlds from Wikipedia
|
||
|
||
* Expand second level tlds from Wikipedia. [William Robinet]
|
||
|
||
* Second-level of TLD lists. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #2 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy]
|
||
|
||
Add second level tlds from Mozilla Foundation
|
||
|
||
* Add second level tlds from Mozilla Foundation. [William Robinet]
|
||
|
||
* Merge pull request #1 from wllm-rbnt/openresolver. [Alexandre Dulaunoy]
|
||
|
||
Add level3 open resolver
|
||
|
||
* Add level3 open resolver. [William Robinet]
|
||
|
||
* Basic README added. [Alexandre Dulaunoy]
|
||
|
||
* Version added. [Alexandre Dulaunoy]
|
||
|
||
* RFC 1918 networks. [Alexandre Dulaunoy]
|
||
|
||
* Hashes of empty files. [Alexandre Dulaunoy]
|
||
|
||
* Public-dns warning list. [Alexandre Dulaunoy]
|
||
|
||
* Initial list with TLDs. [Alexandre Dulaunoy]
|
||
|
||
|