Skip to content

MISP warning-lists v2.4.142 released (first release to be inline with MISP core software)
Compare
Choose a tag to compare
@adulau adulau released this 26 Apr 09:18
· 407 commits to main since this release
v2.4.142
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Verified
Learn about vigilant mode.
fe4e44b
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Verified
Learn about vigilant mode.

v2.4.142 (2021-04-26)

New

  • GH workflow. [Raphaël Vinot]

  • Added covid generators / lists. [iglocska]

  • Added covid warninglist. [iglocska]

  • Added common warninglists. [iglocska]

  • [list] The Moz Top 500 Domains and Pages (#104) [Steve Clement]

    new: [list] The Moz Top 500 Domains and Pages

  • [list] Added Mozilla Top 500 domains. [Steve Clement]

  • [tool] Generate The Moz top 500 Domain list from https://moz.com/top500. [Steve Clement]

  • [disposal-email] added. [Alexandre Dulaunoy]

  • [disposal-email] a list of disposable and temporary email address domains. [Alexandre Dulaunoy]

    From https://github.com/martenson/disposable-email-domains

    Fix MISP/misp-taxonomies#136

  • [VPN] lists of common VPN IPv4 and IPv6 addresses added. [Alexandre Dulaunoy]

    Source of the IPv4/IPv6 is https://github.com/ejrv/VPNs

Changes

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [lists] updated. [Alexandre Dulaunoy]

  • [stackpath] host IPv6 addresses are without subnet. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [update] run on all. [Alexandre Dulaunoy]

  • [public-resolver] revert to previous one as the source is dropping many known public resolver such as quad9. [Alexandre Dulaunoy]

  • [updates] updated warning-lists. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [updated] warning-lists updated. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [update] automatic update. [Alexandre Dulaunoy]

  • Add PR to GH actions. [Raphaël Vinot]

  • [doc] Travis removed. [Alexandre Dulaunoy]

  • [updates] updated warning lists. [Alexandre Dulaunoy]

  • [warning-list] updated. [Alexandre Dulaunoy]

  • Bump moz-top500. [Raphaël Vinot]

  • [update] misp-warninglists updated. [Alexandre Dulaunoy]

  • [schema] wildmask type added to prepare the merge into MISP. [Alexandre Dulaunoy]

  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]

  • Changed name to be displayed as warning and description. [chrisr3d]

  • Turned the regexes for audiovisual works into a single one. [chrisr3d]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [update] following changes + regular update. [Alexandre Dulaunoy]

  • [automatic updates] all warning-lists. [Alexandre Dulaunoy]

  • [automatic] updated. [Alexandre Dulaunoy]

  • [automatic] updated. [Alexandre Dulaunoy]

  • [tranco] updated. [Alexandre Dulaunoy]

  • [public-dns] updated. [Alexandre Dulaunoy]

  • [microsoft-azure] updated. [Alexandre Dulaunoy]

  • [tld] updated to the latest version. [Alexandre Dulaunoy]

  • [aws] updated. [Alexandre Dulaunoy]

  • [office 365] updated. [Alexandre Dulaunoy]

  • [office 365] updated. [Alexandre Dulaunoy]

  • [mozilla-intermediate-CA] updated to the latest version. [Alexandre Dulaunoy]

  • Chmod +x for new scripts in tools folder. [Kevin Holvoet]

  • [whats-my-ip] fix 152. [Alexandre Dulaunoy]

  • [jq] all. [Alexandre Dulaunoy]

  • [tranco10k] jq all the things. [Alexandre Dulaunoy]

  • [amazon-aws] updated to the latest version. [Alexandre Dulaunoy]

  • [microsoft-office365] updated to the latest version. [Alexandre Dulaunoy]

  • [covid] added covidmemory.lu. [Andras Iklody]

  • Update validate all. [Raphaël Vinot]

  • Add script to make lists unique, and sort the keys. [Raphaël Vinot]

    Update covid lists.

  • Covid lists bumped. [iglocska]

  • [covid] lists updated. [iglocska]

  • [whats-my-ip] Fix #139. [Alexandre Dulaunoy]

  • [covid] aatishb.com added due to https://aatishb.com/covidtrends/ [Alexandre Dulaunoy]

    (thanks to @doegox)

  • [covid] added Heliox_lab domain. [Alexandre Dulaunoy]

  • [covid] adding luxemburg's covid domains. [Jean-Louis Huynen]

  • [doc] updated readme with covid list. [Christophe Vandeplas]

  • [covid] added Portugal and Belgium. [Christophe Vandeplas]

  • [tranco] updated to the latest version. [Alexandre Dulaunoy]

  • [office365] updated to the latest version. [Alexandre Dulaunoy]

  • [cloudflare] updated to the latest version. [Alexandre Dulaunoy]

  • [aws] updated. [Alexandre Dulaunoy]

  • [cloudflare] updated. [Alexandre Dulaunoy]

  • [office365] IP addresses and domains updated. [Alexandre Dulaunoy]

  • [doc] wikimedia warning-list added. [Alexandre Dulaunoy]

  • [wikimedia] jq all the things. [Jean-Louis Huynen]

  • [university_domains] updated to the latest version. [Alexandre Dulaunoy]

  • [disposable] updated to the latest version. [Alexandre Dulaunoy]

  • [vpn] IP addresses updated. [Alexandre Dulaunoy]

  • [mozilla] CA list updated. [Alexandre Dulaunoy]

  • [empty-hashes] empty ssdeep hashes added. [Alexandre Dulaunoy]

  • [dax30] updated and fixed. [Alexandre Dulaunoy]

  • [alexa] Updated with the script in tools. [Steve Clement]

  • [moz500] Fix actual list. [Steve Clement]

  • [moz500] Added Pages too. Updated list. [Steve Clement]

  • [moz500] Added info how to regenerate, added provisional urls/files to topPages. [Steve Clement]

  • [security-provider-blogpost] version updated. [Alexandre Dulaunoy]

  • [doc] list of warning-lists updated. [Alexandre Dulaunoy]

  • [o365 ip] title of the warning list changed. [Alexandre Dulaunoy]

  • [o365 tools] fix title of the IP address warning list. [Alexandre Dulaunoy]

  • [o365] separate Microsoft Office 365 lists (hostname and IP addresses) [Alexandre Dulaunoy]

  • [o365] jq all the things. [Alexandre Dulaunoy]

  • [tools] alexa script fixed. [Alexandre Dulaunoy]

  • [alexa] updated to the latest version (seems to be back) [Alexandre Dulaunoy]

  • [tools] fix cisco script. [Alexandre Dulaunoy]

  • [cisco/umbrella top list] updated to the latest version. [Alexandre Dulaunoy]

  • [amazon-aws] updated to the latest version available. [Alexandre Dulaunoy]

  • [README] added university domains. [Alexandre Dulaunoy]

  • [doc] akamai network added. [Alexandre Dulaunoy]

  • [akamai] jq everything. [Alexandre Dulaunoy]

  • [doc] CRL list added. [Alexandre Dulaunoy]

  • [public-dns-v6] cloudflare dns added. [Alexandre Dulaunoy]

  • [public-dns-v4] cloudflare recursive dns added. [Alexandre Dulaunoy]

  • [amazon-aws] updated to the recent version. [Alexandre Dulaunoy]

  • [sinkholes] duplicate entry removed. [Alexandre Dulaunoy]

  • [sinkholes] added. [Alexandre Dulaunoy]

  • [doc] new lists added. [Alexandre Dulaunoy]

  • List of warning-lists updated. [Alexandre Dulaunoy]

  • Lists/microsoft-attack-simulator/list.json added. [Alexandre Dulaunoy]

  • Enforce type in schema. [Raphaël Vinot]

  • Remove exec flag on json files. [Raphaël Vinot]

Fix

  • Python 3.9 compat, take 2. [Raphaël Vinot]

  • Python 3.9 compat. [Raphaël Vinot]

  • Changed parsing algorithm to string, see #7c1de70. [Andras Iklody]

  • Sort entries. [Raphaël Vinot]

  • [schema] regexp added as supported type. [Alexandre Dulaunoy]

  • [alex] The generator wants to decode things ;) [Steve Clement]

  • [moz500] Fix the confusion about Moz.com and Mozilla.com (#107) [Steve Clement]

    fix: [moz500] Fix the confusion about Moz.com and Mozilla.com

  • [moz500] Fix the confusion about Moz.com and Mozilla.com. [Steve Clement]

  • [tools] Made python scripts executable. (#105) [Steve Clement]

    fix: [tools] Made python scripts executable.

  • [tools] Made python scripts executable. [Steve Clement]

  • Wrong file name in the scripts. [Raphaël Vinot]

  • Flienames of new warning lists. [Raphaël Vinot]

  • Common IOC warning list added. [Alexandre Dulaunoy]

  • Various fixes + add number of elements in each lists. [Alexandre Dulaunoy]

  • Perfect match is string ;-) [Alexandre Dulaunoy]

  • Reverse.it added to the list of dynamic malware analysis tools. [Alexandre Dulaunoy]

  • CIDR block added. [Alexandre Dulaunoy]

  • Public-dns-hostname not following schema. [Raphaël Vinot]

  • Resolver expressed as hostname removed. [Alexandre Dulaunoy]

  • Typo fixed for Travis. [Alexandre Dulaunoy]

  • Jq output to /dev/null - Travis. [Alexandre Dulaunoy]

  • JSON tests. [Alexandre Dulaunoy]

Other

  • Merge pull request #178 from Wiscy-Security/main. [Alexandre Dulaunoy]

    Added new warninglist for Stackpath CDN

  • Add stackpath to generate_all.sh script. [Kevin Holvoet]

  • Gave execute permissions to generate_phone_numbers.py. [Kevin Holvoet]

  • Created new Stackpath CDN IP list. [Kevin Holvoet]

  • Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]

  • Merge pull request #176 from przemekzny/patch-1. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [przemekzny]

    Added domains of PKO Bank Polski S.A.

  • Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]

  • Merge pull request #173 from DocArmoryTech/patch-1. [Alexandre Dulaunoy]

    Added Neo23x0/ti-falsepositive warninglist

  • Corrected version number to one. [Cormac Doherty]

  • Jq all the things. [Cormac Doherty]

  • Added Neo23x0/ti-falsepositive warninglist. [DocArmoryTech]

    Neo23x0:Neo23x0/ti-falsepositive is a "hash generator for typical false positive hashes".

    This warninglist was generated using a modified version of the generator (see: DocArmoryTech:DocArmoryTech-mispwl)

    python3 ./fp-hashes.py > list.json

  • Merge pull request #172 from pettai/Fastly. [Alexandre Dulaunoy]

    Add Fastly IPs

  • Add Fastly IPs. [pettai]

    Add all Fastlys IP addresses

  • Merge pull request #170 from chrisr3d/main. [Alexandre Dulaunoy]

    Added a few more entries to the phone numbers warninglist

  • Add: A few more phone numbers regexes. [chrisr3d]

  • Add: Added regexes for the american fictitious numbers in the list. [chrisr3d]

  • Merge pull request #168 from chrisr3d/main. [Alexandre Dulaunoy]

    New warning list for unattributed phone numbers

  • Add: Added phone numbers warninglist to the list. [chrisr3d]

  • Add: New Warninglist for phone numbers that should never be attributed. [chrisr3d]

    • First examples filling the list of regexes: the
      phone numbers used for audiovisual works, or
      the communications companies internal numbers.
      Those phone numbers are reserved and should
      never be given to any user
    • We'll add as well the numbers reserved for the
      american audiovisual works soon

  • Merge pull request #166 from pettai/GCP. [Alexandre Dulaunoy]

    Add GCP IPs

  • +jq_all_the_things.sh. [pettai]

    missed to run jq_all_the_things.sh

  • Add GCP IPs. [pettai]

    Add GCP (Google Cloud Platform) IP addresses

  • Merge pull request #165 from HugeekMcGill/main. [Alexandre Dulaunoy]

    Adding replacement for wildcard and dash inputs

  • Adding replacement for wildcard and dash inputs. [hugeek]

  • Merge pull request #164 from cyber288/main. [Alexandre Dulaunoy]

    Change hostname type to string type for multiple lists

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Update version number. [cyber288]

  • Update version number. [cyber288]

  • Update version number. [cyber288]

  • Fix date. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Changed matching algorithm to string. [cyber288]

  • Merge pull request #163 from rhaist/patch-1. [Alexandre Dulaunoy]

    Create requirements.txt

  • Create requirements.txt. [Robert Haist]

    Those are the additional Python3 requirements I needed to generate all the lists.

  • Changed matching algorithm to string. [Andras Iklody]

    Example for a dangerous entry: dropbox.com with the hostname algorithm and url as a valid attribute type means that https://dropbox.com/malicious/files.exe would get excluded from the automation systems when using the warninglist.

    I've changed the algorithm to full string matches.

  • Merge pull request #162 from Wiscy-Security/main. [Alexandre Dulaunoy]

    Refactor last scripts, central logging, central directory for downloads, automation script

  • Merge upstream, update lists, fix conflicts. [Kevin Holvoet]

    Merge remote-tracking branch 'upstream/main' into main

  • Merge pull request #161 from bartblaze/patch-1. [Alexandre Dulaunoy]

    Add new domains

  • Add new domains. [Bart]

  • Merge pull request #157 from sustefil/fix-issue-156. [Alexandre Dulaunoy]

    Fix generator.py:download_to_file

  • Fix generator.py:download_to_file. [Filip Suster]

    When some script which is using generator.py module (e.g. generate-publicdns.py) is run for the
    first time, the file is missing and unhandled exception is thrown

  • Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet]

  • Merge pull request #154 from Wiscy-Security/main. [Alexandre Dulaunoy]

    Refactoring of code + updates of warninglists

  • Refactor last scripts, logging, central directory for downloads. [Kevin Holvoet]

    • Refactored generate_moz-top50.py
    • Download all file to new /tmp file to centralize all downloads
    • Add central logging to generators.log file
    • Create Bash script that generates all warninglists
    • Add /tmp folder and extra files to .gitignore
    • Start adding exception handling in download_to_file and write_to_file

  • Refactor more generators. [Kevin Holvoet]

  • Remove extra .txt extension from downloaded filed. [Kevin Holvoet]

  • Add check if downloaded file has changed on server before downloading. [Kevin Holvoet]

  • Refactor code to make it simpler/more uniform. [Kevin Holvoet]

  • Chg generator-publicdns: work with new CSV format 1. The CSV format has changed with the update on 2020-07-14. 2. The script also generates IPv4, IPv6, and the hostname lists at once. 3. Downloaded file added to .gitignore. [Kevin Holvoet]

  • Solved LGTM alerts. [Kevin Holvoet]

  • Added multiple lists from Cisco Umbrella list. Solves issue #24 and #13. [Kevin Holvoet]

  • Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet]

  • Merge pull request #153 from Wiscy-Security/main. [Alexandre Dulaunoy]

    Change tool/scripts permission + update tranco lists

  • Updated lists after updating scripts. [Kevin Holvoet]

  • Add .gitignore for downloaded files, refactor code for generators: use central module, remove useless code, fix minor issues. [Kevin Holvoet]

  • Fix Microsoft Azure generator: format changed from XML to JSON + download link changed. [Kevin Holvoet]

  • Merge tranco scripts,:generate_tranco.py generates both full and 10k list. [Kevin Holvoet]

  • Automatically copy output to list.json file in correct folder. [Kevin Holvoet]

  • Refactored mozilla certificate generator: solve relative path issue, remove unused code, refactor structure of code. [Kevin Holvoet]

  • Renamed cisco top1m to top1k to reflect reality. [Kevin Holvoet]

  • Update Tranco & Tranco10k list. [Kevin Holvoet]

  • Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]

  • Merge pull request #151 from JakubOnderka/tlds-update. [Alexandre Dulaunoy]

    Update TLDs list

  • Update TLDs list. [Jakub Onderka]

  • Merge pull request #150 from houey/patch-3. [Alexandre Dulaunoy]

    adding forms.gle which is for google forms.

  • Adding forms.gle which is for google forms. [Houston]

    adding forms.gle to the list. This is a short link for Google Forms managed by Google Firebase

  • Merge pull request #149 from houey/patch-2. [Alexandre Dulaunoy]

    added gvt1.com to Google domains warning list.

  • Added gvt1.com to Google domains warning list. [Houston]

  • Merge pull request #148 from GlennHD/master. [Alexandre Dulaunoy]

    Fixed typo in list.json of Tranco10k

  • Fixed typo. [GlennHD]

    Fixed typo in list.json

  • Merge branch 'GlennHD-master' [Alexandre Dulaunoy]

  • Update README.md. [GlennHD]

  • Added Tranco10k list. [GlennHD]

  • Create tranco10k list.json. [GlennHD]

  • Added tranco10k. [GlennHD]

  • Merge pull request #146 from GlennHD/patch-3. [Alexandre Dulaunoy]

    Added Majestic Million to Readme

  • Added Majestic Million to Readme. [GlennHD]

    Added Majestic Million to Readme

  • Merge pull request #145 from JakubOnderka/validate-values. [Andras Iklody]

    Validate values in CI

  • Validate values in CI. [Jakub Onderka]

  • Merge pull request #143 from bartblaze/patch-9. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Make hostname only, same for another one already in the list.

  • Update list.json. [Bart]

  • Jq the covid lists. [iglocska]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [iglocska]

  • Merge pull request #140 from kirzaks/master. [Alexandre Dulaunoy]

    Arcgis whitelistening

  • Version change. [Armins Palms]

  • Arcgis whitelist. [Armins Palms]

  • Merge pull request #138 from bartblaze/patch-8. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Add CAPEv2

  • Merge pull request #137 from gallypette/patch-1. [Alexandre Dulaunoy]

    chg: [covid] adding luxemburg's covid domains.

  • Merge pull request #136 from rommelfs/patch-2. [Alexandre Dulaunoy]

    duplicate removed

  • Duplicate removed. [Sascha Rommelfangen]

  • Merge pull request #135 from rommelfs/patch-1. [Christophe Vandeplas]

    added info-coronavirus.be

  • Added info-coronavirus.be. [Sascha Rommelfangen]

  • Update to the covid list. [Andras Iklody]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #133 from GlennHD/patch-2. [Alexandre Dulaunoy]

    Create list.json

  • Create list.json. [GlennHD]

  • Merge pull request #132 from GlennHD/patch-1. [Alexandre Dulaunoy]

    Create generate_majestic-million.py

  • Create generate_majestic-million.py. [GlennHD]

    Pulls top 10K of the most referred to hosts from Majestic Million.

  • Merge pull request #131 from bartblaze/patch-7. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Adds localizaip domains.

  • Merge pull request #130 from houey/patch-1. [Alexandre Dulaunoy]

    Added domain cutt.ly

  • Added domain cutt.ly. [Houston]

  • Merge pull request #129 from StefanKelm/master. [Andras Iklody]

    Update list.json

  • Update list.json. [StefanKelm]

    merky.de

  • Merge pull request #128 from davidljohnson/patch-1. [Alexandre Dulaunoy]

    Added windowsupdate.com domain

  • Added windowsupdate.com domain. [David J]

    I received false positives and detections for this domain. Thought it should added.

  • Merge pull request #127 from bartblaze/patch-6. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Adds ipv6-test

  • Merge pull request #126 from elhoim/master. [Andras Iklody]

    Added domains using Azuredns-prd.info as Nameserver

  • Added domains using Azuredns-prd.info as Nameserver. [David André]

    azuredns-prd.info is verified as being Microsoft owned and operated for some Azure related domains

  • Merge pull request #125 from certbe-trey/master. [Alexandre Dulaunoy]

    Add Tranco warning list (and generator)

  • Add Tranco warning list to README. [Trey Darley]

  • Add Tranco warning list (https://tranco-list.eu/) [Trey Darley]

  • Add script to generate warning list from Tranco (https://tranco-list.eu/) [Trey Darley]

  • Merge pull request #124 from bartblaze/patch-5. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Bump version number, add/edit domains.

  • Merge pull request #123 from bartblaze/patch-4. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Add Extreme IP.

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #122 from wesinator/patch-1. [Alexandre Dulaunoy]

    add sinkhole IP

  • Add sinkhole IP. [Ԝеѕ]

    https://dns.google.com/query?name=sinkhole.dynu.net
    https://dns.google.com/query?name=a.sinkhole.yourtrap.com&type=A&dnssec=true

  • Merge pull request #121 from bartblaze/patch-3. [Alexandre Dulaunoy]

    Add domain

  • Add domain. [Bart]

  • Merge pull request #120 from bartblaze/patch-2. [Alexandre Dulaunoy]

    Add sndbox

  • Add sndbox. [Bart]

  • Merge pull request #119 from wesinator/patch-1. [Alexandre Dulaunoy]

    Add additional Sinkhole IPs

  • Add additional Sinkhole IPs. [Ԝеѕ]

    https://github.com/brakmic/Sinkholes/pull/10/files
    https://github.com/brakmic/Sinkholes/pull/12/files
    https://github.com/grettir/malware-sinkholes/pull/2/files

  • Merge pull request #118 from mkb2091/master. [Alexandre Dulaunoy]

    Fixed typo in akamai list description

  • Fixed typo in akamai list description. [Alex Williams]

  • Merge pull request #117 from bartblaze/patch-1. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [Bart]

    Add some systems.

  • Merge pull request #115 from gallypette/master. [Alexandre Dulaunoy]

    Wikimedia

  • Add: [wikimedia] adds a warning list for wikimedia infrastructure. [Jean-Louis Huynen]

  • Merge pull request #113 from droe/master. [Alexandre Dulaunoy]

    Fix minor field syntax error in google-gmail-sending-ips

  • Remove erroneous space character and bump version. [Daniel Roethlisberger]

  • Merge pull request #112 from elhoim/master. [Andras Iklody]

    Three new warning lists

  • Modified README to includ three new added warning lists. [elhoim]

  • Added list for Googlebot crawler IP ranges. [elhoim]

  • Added list with Google gmail sending IPs. [elhoim]

  • Added list and tool to generate list for cloudflare IP ranges. [elhoim]

  • Merge pull request #111 from github-pba/more-german-banks. [Alexandre Dulaunoy]

    URL change ING, new bank Mainzer Volksbank

  • Name change ING, new bank Mainzer Volksbank. [github-pba]

  • Update list.json. [cgi1]

    Adding BMW

  • Dax30 inital version. [cgi1]

  • Merge pull request #106 from SteveClement/tools. [Alexandre Dulaunoy]

    fix: [alexa] The generator wants to decode things ;)

  • Merge pull request #103 from obert01/remove-pastebin. [Alexandre Dulaunoy]

    Removed pastebin.com, as it is not a security provider.

  • Removed pastebin.com, as it is not a security provider. [Olivier BERT]

    It is often used by malware to download configuration or payloads.

  • Merge pull request #101 from crondaemon/crondaemon. [Alexandre Dulaunoy]

    Remove wrong line from vpn-ipv4.

  • Remove wrong line from vpn-ipv4. [Dario Lombardo]

  • Merge pull request #100 from zMathieu/patch-1. [Alexandre Dulaunoy]

    Transform URL to domains for few entries

  • Transform URL to domains for few entries. [zMathieu]

    Remove / or http for some domains.

  • Add: [doc] mozilla CA and intermediate CA added. [Alexandre Dulaunoy]

  • Merge pull request #99 from CERN-CERT/certificates. [Alexandre Dulaunoy]

    Add warning lists based on Mozilla's trusted CA and Intermediates

  • CAs: Fix final new line in json. [Vincent Brillault]

  • CAs: Fix json indentation (2 spaces, not 4) [Vincent Brillault]

  • Mozilla CA/intermediate: also match x509-fingerprint-* [Vincent Brillault]

  • Add warning lists based on Mozilla's trusted CA and Intermediates. [Vincent Brillault]

  • Add: Test for list.json filename. [Raphaël Vinot]

  • Merge pull request #98 from liviuvalsan/domain_ips. [Alexandre Dulaunoy]

    Make sure that matching attributes are consistent for lists that include domains

  • Make sure that matching attributes are consistent for lists that include domains. [Liviu Valsan]

  • Merge pull request #97 from kx499/master. [Alexandre Dulaunoy]

    A couple of office 365 list fixes

  • Updated office 365 file names, changed string to substring, and changed lists.json to list.json. [Faber]

  • Merge branch 'kx499-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/kx499/misp-warninglists into kx499-master. [Alexandre Dulaunoy]

  • Updated MS O365 script to handle json and updated list.json. [Faber]

  • Merge branch 'kx499-master' [Alexandre Dulaunoy]

  • Adding akamai warning list. [Faber]

  • Merge pull request #93 from ater49/master. [Alexandre Dulaunoy]

    Adding university domains warninglist

  • Correcting updater. [ater49]

  • Correcting updater. [ater49]

  • Correction of duplicate. [ater49]

  • Adding updater for crl warninglist. [ater49]

  • Adding update tool for university domains list. [ater49]

  • Adding university domains warninglist from issue #38. [ater49]

  • Merge pull request #91 from ater49/master. [Alexandre Dulaunoy]

    Adding CRL Whistelist (Issue #83)

  • Modifying type from string to substring. [ater49]

  • Modifying version number to int. [ater49]

  • Correction for non-unique values in json. [ater49]

  • Adding CRL Whistelist (Issue #83) [ater49]

  • Merge pull request #90 from ater49/master. [Alexandre Dulaunoy]

    Adding cape.contextis.com in sandbox warninglist

  • JQing all the things. [ater49]

  • Adding "cape.contextis.com" to sandbox warninglists. [ater49]

  • Merge pull request #89 from robertnixon2003/master. [Andras Iklody]

    Updated Cisco warninglist

  • Added type. [Robert Nixon]

  • Fixed with jq all the things. [Robert Nixon]

  • Add files via upload. [Robert Nixon]

  • Update list.json. [Robert Nixon]

  • Create list.json. [Robert Nixon]

  • Delete list.json. [Robert Nixon]

  • Merge pull request #87 from wotschel/master. [Alexandre Dulaunoy]

    added the shortener of the german state rlp

  • Added the shortener of the german state rlp. [Bjoern Mainz]

    added the shortener of the german state rhineland-palatinate (rlp)

  • Merge pull request #86 from StefanKelm/master. [Alexandre Dulaunoy]

    more german bank sites

  • More german bank sites. [StefanKelm]

  • Merge pull request #85 from mlodic/master. [Alexandre Dulaunoy]

    fixed value in ovh-cluster and added new url shortener

  • Fixed value in ovh-cluster and added new url shortener. [Matteo Lodi]

  • Merge pull request #84 from liviuvalsan/update-security-provider-blogpost. [Alexandre Dulaunoy]

    Removing imgur.com from the list of known security providers/vendors blog domains

  • Removing imgur.com from the list of known security providers/vendors blog domains. [Liviu Valsan]

  • Merge pull request #82 from robertnixon2003/master. [Alexandre Dulaunoy]

    Updated Cisco Top 1000 List

  • Updated list "version": 20181012. [Robert Nixon]

  • Deleting list to add updated list. [Robert Nixon]

  • Add: [doc] added the new sinkholes list. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #80 from ater49/master. [Alexandre Dulaunoy]

    New warninglist for bank websites.

  • New warninglist for bank websites. The list is based on university proxylist (ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/bank.tar.gz). [ater49]

  • Merge pull request #79 from StefanKelm/master. [Alexandre Dulaunoy]

    New list: Windows 10 connection endpoints

  • Win10 connection endpoints. [Stefan Kelm]

  • New list: win10 connection endpoints. [Stefan Kelm]

  • Merge pull request #78 from robertnixon2003/master. [Alexandre Dulaunoy]

    Fixed cisco gen script

  • Pulled list again after fixing generation script. [Robert Nixon]

  • Fixed TLD truncation issue. [Robert Nixon]

    Fixed TLD truncation issue

  • Merge pull request #76 from robertnixon2003/master. [Alexandre Dulaunoy]

    replace Alexa with Cisco Umbrella

  • Added Alexa list back. [Robert Nixon]

  • Added generate_alexa.py back and added type param. [Robert Nixon]

  • Updated list. [Robert Nixon]

  • Not sure why Travis is failing. [Robert Nixon]

  • Added type for Travis. [Robert Nixon]

  • Removing gen Alexa. [Robert Nixon]

  • New script to generate Cisco Umbrella Top 1000. [Robert Nixon]

  • Created new list. [Robert Nixon]

  • Removed Alexa List. [Robert Nixon]

  • Add: [microsoft-attack-simulator] warning list about phishing campaign for "security awareness" [Alexandre Dulaunoy]

  • Add: common IOC false-positives as mentioned by Florian Roth. [Alexandre Dulaunoy]

  • Merge pull request #73 from raw-data/master. [Alexandre Dulaunoy]

    [add] new domain for whats-my-ip section

  • [add] new domain for whats-my-ip section. [raw-data]

  • Merge pull request #71 from xbmc-goph/patch-2. [Alexandre Dulaunoy]

    Update version file

  • Update version file. [xbmc-goph]

  • Merge pull request #70 from xbmc-goph/patch-1. [Alexandre Dulaunoy]

    Updated with italian "what's my ip" services

  • Added the required separtor #2. [xbmc-goph]

  • Added the required separator. [xbmc-goph]

  • Updated with italian "what's my ip" services. [xbmc-goph]

  • Merge pull request #69 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] new domains for whats-my-ip section and url-shortener section

  • [ADD] 1 new domain for url-shortener section. [raw-data]

  • [ADD] 3 new domains for whats-my-ip section. [raw-data]

  • Merge pull request #68 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] 3 new domains for whats-my-ip section

  • [ADD] 1 new domain for url-shortener section. [raw-data]

  • [ADD] 3 new domains for whats-my-ip section. [raw-data]

  • [ADD] 3 new domains for whats-my-ip section. [raw-data]

  • Merge pull request #67 from droe/master. [Alexandre Dulaunoy]

    Add reference to PyMISPWarningLists

  • Add reference to PyMISPWarningLists. [Daniel Roethlisberger]

  • Add: BIT gTLD was missing. [Alexandre Dulaunoy]

  • Merge pull request #65 from StefanKelm/master. [Alexandre Dulaunoy]

    add RFC 6761 list

  • Update list.json. [StefanKelm]

  • Update README.md. [StefanKelm]

  • Update list.json. [StefanKelm]

  • Update list.json. [StefanKelm]

  • Create list.json. [StefanKelm]

  • Merge branch 'gizolka-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/gizolka/misp-warninglists into gizolka-master. [Alexandre Dulaunoy]

  • Created a converter of MISP warning lists to asciidoctor format. [Joanna]

  • Fix #64. [Alexandre Dulaunoy]

  • Indeed LoL is not a security provider ;-) Fix #62. [Alexandre Dulaunoy]

  • Add: OVH cluster. [Alexandre Dulaunoy]

  • Merge pull request #61 from ater49/dev. [Alexandre Dulaunoy]

    Adding Ovh-cluster WarningList

  • Modification of errors in json. [ater49]

  • Modify errors. [ater49]

  • Revert "New WarningList for OVH Cluster" [ater49]

    Thir reverts commit 2bf5201.

  • New WarningList for OVH Cluster. [ater49]

  • OVH Cluster IP add to misp-warninglists. [ater49]

  • Merge pull request #57 from eCrimeLabs/master. [Alexandre Dulaunoy]

    Bugfix and update

  • Updated with IPv6 addresses. [eCrimeLabs]

  • Bugfix (l.append) [eCrimeLabs]

  • Add: amazon-aws warning lists. [Alexandre Dulaunoy]

  • Merge pull request #55 from eCrimeLabs/master. [Alexandre Dulaunoy]

    Amazon AWS IP range for Warninglists

  • Bugfix type. [eCrimeLabs]

  • Fixed typo. [eCrimeLabs]

  • "type": "cidr", [eCrimeLabs]

  • Added "type": "cidr", [eCrimeLabs]

  • Update generate-amazon-aws.py. [eCrimeLabs]

  • Added Warninglists for Amazon AWS. [root]

  • Merge pull request #1 from eCrimeLabs/eCrimeLabs-dev. [eCrimeLabs]

    Generate json file of Amazon AWS IP's

  • Generate json file of Amazon AWS IP's. [eCrimeLabs]

  • Merge pull request #56 from sebdraven/master. [Alexandre Dulaunoy]

    add app.any.run in warninglists

  • Add app.any.run in warninglists. [Sébastien Larinier]

  • Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add security provider blogpost warninglist

  • Elements must be unique. [Deborah Servili]

  • Add security provider blogpost warninglist. [Deborah Servili]

  • Merge pull request #52 from cgi1/patch-1. [Alexandre Dulaunoy]

    Resolving outdated list from #51

  • Resolving outdated list from #51. [cgi1]

    @adulau

  • Merge pull request #48 from elhoim/patch-2. [Andras Iklody]

    Added some security vendors sites

  • Added some security vendors sites. [David André]

  • Add: regex type added as now available in MISP MISP/MISP@98e0717. [Alexandre Dulaunoy]

  • Merge pull request #47 from elhoim/patch-1. [Andras Iklody]

    Changed matching algorithm to domain to avoid false positive matches

  • Changed matching algorithm to domain to avoid false positive matches. [David André]

    Changed matching algorithm to domain to avoid false positive matches + version bump

  • Version bump. [iglocska]

  • Wrong algorithm. [iglocska]

  • Changed matching algorithm to domain to avoid false positive matches. [iglocska]

  • Merge pull request #46 from c-goes/patch-1. [Alexandre Dulaunoy]

    Fix link to ipv6-linklocal list

  • Fix link to ipv6-linklocal list. [c-goes]

  • Add: automated-malware-analysis known domain list. [Alexandre Dulaunoy]

    Fix #45

  • Add: Microsoft Azure Datacenter IP Ranges added including tool to generate the JSON. [Alexandre Dulaunoy]

    Fix #43

  • Fix (temp): office 365 warning list only matching as substring (new list for CIDR block matching required) [Alexandre Dulaunoy]

  • Add: list of Microsoft office365/azure in China + extraction tool added. [Alexandre Dulaunoy]

    fix #42

  • Office 365 warning-list updated to the latest version. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Changed type and parser for hostname based public resolver list. [iglocska]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #44 from cvandeplas/master. [Alexandre Dulaunoy]

    quad9 project

  • Quad9 project. [Christophe Vandeplas]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot]

  • Merge pull request #39 from ater49/patch-1. [Alexandre Dulaunoy]

    checkip.amazonaws.com added into warninglist

  • Update list.json. [ater49]

    Comma added to the line

  • Update list.json. [ater49]

    Just to add checkip.amazonaws.com into WarningList

  • List of known public DNS resolvers expressed as hostname added. [Alexandre Dulaunoy]

    The list has been separated from ipv4 list to be sure matching works in
    MISP

  • Changed warninglist from sting matches to hostname type. [Andras Iklody]

  • Merge pull request #35 from rmarsollier/ggl. [Alexandre Dulaunoy]

    adding some google owned domains v2

  • Solving last problem with google domain list. [rmarsollier]

  • Adding wikipedia scrapper for google domains. [rmarsollier]

  • Importing google domains from wikipedia. [rmarsollier]

  • Merge pull request #31 from rmarsollier/patch-2. [Alexandre Dulaunoy]

    Fixing #23

  • Fix typo. [RbN]

  • Adding domains of #23. [RbN]

  • Merge pull request #30 from rmarsollier/patch-1. [Alexandre Dulaunoy]

    Adding sha224 to empty_hashs

  • Adding sha224. [RbN]

    d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f is a sha224, let's use it.

  • Fixed #25 adding more URL shorteners. [Alexandre Dulaunoy]

  • Run JQ on empty-hashes. [Raphaël Vinot]

  • Matching_attributes isn't required. [Raphaël Vinot]

  • Merge pull request #22 from devnull-/eicar.com. [Andras Iklody]

    No attribute filtering -- eicar.com

  • Add matching_attributes. [devnull-]

  • Merge pull request #21 from devnull-/empty-hashes. [Andras Iklody]

    No attribute filtering -- empty-hashes

  • Formating. [devnull-]

  • Add matching_attributes. [devnull-]

  • Merge pull request #1 from MISP/master. [devnull-]

    Pull update

  • Do not allow additional properties in the schema. [Raphaël Vinot]

  • Update travis. [Raphaël Vinot]

  • Fix JQ all the things. [Raphaël Vinot]

  • Revert "JQ all the things" [Raphaël Vinot]

    This reverts commit d422560.

  • Install dep. [Raphaël Vinot]

  • Fix travis. [Raphaël Vinot]

  • JQ all the things. [Raphaël Vinot]

  • Update lists, add schema. [Raphaël Vinot]

  • EICAR added in the README. [Alexandre Dulaunoy]

  • Merge pull request #20 from michael-hamm/eicar.com. [Alexandre Dulaunoy]

    Hashes for EICAR, EICAR zip and EICAR 2x zip.

  • Hashes for EICAR, EICAR zip and EICAR 2x zip. [Michael Hamm]

  • RFC 6598 added in the README. [Alexandre Dulaunoy]

  • Merge pull request #19 from michael-hamm/rfc6598. [Alexandre Dulaunoy]

    RFC 6598 - Carrier- Grade NAT (CGN) devices

  • RFC 6598 - Carrier- Grade NAT (CGN) devices. [Michael Hamm]

  • Merge pull request #18 from nbareil/master. [Alexandre Dulaunoy]

    No attribute filtering

  • Adds matching_attribute. [Nicolas Bareil]

  • Typo in the name. [Nicolas Bareil]

  • Type of warning-list added. [Alexandre Dulaunoy]

  • Bumped the date to force an update. [Iglocska]

  • Merge branch 'master' of https://github.com/MISP/misp-warninglists. [Iglocska]

  • Date updated. [Alexandre Dulaunoy]

  • Switched alexa to the "hostname" list. [Iglocska]

  • Added url type to the alexa list. [Iglocska]

  • Type was not declared as substring. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #16 from devnull-/URL-shortener-services. [Alexandre Dulaunoy]

    Warning list URL shorteners services

  • Merge branch 'master' into URL-shortener-services. [devnull-]

  • Merge pull request #15 from devnull-/whats-my-ip. [Alexandre Dulaunoy]

    Warning list "What's my IP" domains

  • Add types URI & URL. [devnull-]

  • Add ip-score.com. [devnull-]

  • Warning list "What's my IP" service. [devnull-]

  • Warning list URL shorteners services. [devnull-]

  • Substring added (to support the new substring matching) [Alexandre Dulaunoy]

  • Merge pull request #12 from CZ-NIC/master. [Alexandre Dulaunoy]

    Checks for open resolvers in the list of IPs.

  • Checks for open resolvers in the list of IPs. [Edvard Rejthar]

    Is able to fetch the MISP warning list a say if there are some resolvers.

  • Add version and name to the office365 warning list. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #10 from Maijin/master. [Raphaël Vinot]

    Add Comodo public DNS

  • Add Comodo public DNS. [Maijin]

  • Office 365 URLs and IP address ranges added. [Alexandre Dulaunoy]

  • Known microsoft domains added. [Alexandre Dulaunoy]

  • Warning list of known microsoft domains added. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy]

  • Merge pull request #8 from claudex/fix-travis. [Alexandre Dulaunoy]

    Fix travis build

  • View error output from jq. [Xavier Claude]

  • Fix travis build using jq from packages. [Xavier Claude]

  • License clarified. [Alexandre Dulaunoy]

  • Merge pull request #6 from claudex/dns. [Alexandre Dulaunoy]

    Use DNS list from http://public-dns.info/

  • Add public dns v4 and v6 resolvers IP from the tool. [Xavier Claude]

  • Add a tool to generate public dns resolver list. [Xavier Claude]

    The tool generate two lists, one for IPv4 (list4.json) and one for IPv6
    (list6.json) to allow the user to only enable one of the two.

    The list is downloaded from http://public-dns.info/ and a sample of the
    list was tested with:

    for dns in $( awk -F "," '{ print $1 }' < nameservers.csv ) ; do dig +noedns @$dns google.com | grep NOERROR 1>/dev/null || echo $dns ; done

    ~95% of the tested servers responded. So the list is not all crap.

  • Merge pull request #7 from claudex/rfc4291. [Alexandre Dulaunoy]

    Add IPv6 link local prefix

  • Add IPv6 link local prefix. [Xavier Claude]

  • Merge pull request #5 from claudex/alexa. [Alexandre Dulaunoy]

    Alexa

  • Actualy put alexa 1000 top domains in the output list. [Xavier Claude]

  • Write the alexa top1M zip file after download. [Xavier Claude]

  • Fix alexa top1M url. [Xavier Claude]

  • Merge pull request #4 from claudex/rfc3849. [Alexandre Dulaunoy]

    Add RFC 3849 - IPv6 prefix for documentation

  • Add RFC 3849 - IPv6 prefix for documentation. [Xavier Claude]

  • Merge branch 'list_updates' [Iglocska]

  • Updated warninglists with domains or IP addresses to also include domain|ip type attributes. [Iglocska]

  • Build status icon added. [Alexandre Dulaunoy]

  • Travis test scripts added. [Alexandre Dulaunoy]

  • RFC 5735 added. [Alexandre Dulaunoy]

  • Alexa top 1000 list added. [Alexandre Dulaunoy]

  • Alexa top 1000 MISP warning list added including generation tool. [Alexandre Dulaunoy]

  • Multicast CIDR blocks added. [Alexandre Dulaunoy]

  • Rfc5771 added. [Alexandre Dulaunoy]

  • More public DNS servers added. [Alexandre Dulaunoy]

  • Google added. [Alexandre Dulaunoy]

  • List of known google domains and hostnames. [Alexandre Dulaunoy]

  • Merge pull request #3 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy]

    Expand second level tlds from Wikipedia

  • Expand second level tlds from Wikipedia. [William Robinet]

  • Second-level of TLD lists. [Alexandre Dulaunoy]

  • Merge pull request #2 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy]

    Add second level tlds from Mozilla Foundation

  • Add second level tlds from Mozilla Foundation. [William Robinet]

  • Merge pull request #1 from wllm-rbnt/openresolver. [Alexandre Dulaunoy]

    Add level3 open resolver

  • Add level3 open resolver. [William Robinet]

  • Basic README added. [Alexandre Dulaunoy]

  • Version added. [Alexandre Dulaunoy]

  • RFC 1918 networks. [Alexandre Dulaunoy]

  • Hashes of empty files. [Alexandre Dulaunoy]

  • Public-dns warning list. [Alexandre Dulaunoy]

  • Initial list with TLDs. [Alexandre Dulaunoy]

Assets 2
Loading