Skip to content

Releases: MISP/misp-warninglists

MISP Warning Lists version 2024110800 released

11 Nov 08:05
@adulau adulau
2024110800
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
b7fadad
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
Compare
Choose a tag to compare
MISP Warning Lists version 2024110800 released Latest
Latest

Release Notes for MISP-WarningLists

November 2024 Update

New Additions and Changes:

  • Zscaler Source Update:

    • Added the missing script for Zscaler source generation, enhancing the capability to maintain updated and comprehensive warning lists. [Commit: 192534d]

  • Apple IP Ranges Update:

    • Updated the Apple IP ranges based on the latest ARIN allocation, ensuring the lists reflect the current state of Apple’s network allocations. Contributed by Xiufeng Guo. [Commits: 94fdbfd, 934175c]

  • Living Off Trusted Sites (LOTS) Project:

    • Integrated domains from the “Living Off Trusted Sites” project, expanding the warning lists to cover domains that could potentially be leveraged for trusted-based attacks. Initial work contributed by Goodlandsecurity. [Commits: 3f38437, ae6ad98, fc55112]

  • General Updates:

    • Multiple updates and improvements to various warning lists were made to ensure the data remains relevant and effective. [Commits: 018f958, bfbb9a8]

  • Blogpost Link Update:

    • Adjustments made to blogpost links to maintain up-to-date references for associated resources. [Commit: dfef76d]

Contributors:

  • Alexandre Dulaunoy
  • Xiufeng Guo
  • Goodlandsecurity
  • Karen Yousefi
  • Thanat0s

These updates reflect ongoing efforts to maintain and enhance the MISP warning lists, providing better threat intelligence and context for users.

Notes about the release

Starting with this release, misp-warning-lists will be tagged using the %Y%m%d00 format for each new version. This change enables users to easily verify whether they are using the latest release. The versioning is now independent of the MISP core software, as the project is also utilized as a standalone tool in various other applications.

Assets 2
Loading

MISP warning-lists v2.4.142 released (first release to be inline with MISP core software)

26 Apr 09:18
@adulau adulau
v2.4.142
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
fe4e44b
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
Compare
Choose a tag to compare
MISP warning-lists v2.4.142 released (first release to be inline with MISP core software)

v2.4.142 (2021-04-26)

New

  • GH workflow. [Raphaël Vinot]

  • Added covid generators / lists. [iglocska]

  • Added covid warninglist. [iglocska]

  • Added common warninglists. [iglocska]

  • [list] The Moz Top 500 Domains and Pages (#104) [Steve Clement]

    new: [list] The Moz Top 500 Domains and Pages

  • [list] Added Mozilla Top 500 domains. [Steve Clement]

  • [tool] Generate The Moz top 500 Domain list from https://moz.com/top500. [Steve Clement]

  • [disposal-email] added. [Alexandre Dulaunoy]

  • [disposal-email] a list of disposable and temporary email address domains. [Alexandre Dulaunoy]

    From https://github.com/martenson/disposable-email-domains

    Fix MISP/misp-taxonomies#136

  • [VPN] lists of common VPN IPv4 and IPv6 addresses added. [Alexandre Dulaunoy]

    Source of the IPv4/IPv6 is https://github.com/ejrv/VPNs

Changes

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [lists] updated. [Alexandre Dulaunoy]

  • [stackpath] host IPv6 addresses are without subnet. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [update] run on all. [Alexandre Dulaunoy]

  • [public-resolver] revert to previous one as the source is dropping many known public resolver such as quad9. [Alexandre Dulaunoy]

  • [updates] updated warning-lists. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [updated] warning-lists updated. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [update] automatic update. [Alexandre Dulaunoy]

  • Add PR to GH actions. [Raphaël Vinot]

  • [doc] Travis removed. [Alexandre Dulaunoy]

  • [updates] updated warning lists. [Alexandre Dulaunoy]

  • [warning-list] updated. [Alexandre Dulaunoy]

  • Bump moz-top500. [Raphaël Vinot]

  • [update] misp-warninglists updated. [Alexandre Dulaunoy]

  • [schema] wildmask type added to prepare the merge into MISP. [Alexandre Dulaunoy]

  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]

  • Changed name to be displayed as warning and description. [chrisr3d]

  • Turned the regexes for audiovisual works into a single one. [chrisr3d]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [warning-lists] updated. [Alexandre Dulaunoy]

  • [update] following changes + regular update. [Alexandre Dulaunoy]

  • [automatic updates] all warning-lists. [Alexandre Dulaunoy]

  • [automatic] updated. [Alexandre Dulaunoy]

  • [automatic] updated. [Alexandre Dulaunoy]

  • [tranco] updated. [Alexandre Dulaunoy]

  • [public-dns] updated. [Alexandre Dulaunoy]

  • [microsoft-azure] updated. [Alexandre Dulaunoy]

  • [tld] updated to the latest version. [Alexandre Dulaunoy]

  • [aws] updated. [Alexandre Dulaunoy]

  • [office 365] updated. [Alexandre Dulaunoy]

  • [office 365] updated. [Alexandre Dulaunoy]

  • [mozilla-intermediate-CA] updated to the latest version. [Alexandre Dulaunoy]

  • Chmod +x for new scripts in tools folder. [Kevin Holvoet]

  • [whats-my-ip] fix 152. [Alexandre Dulaunoy]

  • [jq] all. [Alexandre Dulaunoy]

  • [tranco10k] jq all the things. [Alexandre Dulaunoy]

  • [amazon-aws] updated to the latest version. [Alexandre Dulaunoy]

  • [microsoft-office365] updated to the latest version. [Alexandre Dulaunoy]

  • [covid] added covidmemory.lu. [Andras Iklody]

  • Update validate all. [Raphaël Vinot]

  • Add script to make lists unique, and sort the keys. [Raphaël Vinot]

    Update covid lists.

  • Covid lists bumped. [iglocska]

  • [covid] lists updated. [iglocska]

  • [whats-my-ip] Fix #139. [Alexandre Dulaunoy]

  • [covid] aatishb.com added due to https://aatishb.com/covidtrends/ [Alexandre Dulaunoy]

    (thanks to @doegox)

  • [covid] added Heliox_lab domain. [Alexandre Dulaunoy]

  • [covid] adding luxemburg's covid domains. [Jean-Louis Huynen]

  • [doc] updated readme with covid list. [Christophe Vandeplas]

  • [covid] added Portugal and Belgium. [Christophe Vandeplas]

  • [tranco] updated to the latest version. [Alexandre Dulaunoy]

  • [office365] updated to the latest version. [Alexandre Dulaunoy]

  • [cloudflare] updated to the latest version. [Alexandre Dulaunoy]

  • [aws] updated. [Alexandre Dulaunoy]

  • [cloudflare] updated. [Alexandre Dulaunoy]

  • [office365] IP addresses and domains updated. [Alexandre Dulaunoy]

  • [doc] wikimedia warning-list added. [Alexandre Dulaunoy]

  • [wikimedia] jq all the things. [Jean-Louis Huynen]

  • [university_domains] updated to the latest version. [Alexandre Dulaunoy]

  • [disposable] updated to the latest version. [Alexandre Dulaunoy]

  • [vpn] IP addresses updated. [Alexandre Dulaunoy]

  • [mozilla] CA list updated. [Alexandre Dulaunoy]

  • [empty-hashes] empty ssdeep hashes added. [Alexandre Dulaunoy]

  • [dax30] updated and fixed. [Alexandre Dulaunoy]

  • [alexa] Updated with the script in tools. [Steve Clement]

  • [moz500] Fix actual list. [Steve Clement]

  • [moz500] Added Pages too. Updated list. [Steve Clement]

  • [moz500] Added info how to regenerate, added provisional urls/files to topPages. [Steve Clement]

  • [security-provider-blogpost] version updated. [Alexandre Dulaunoy]

  • [doc] list of warning-lists updated. [Alexandre Dulaunoy]

  • [o365 ip] title of the warning list changed. [Alexandre Dulaunoy]

  • [o365 tools] fix title of the IP address warning list. [Alexandre Dulaunoy]

  • [o365] separate Microsoft Office 365 lists (hostname and IP addresses) [Alexandre Dulaunoy]

  • [o365] jq all the things. [Alexandre Dulaunoy]

  • [tools] alexa script fixed. [Alexandre Dulaunoy]

  • [alexa] updated to the latest version (seems to be back) [Alexandre Dulaunoy]

  • [tools] fix cisco script. [Alexandre Dulaunoy]

  • [cisco/umbrella top list] updated to the latest version. [Alexandre Dulaunoy]

  • [amazon-aws] updated to the latest version available. [Alexandre Dulaunoy]

  • [README] added university domains. [Alexandre Dulaunoy]

  • [doc] akamai network added. [Alexandre Dulaunoy]

  • [akamai] jq everything. [Alexandre Dulaunoy]

  • [doc] CRL list added. [Alexandre Dulaunoy]

  • [public-dns-v6] cloudflare dns added. [Alexandre Dulaunoy]

  • [public-dns-v4] cloudflare recursive dns added. [Alexandre Dulaunoy]

  • [amazon-aws] updated to the recent version. [Alexandre Dulaunoy]

  • [sinkholes] duplicate entry removed. [Alexandre Dulaunoy]

  • [sinkholes] added. [Alexandre Dulaunoy]

  • [doc] new lists added. [Alexandre Dulaunoy]

  • List of warning-lists updated. [Alexandre Dulaunoy]

  • Lists/microsoft-attack-simulator/list.json added. [Alexandre Dulaunoy]

  • Enforce type in schema. [Raphaël Vinot]

  • Remove exec flag on json files. [Raphaël Vinot]

Fix

  • Python 3.9 compat, take 2. [Raphaël Vinot]

  • Python 3.9 compat. [Raphaël Vinot]

  • Changed parsing algorithm to string, see #7c1de70. [Andras Iklody]

  • Sort entries. [Raphaël Vinot]

  • [schema] regexp added as supported type. [Alexandre Dulaunoy]

  • [alex] The generator wants to decode things ;) [Steve Clement]

  • [moz500] Fix the confusion about Moz.com and Mozilla.com (#107) [Steve Clement]

    fix: [moz500] Fix the confusion about Moz.com and Mozilla.com

  • [moz500] Fix the confusion about Moz.com and Mozilla.com. [Steve Clement]

  • [tools] Made python scripts executable. (#105) [Steve Clement]

    fix: [tools] Made python scripts executable.

  • [tools] Made python scripts executable. [Steve Clement]

  • Wrong file name in the scripts. [Raphaël Vinot]

  • Flienames of new warning lists. [Raphaël Vinot]

  • Common IOC warning list added. [Alexandre Dulaunoy]

  • Various fixes + add number of elements in each lists. [Alexandre Dulaunoy]

  • Perfect match is string ;-) [Alexandre Dulaunoy]

  • Reverse.it added to the list of dynamic malware analysis tools. [Alexandre Dulaunoy]

  • CIDR block added. [Alexandre Dulaunoy]

  • Public-dns-hostname not following schema. [Raphaël Vinot]

  • Resolver expressed as hostname removed. [Alexandre Dulaunoy]

  • Typo fixed for Travis. [Alexandre Dulaunoy]

  • Jq output to /dev/null - Travis. [Alexandre Dulaunoy]

  • JSON tests. [Alexandre Dulaunoy]

Other

  • Merge pull request #178 from Wiscy-Security/main. [Alexandre Dulaunoy]

    Added new warninglist for Stackpath CDN

  • Add stackpath to generate_all.sh script. [Kevin Holvoet]

  • Gave execute permissions to generate_phone_numbers.py. [Kevin Holvoet]

  • Created new Stackpath CDN IP list. [Kevin Holvoet]

  • Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]

  • Merge pull request #176 from przemekzny/patch-1. [Alexandre Dulaunoy]

    Update list.json

  • Update list.json. [przemekzny]

    Added domains of PKO Bank Polski S.A.

  • Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy]

  • Merge pull request #173 from DocArmoryTech/patch-1. [Alexandre Dulaunoy]

    Added Neo23x0/ti-falsepositive warninglist

  • Corrected version number to one. [Cormac Doherty]

  • Jq all the things. [Cormac Doherty]

  • Added Neo23x0/ti-falsepositive warninglist. [DocArmoryTech]

    Neo23x0:Neo23x0/ti-falsepositive is a "hash generator for typical false positive hashes".

    This warninglist was generated using a modified version of the generator (see: DocArmoryTech:DocArmoryTech-mispwl)

    python3 ./fp-hashes.py > list.json

  • Merge pull request #172 from pettai/Fastly. [Alexandre Dulaunoy]

    Add Fastly IPs

  • Add Fastly IPs. [pettai]

    Add all Fastlys IP addresses

  • Merge pull request #170 from chrisr3d/main. [Alexandre Dulaunoy]

    Added a few more entries to the phone numbers warninglist

  • Add: A few more phone numbers regexes. [chrisr3d]

  • Add: Added regexes for the american fictitious numbers in the list. [chrisr3d]

  • Merge pull request #168 from chrisr3d/main. [Alexandre Dulaunoy]

    New warning list for unattributed phone numbers

  • Add: Added phone num...

Read more
Assets 2
Loading