BlockList DE Update

Bert-JanP · Jan 6, 2024 · be64251 · be64251
1 parent 02681ed
commit be64251
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -15,15 +15,14 @@ The content is served as is. When using the content in a business environment th
 | Category | Count |
 | --- | --- |
 | DNS | 13 |
-| IP | 66 |
+| IP | 67 |
 | MD5 | 10 |
 | SHA1 | 3 |
 | SHA256 | 7 |
 | SSL | 1 |
 | URL | 22 |
 | CVEID | 4 |
 
-
 # Combine Threat Intel in your EDR and SIEM
 The feeds available in this repository can be used to perform threat hunting in your EDR or SIEM solution to hunt for malicious activity. For Defender For Endpoint and Sentinel, some KQL hunting rules have already been written to be implemented in your EDR or SIEM. See: [KQL Hunting Queries](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/tree/main/Threat%20Hunting)
 
@@ -92,6 +91,7 @@ Terms of Service: https://sslbl.abuse.ch/blacklist/, https://feodotracker.abuse.
 - https://lists.blocklist.de/lists/bots.txt
 - https://lists.blocklist.de/lists/bruteforcelogin.txt
 - https://lists.blocklist.de/lists/strongips.txt
+- https://lists.blocklist.de/lists/ftp.txt
 
 Terms of Service: https://www.blocklist.de/en/index.html
 

diff --git a/Scripts/StatisticsTable.md b/Scripts/StatisticsTable.md
@@ -1,7 +1,7 @@
 | Category | Count |
 | --- | --- |
 | DNS | 13 |
-| IP | 66 |
+| IP | 67 |
 | MD5 | 10 |
 | SHA1 | 3 |
 | SHA256 | 7 |

diff --git a/ThreatIntelFeeds.csv b/ThreatIntelFeeds.csv
@@ -124,4 +124,5 @@ DigitalSide Threat-Intel;DigitalSide Threat-Intel DNS last 7 days;DNS;https://os
 virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) via CDN;DNS;https://nocdn.nrd-list.com/0/nrd-list-32-days.txt
 virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) direct;DNS;https://nocdn.threat-list.com/0/domains.txt
 virtualfabric;Adblock Plus Filter List (adguard. adguardhome, ublockorigin, adblockplus, adnauseum, adblock, opera, vivaldi);DNS;https://nocdn.threat-list.com/1/domains.txt
-CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
+CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
+Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks on the service FTP.;IP;https://lists.blocklist.de/lists/ftp.txt