diff --git a/README.md b/README.md index e4f0300..ba9723a 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ The content is served as is. When using the content in a business environment th | Category | Count | | --- | --- | | DNS | 13 | -| IP | 66 | +| IP | 67 | | MD5 | 10 | | SHA1 | 3 | | SHA256 | 7 | @@ -23,7 +23,6 @@ The content is served as is. When using the content in a business environment th | URL | 22 | | CVEID | 4 | - # Combine Threat Intel in your EDR and SIEM The feeds available in this repository can be used to perform threat hunting in your EDR or SIEM solution to hunt for malicious activity. For Defender For Endpoint and Sentinel, some KQL hunting rules have already been written to be implemented in your EDR or SIEM. See: [KQL Hunting Queries](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/tree/main/Threat%20Hunting) @@ -92,6 +91,7 @@ Terms of Service: https://sslbl.abuse.ch/blacklist/, https://feodotracker.abuse. - https://lists.blocklist.de/lists/bots.txt - https://lists.blocklist.de/lists/bruteforcelogin.txt - https://lists.blocklist.de/lists/strongips.txt +- https://lists.blocklist.de/lists/ftp.txt Terms of Service: https://www.blocklist.de/en/index.html diff --git a/Scripts/StatisticsTable.md b/Scripts/StatisticsTable.md index af29bf0..9cb7db9 100644 --- a/Scripts/StatisticsTable.md +++ b/Scripts/StatisticsTable.md @@ -1,7 +1,7 @@ | Category | Count | | --- | --- | | DNS | 13 | -| IP | 66 | +| IP | 67 | | MD5 | 10 | | SHA1 | 3 | | SHA256 | 7 | diff --git a/ThreatIntelFeeds.csv b/ThreatIntelFeeds.csv index 59c8d37..6bd5961 100644 --- a/ThreatIntelFeeds.csv +++ b/ThreatIntelFeeds.csv @@ -124,4 +124,5 @@ DigitalSide Threat-Intel;DigitalSide Threat-Intel DNS last 7 days;DNS;https://os virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) via CDN;DNS;https://nocdn.nrd-list.com/0/nrd-list-32-days.txt virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) direct;DNS;https://nocdn.threat-list.com/0/domains.txt virtualfabric;Adblock Plus Filter List (adguard. adguardhome, ublockorigin, adblockplus, adnauseum, adblock, opera, vivaldi);DNS;https://nocdn.threat-list.com/1/domains.txt -CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json \ No newline at end of file +CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json +Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks on the service FTP.;IP;https://lists.blocklist.de/lists/ftp.txt \ No newline at end of file