From be64251a3ca40a6a1e3234d41f0663459e0953fa Mon Sep 17 00:00:00 2001 From: Bert-Janp Date: Sat, 6 Jan 2024 21:59:05 +0100 Subject: [PATCH] BlockList DE Update --- README.md | 4 ++-- Scripts/StatisticsTable.md | 2 +- ThreatIntelFeeds.csv | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e4f0300..ba9723a 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ The content is served as is. When using the content in a business environment th | Category | Count | | --- | --- | | DNS | 13 | -| IP | 66 | +| IP | 67 | | MD5 | 10 | | SHA1 | 3 | | SHA256 | 7 | @@ -23,7 +23,6 @@ The content is served as is. When using the content in a business environment th | URL | 22 | | CVEID | 4 | - # Combine Threat Intel in your EDR and SIEM The feeds available in this repository can be used to perform threat hunting in your EDR or SIEM solution to hunt for malicious activity. For Defender For Endpoint and Sentinel, some KQL hunting rules have already been written to be implemented in your EDR or SIEM. See: [KQL Hunting Queries](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/tree/main/Threat%20Hunting) @@ -92,6 +91,7 @@ Terms of Service: https://sslbl.abuse.ch/blacklist/, https://feodotracker.abuse. - https://lists.blocklist.de/lists/bots.txt - https://lists.blocklist.de/lists/bruteforcelogin.txt - https://lists.blocklist.de/lists/strongips.txt +- https://lists.blocklist.de/lists/ftp.txt Terms of Service: https://www.blocklist.de/en/index.html diff --git a/Scripts/StatisticsTable.md b/Scripts/StatisticsTable.md index af29bf0..9cb7db9 100644 --- a/Scripts/StatisticsTable.md +++ b/Scripts/StatisticsTable.md @@ -1,7 +1,7 @@ | Category | Count | | --- | --- | | DNS | 13 | -| IP | 66 | +| IP | 67 | | MD5 | 10 | | SHA1 | 3 | | SHA256 | 7 | diff --git a/ThreatIntelFeeds.csv b/ThreatIntelFeeds.csv index 59c8d37..6bd5961 100644 --- a/ThreatIntelFeeds.csv +++ b/ThreatIntelFeeds.csv @@ -124,4 +124,5 @@ DigitalSide Threat-Intel;DigitalSide Threat-Intel DNS last 7 days;DNS;https://os virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) via CDN;DNS;https://nocdn.nrd-list.com/0/nrd-list-32-days.txt virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) direct;DNS;https://nocdn.threat-list.com/0/domains.txt virtualfabric;Adblock Plus Filter List (adguard. adguardhome, ublockorigin, adblockplus, adnauseum, adblock, opera, vivaldi);DNS;https://nocdn.threat-list.com/1/domains.txt -CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json \ No newline at end of file +CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json +Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks on the service FTP.;IP;https://lists.blocklist.de/lists/ftp.txt \ No newline at end of file