Threat Intelligence Feeds

[scafroglia93]

Enjoy

https://github.com/scafroglia93/blocklists

[SkewedZeppelin]

Hi!

Hypatia works on file hashes, not on domains.

But I have a project for that too! https://divested.dev/pages/dnsbl

And I already uses your lists 🙂 https://github.com/divestedcg/Simple_Hosts_Merger/blob/master/blocklists-nc.txt#L135-L151

Seems you've added a license and more lists, I can move them over to the regular not-nc-only list. Thanks!

[scafroglia93]

I need to figure out if I can insert the hashes into the lists

[SkewedZeppelin]

This repo already tracks many of those blogs/sources: https://raw.githubusercontent.com/Neo23x0/signature-base/master/iocs/hash-iocs.txt

I have some more I'll push to a new repo soon

[SkewedZeppelin]

Latest combined list now includes all of your lists: divestedcg/Simple_Hosts_Merger@af6a65e

Thank you!

[scafroglia93]

Is it a problem if I use the lists with domains to insert IP and hash?

do you need a separate thing?

[SkewedZeppelin]

nah, your lists your rules: keep whatever works best/easiest for yourself first

my simple hosts merger already has regex for domain matching and should filter anything else out correctly, and the hypatia merger has hexadecimal hash matching regex too, so they should both work just fine and I can always adjust them if necessary

[scafroglia93]

I can proceed with entering the IP and hash without causing problems for other lists.

Is there a specific format for adding hash and ip ?

is this correct for you ?

scafroglia93/blocklists@1fda4f7

[SkewedZeppelin]

I think everyone just makes up their own format :)

What you have works just fine

[scafroglia93]

Microsoft Threat List Is ready the other in the next day

You can use it

[scafroglia93]

Let me know so I can proceed with the additions

telegram -> @scafroglia93

[SkewedZeppelin]

I've added them 🚀

Stats: https://divested.dev/MalwareScannerSignatures/
Processor update: f02e355

	blocklists-microsoft.txt
		md5: 0, sha1: 0, sha256: 15
	blocklists-qianxin.txt
		md5: 14, sha1: 0, sha256: 0
	blocklists-tag.txt
		md5: 0, sha1: 0, sha256: 9

[scafroglia93]

Nice let's do it

[scafroglia93]

It's work

I hope to be useful for the project

[SkewedZeppelin]

Thank you again @scafroglia93 🙂

[scafroglia93]

[securiteinfo]

[SkewedZeppelin]

@scafroglia93 I suspect those are released under a restrictive license and can't be used.

I emailed them a few years ago for permission to no response.

[scafroglia93]

You can use it without mention LOL

[scafroglia93]

Last questione -> it's possible download the signature for clamav ?

[SkewedZeppelin]

@scafroglia93 previously yes, but now no: the generated database is a serialized Guava bloom filter Java object processed on server side to reduce the download amount and speedup app loading

[scafroglia93]

I'm redoing the repo; Can you reset the indicators you currently have?

[SkewedZeppelin]

I froze my copy to 526b3922ee0e59a99123829acbdb296386f66840

[scafroglia93]

You can use fresh source

I'm working on it now

It's better format that i found some missed entries related to the new assestment

[scafroglia93]

Source are now ok, you can reset and follow the actual git history

thanks