chg: Add script to make lists unique, and sort the keys.

Update covid lists.
MISP · Apr 3, 2020 · 300d823 · 300d823
1 parent bad8b17
commit 300d823
Show file tree

Hide file tree

Showing 49 changed files with 18,035 additions and 18,035 deletions.
diff --git a/jq_all_the_things.sh b/jq_all_the_things.sh
@@ -7,7 +7,7 @@ set -x
 
 for dir in lists/*/list.json
 do
-    cat ${dir} | jq . | sponge ${dir}
+    cat ${dir} | jq -S . | sponge ${dir}
 done
 
-cat schema.json | jq . | sponge schema.json
+cat schema.json | jq -S . | sponge schema.json
diff --git a/lists/alexa/list.json b/lists/alexa/list.json
@@ -1,8 +1,5 @@
 {
   "description": "Event contains one or more entries from the top 1000 of the most used website (Alexa).",
-  "version": 20190424,
-  "name": "Top 1000 website from Alexa",
-  "type": "hostname",
   "list": [
     "104.com.tw",
     "11st.co.kr",
@@ -1008,5 +1005,8 @@
   "matching_attributes": [
     "hostname",
     "domain"
-  ]
+  ],
+  "name": "Top 1000 website from Alexa",
+  "type": "hostname",
+  "version": 20190424
 }
diff --git a/lists/amazon-aws/list.json b/lists/amazon-aws/list.json
@@ -1,8 +1,5 @@
 {
-  "name": "List of known Amazon AWS IP address ranges",
-  "version": 20200210,
   "description": "Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)",
-  "type": "cidr",
   "list": [
     "100.20.0.0/14",
     "100.24.0.0/13",
@@ -1695,5 +1692,8 @@
     "ip-src",
     "ip-dst",
     "domain|ip"
-  ]
+  ],
+  "name": "List of known Amazon AWS IP address ranges",
+  "type": "cidr",
+  "version": 20200210
 }
diff --git a/lists/automated-malware-analysis/list.json b/lists/automated-malware-analysis/list.json
@@ -1,40 +1,40 @@
 {
-  "name": "List of known domains used by automated malware analysis services & security vendors",
-  "version": 5,
   "description": "Domains used by automated malware analysis services & security vendors",
-  "type": "substring",
-  "matching_attributes": [
-    "domain",
-    "hostname",
-    "domain|ip",
-    "url"
-  ],
   "list": [
-    "virustotal.com",
-    "malwr.com",
-    "hybrid-analysis.com",
-    "emergingthreats.net",
-    "joesandbox.com",
+    "akana.mobiseclab.org",
+    "analyze.intezer.com",
     "anlyz.io",
+    "app.any.run",
+    "app.sndbox.com",
+    "cape.contextis.com",
+    "capesandbox.com",
+    "carbonblack.com",
     "detux.org",
-    "akana.mobiseclab.org",
-    "sandbox.pikker.ee",
-    "www.threatexpert.com",
-    "www.vicheck.ca",
-    "reverse.it",
+    "emergingthreats.net",
+    "hybrid-analysis.com",
+    "jevereg.amnpardaz.com",
+    "joesandbox.com",
+    "koodous.com",
+    "malwr.com",
     "mcafee.com",
-    "symantec.com",
+    "reverse.it",
+    "sandbox.pikker.ee",
+    "sanddroid.xjtu.edu.cn",
     "securelist.com",
-    "carbonblack.com",
-    "app.any.run",
-    "cape.contextis.com",
+    "symantec.com",
     "tria.ge",
-    "koodous.com",
     "undroid.av-comparatives.org",
-    "sanddroid.xjtu.edu.cn",
-    "jevereg.amnpardaz.com",
-    "analyze.intezer.com",
-    "app.sndbox.com",
-    "capesandbox.com"
-  ]
+    "virustotal.com",
+    "www.threatexpert.com",
+    "www.vicheck.ca"
+  ],
+  "matching_attributes": [
+    "domain",
+    "hostname",
+    "domain|ip",
+    "url"
+  ],
+  "name": "List of known domains used by automated malware analysis services & security vendors",
+  "type": "substring",
+  "version": 5
 }
diff --git a/lists/bank-website/list.json b/lists/bank-website/list.json
@@ -1,13 +1,5 @@
 {
-  "name": "List of known bank domains",
-  "version": 2,
   "description": "Event contains one or more entries of known banking website",
-  "matching_attributes": [
-    "domain",
-    "hostname",
-    "domain|ip"
-  ],
-  "type": "hostname",
   "list": [
     ".02bancorp.com",
     ".1822direkt.com",
@@ -1501,8 +1493,8 @@
     ".spk-suedholstein.de",
     ".spk-vorpommern.de",
     ".spk-westholstein.de",
-    ".spkhb.de",
     ".spkef.is",
+    ".spkhb.de",
     ".ssbia.com",
     ".ssbnd.com",
     ".ssbnet.com",
@@ -1763,5 +1755,13 @@
     ".zionsbank.com",
     ".ziraatbank.de",
     ".zvezabank.at"
-  ]
+  ],
+  "matching_attributes": [
+    "domain",
+    "hostname",
+    "domain|ip"
+  ],
+  "name": "List of known bank domains",
+  "type": "hostname",
+  "version": 2
 }
diff --git a/lists/cisco_top1000/list.json b/lists/cisco_top1000/list.json
@@ -1,9 +1,4 @@
 {
-  "matching_attributes": [
-    "hostname",
-    "domain",
-    "domain|ip"
-  ],
   "description": "Event contains one or more entries from the top 1000 of the most used website (Cisco Umbrella).",
   "list": [
     "0.client-channel.google.com",
@@ -1007,7 +1002,12 @@
     "z.moatads.com",
     "zemanta.com"
   ],
-  "version": 20190309,
+  "matching_attributes": [
+    "hostname",
+    "domain",
+    "domain|ip"
+  ],
+  "name": "Top 1000 website from Cisco Umbrella",
   "type": "hostname",
-  "name": "Top 1000 website from Cisco Umbrella"
+  "version": 20190309
 }
diff --git a/lists/cloudflare/list.json b/lists/cloudflare/list.json
@@ -1,34 +1,34 @@
 {
+  "description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)",
   "list": [
-    "188.114.96.0/20",
-    "2405:8100::/32",
-    "2c0f:f248::/32",
-    "190.93.240.0/20",
-    "173.245.48.0/20",
     "103.21.244.0/22",
+    "103.22.200.0/22",
+    "103.31.4.0/22",
     "104.16.0.0/12",
-    "2606:4700::/32",
-    "2803:f800::/32",
-    "2400:cb00::/32",
+    "108.162.192.0/18",
+    "131.0.72.0/22",
     "141.101.64.0/18",
-    "198.41.128.0/17",
+    "162.158.0.0/15",
     "172.64.0.0/13",
-    "108.162.192.0/18",
+    "173.245.48.0/20",
+    "188.114.96.0/20",
+    "190.93.240.0/20",
     "197.234.240.0/22",
+    "198.41.128.0/17",
+    "2400:cb00::/32",
+    "2405:8100::/32",
     "2405:b500::/32",
-    "103.31.4.0/22",
-    "131.0.72.0/22",
+    "2606:4700::/32",
+    "2803:f800::/32",
     "2a06:98c0::/29",
-    "162.158.0.0/15",
-    "103.22.200.0/22"
+    "2c0f:f248::/32"
   ],
-  "type": "cidr",
   "matching_attributes": [
     "ip-dst",
     "ip-src",
     "domain|ip"
   ],
   "name": "List of known Cloudflare IP ranges",
-  "version": 20200210,
-  "description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)"
+  "type": "cidr",
+  "version": 20200210
 }
diff --git a/lists/common-contact-emails/list.json b/lists/common-contact-emails/list.json
@@ -1,14 +1,14 @@
 {
-  "name": "Common contact e-mail addresses",
-  "version": 20200226,
   "description": "A list of commonly used abuse and contact e-mail addresses, including the ones denoted in RFC2142.",
-  "type": "regex",
   "list": [
     "/^(security|noc|soc|abuse)\\@.*\\..*$/i"
   ],
   "matching_attributes": [
     "email-dst",
     "email-src",
     "target-email"
-  ]
+  ],
+  "name": "Common contact e-mail addresses",
+  "type": "regex",
+  "version": 20200226
 }