Open dnmTX opened 3 years ago
raw-data
commented
3 years ago Hi @dnmTX , thanks for reporting this, new checks were introduced for the exports, entries are gone.
If in the future, it happens again, there is not need to open a new issue, just comment here and we follow-up in this same space.
dnmTX
commented
3 years ago @raw-data false-positive,to your attention:
"2021-09-02","2021-09-02","time.google.com","downloader","pegui,peexe32,assembly"
👍
P.S. Would suggest to reopen this issue so we know it's the one to deal with all feature invalid/false-positive entries.
raw-data
commented
3 years ago @dnmTX thank you, entry whitelisted
dnmTX
commented
2 years ago @raw-data found one 😉 :
"2021-09-26","2021-09-26","addons.mozilla.org","adware","pegui,peexe32"
Thanks as allways 👍
raw-data
commented
2 years ago @dnmTX nice catch! entry removed only from dns, and domain exports, ioc still remains for url (in general) and in the master-feed.json (for hunting / historical data)
dnmTX
commented
2 years ago @raw-data invalid for removal:
"2021-10-07","2021-10-07","0.0.0.0:10471","unknown","assembly,pegui,peexe32"
👍
raw-data
commented
2 years ago @dnmTX thx! "funny" it was a sort of edge case, not falling under the ipv4 flow, but domain part .. now it's fixed (as usual, it stays in the master-feed, as it should)
dnmTX
commented
2 years ago @raw-data to your attention:
"2022-06-30","2022-06-30","37.0.11.164:8080","downloader","peexe32,assembly,pegui"
👍
Hi again @raw-data. I've been keeping my eye so far on the domain_list and as of today there are few more invalid entries that needs to be removed and would advise you to go over your scripts,do some adjustments as well so to be filtered better:
"2021-07-22","2021-07-24","oziyjajmgohla.oziyjajmgohla","riskware","peexe32,pegui""2021-07-25","2021-07-25","abbjvbdopiz.abbjvbdopiz","clipbanker","peexe32,pegui""2021-08-18","2021-08-18","nnpwxhwvuw.nnpwxhwvuw","azorult","peexe32,pegui"Thanks as allways 👍