From 04346a815e65af80fe214da1e5609d4166d0bbd0 Mon Sep 17 00:00:00 2001
From: Still Hsu <dev@stillu.cc>
Date: Thu, 4 Jan 2024 12:43:38 +0800
Subject: [PATCH 1/2] Add additional links for known IP obtaining services

Signed-off-by: Still Hsu <dev@stillu.cc>
---
 collection/network/capture-public-ip.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/collection/network/capture-public-ip.yml b/collection/network/capture-public-ip.yml
index fa3fdea7..bd8ec81b 100644
--- a/collection/network/capture-public-ip.yml
+++ b/collection/network/capture-public-ip.yml
@@ -4,6 +4,7 @@ rule:
     namespace: collection/network
     authors:
       - "@_re_fox"
+      - "still@teamt5.org"
     scopes:
       static: function
       dynamic: thread
@@ -11,6 +12,7 @@ rule:
       - Discovery::System Network Configuration Discovery [T1016]
     examples:
       - 84f1b049fa8962b215a77f51af6714b3:0x100061e5
+      - 6d952a7e66bc63b72c9a3d10ef28e3f2
   features:
     - and:
       - api: InternetOpen
@@ -28,3 +30,10 @@ rule:
         - substring: "wtfismyip.com/text"
         - substring: "api.myip.com"
         - substring: "ip-api.com/line"
+        - substring: "ip.tool.chinaz.com"
+        - substring: "1234i.com"
+        - substring: "ip138.com"
+        - substring: "myip.com.tw"
+        - substring: "taobao.com/help/getip.php"
+        - substring: "chaipip.com"
+        - substring: "sojson.com/ip"

From e5b5f4d658a61500ba324ba6dcfbf446b5c7532f Mon Sep 17 00:00:00 2001
From: Still / Azaka <dev@stillu.cc>
Date: Thu, 4 Jan 2024 16:19:17 +0800
Subject: [PATCH 2/2] Update capture-public-ip.yml

---
 collection/network/capture-public-ip.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/collection/network/capture-public-ip.yml b/collection/network/capture-public-ip.yml
index bd8ec81b..568cd62a 100644
--- a/collection/network/capture-public-ip.yml
+++ b/collection/network/capture-public-ip.yml
@@ -12,7 +12,7 @@ rule:
       - Discovery::System Network Configuration Discovery [T1016]
     examples:
       - 84f1b049fa8962b215a77f51af6714b3:0x100061e5
-      - 6d952a7e66bc63b72c9a3d10ef28e3f2
+      - 6d952a7e66bc63b72c9a3d10ef28e3f2:0x0050e7b6
   features:
     - and:
       - api: InternetOpen