NATO UNCLASSIFIED

NATO Cyber Security Centre

Bulletin
Number: 2020/046 08 March 2021
Importance Implementation for
NATO CIS others
PAN/NU Rating CRITICAL MANDATORY N/A

DESCRIPTION:
NATO Identified Malware Block List (NIMBL)

SUMMARY:
The NATO Cyber Security Centre continuously detects malware and reconnaissance activity from traffic flows, Open
Sources, and Forensic analysis, NCSC maintains a list of external IP addresses that are known to be the sources of
such activity.

To raise the overall protection of NATO's networks the NCSC distributes regular bulletins providing details of these
sources of activity.

The NIMBL Bulletin will be published as required. Any conflicts arising from the application of the NIMBL should be
reported to the NCSC immediately quoting the NIMBL # associated with the IP/URL.

The NIMBL consists of 2 types of entry: IP and/or Domain. All sites are to promptly ensure these sources are blocked
for both inbound and outbound connections at the appropriate Border Protection Devices at the perimeter of their
Internet-connected networks.

To ease the implementation of the NIMBL, the NCSC publishes 3 .txt files on its NU & NS Portals for download. These
files are updated daily at 1500 CET and consist of:

CISCO NIMBL– this contains ALL IPs in the current Active NIMBL in a format suitable for CISCO Devices
Web Proxy NIMBL– this contains ALL Domains in the current Active NIMBL in a format suitable for Proxy Servers (i.e.
BlueCoats)
Master NIMBL– this contains ALL IPs/Domains in the current Active NIMBL and can be used as required

Categories listed in Reason column:

 Spam – involvement in spam activity
 Malware – malicious inbound and outbound connections, known C&C servers
 Reconnaissance – malicious scans for open ports and vulnerabilities

NS: NCSC Insight Portal - https://insight.ncirc.nato.int/secure/NIMBLs/Forms/AllItems.aspx

NU: NCSC - https://www.ncirc.nato.int

Internet: MISP (requires credentials) – Malware Information Sharing Platform

https://misp.ncirc.nato.int/events/view/1340

This bulletin is applicable on Internet connected networks only.

DETAILS:

NATO UNCLASSIFIED

1 of 2
 NATO UNCLASSIFIED

NATO Cyber Security Centre

Bulletin
Number: 2020/046 08 March 2021
Importance Implementation for
NATO CIS others
PAN/NU Rating CRITICAL MANDATORY N/A

Please ADD:

NIMBL # IP/Domain Reason

5046 91.239.130.31 RECONNAISSANCE
5047 45.155.205.177 RECONNAISSANCE

Please REMOVE:

NIMBL # IP/Domain Reason

2520 60.224.110.247 RECONNAISSANCE
2805 222.186.59.103 RECONNAISSANCE
2820 185.92.73.172 RECONNAISSANCE
3324 47.89.208.216 MALWARE
3413 70.32.0.165 RECONNAISSANCE
3501 185.53.177.20 MALWARE
3653 64.188.12.126 MALWARE
3658 18.204.210.234 RECONNAISSANCE
 The NIMBL number may not be sequential

For further information contact:

NATO Cyber Security Centre (NCSC)

NATO Communications and Information Agency
SHAPE, B-7010 Mons, Belgium
T: +32 6544 6666 NCN: 626-6666
E: [email protected] W: www.ncia.nato.int

NATO UNCLASSIFIED

2 of 2