Added new script to fetch windows binary hashes and add them to warninglist

[akshayjain-1]

Summary
This PR adds a new warning list for Windows binary hashes using data from the winbindex project. This helps prevent false positives when Windows system file hashes are flagged in threat intelligence feeds.

Changes

• Added generate-windows-binary-hashes.py generator script
• Generates list.json with SHA256 hashes of known Windows binaries

In threat intelligence and incident response, file hashes (particularly SHA256) are commonly used as Indicators of Compromise (IoCs). However, legitimate Windows system files frequently appear in threat feeds, causing false positives that waste analyst time and reduce trust in automated detections.

The winbindex project by m417z is a comprehensive, continuously updated database that tracks Windows binaries across all major Windows versions and builds.

By implementing this warning list, organizations using MISP for threat intelligence can significantly improve their signal-to-noise ratio, making their security operations more efficient and effective.

@adulau would love to hear your thoughts and feedback on this!

[adulau]

Thanks a lot. This looks like a great idea and contribution. I'll review it. I'm curious about the matches between this dataset and hashlookup.io ;-)

[akshayjain-1]

Thanks a lot. This looks like a great idea and contribution. I'll review it. I'm curious about the matches between this dataset and hashlookup.io ;-)

Pretty curious myself. based on my understanding, winbindex pulls data from Microsoft public symbol server and Virustotal whereas hashlookup-gui integrates the CIRCL API.

Looking forward to your review on that

[akshayjain-1]

Hello @adulau wanted to check in if you had the time to review it,