misp-taxonomies/threats-to-dns/machinetag.json

130 lines
4.9 KiB
JSON
Raw Normal View History

{
"namespace": "threats-to-dns",
"expanded": "Threats to DNS",
"description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 11. doi:10.1109/comst.2018.2849614",
"version": 1,
"predicates": [
{
"value": "dns-protocol-attacks",
"description": "DNS protocol attacks",
"expanded": "DNS protocol attacks"
},
{
"value": "dns-server-attacks",
"description": "DNS server attacks",
"expanded": "DNS server attacks"
},
{
"value": "dns-abuse-or-misuse",
"description": "DNS abuse/misuse"
}
],
"values": [
{
"predicate": "dns-protocol-attacks",
"entry": [
{
"value": "man-in-the-middle-attack",
"expanded": "Man-in-the-middle attack",
"description": "Man-in-the-middle attack"
},
{
"value": "dns-spoofing",
"expanded": "DNS spoofing",
"description": "DNS spoofing"
},
{
"value": "dns-rebinding",
"expanded": "DNS rebinding",
"description": "DNS rebinding"
}
]
},
{
"predicate": "dns-server-attacks",
"entry": [
{
"value": "server-dos-and-ddos",
"expanded": "Server DoS & DDoS",
"description": "Server DoS & DDoS"
},
{
"value": "server-hijacking",
"expanded": "Server hijacking",
"description": "Server hijacking"
},
{
"value": "cache-poisoning",
"expanded": "Cache poisoning",
"description": "Cache poisoning"
}
]
},
{
"predicate": "dns-abuse-or-misuse",
"entry": [
{
"value": "domain-name-registration-abuse-cybersquatting",
"expanded": "Domain name registration abuse such as cybersquatting",
"description": "Domain name registration abuse such as cybersquatting"
},
{
"value": "domain-name-registration-abuse-typosquatting",
"expanded": "Domain name registration abuse such as typosquatting",
"description": "Domain name registration abuse such as typosquatting"
},
{
"value": "domain-name-registration-abuse-domain-reputation-and-re-registration",
"expanded": "Domain name registration abuse as domain reputation and re-registration",
"description": "Domain name registration abuse as domain reputation and re-gistration"
},
{
"value": "dns-reflection-dns-amplification",
"expanded": "DNS reflection - DNS amplification",
"description": "DNS reflection - DNS amplification"
},
{
"value": "malicious-or-compromised-domains-ips-malicious-botnets-c2",
"expanded": "Malicious or compromised domains/IPs - Malicious botnets (C&C servers)",
"description": "Malicious or compromised domains/IPs - Malicious botnets (C&C servers)"
},
{
"value": "malicious-or-compromised-domains-ips-fast-flux-domains",
"expanded": "Malicious or compromised domains/IPs - Malicious fast-flux domain & networks",
"description": "Malicious or compromised domains/IPs - Malicious fast-flux domain & networks"
},
{
"value": "malicious-or-compromised-domains-ips-malicious-dgas",
"expanded": "Malicious or compromised domains/IPs - Malicious DGAs",
"description": "Malicious or compromised domains/IPs - Malicious DGAs"
},
{
"value": "covert-channels-malicious-dns-tunneling",
"expanded": "Covert channels - Malicious DNS tunneling",
"description": "Covert channels - Malicious DNS tunneling"
},
{
"value": "covert-channels-malicious-payload-distribution",
"expanded": "Covert channels - Malicious DNS tunneling",
"description": "Covert channels - Malicious DNS tunneling"
},
{
"value": "benign-services-applications-malicious-dns-resolvers",
"expanded": "Benign services and applications - Malicious DNS resolvers",
"description": "Benign services and applications - Malicious DNS resolvers"
},
{
"value": "benign-services-applications-malicious-scanners",
"expanded": "Benign services and applications - Malicious scanners",
"description": "Benign services and applications - Malicious scanners"
},
{
"value": "benign-services-applications-url-shorteners",
"expanded": "Benign services and applications - URL shorteners",
"description": "Benign services and applications - URL shorteners"
}
]
}
]
}