MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [threats-to-dns] New taxonomy threats to DNS 

An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing
Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614

As seen during FIRSTCON19
pull/150/head
Alexandre Dulaunoy 2019-06-21 08:58:14 +02:00
parent 8650ff0c05
commit 00c06dc0de
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 135 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
MANIFEST.json
View File

@ -464,11 +464,16 @@
"version": 1,
"name": "retention",
"description": "Retention taxonomy to describe the retention period of the tagged information."
},
{
"version": 1,
"name": "threats-to-dns",
"description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 11. doi:10.1109/comst.2018.2849614"
}
],
"path": "machinetag.json",
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
"description": "Manifest file of MISP taxonomies available.",
"license": "CC-0",
"version": "20190617"
"version": "20190621"
}

129
threats-to-dns/machinetag.json Normal file
View File

@ -0,0 +1,129 @@
{
"namespace": "threats-to-dns",
"expanded": "Threats to DNS",
"description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 11. doi:10.1109/comst.2018.2849614",
"version": 1,
"predicates": [
{
"value": "dns-protocol-attacks",
"description": "DNS protocol attacks",
"expanded": "DNS protocol attacks"
},
{
"value": "dns-server-attacks",
"description": "DNS server attacks",
"expanded": "DNS server attacks"
},
{
"value": "dns-abuse-or-misuse",
"description": "DNS abuse/misuse"
}
],
"values": [
{
"predicate": "dns-protocol-attacks",
"entry": [
{
"value": "man-in-the-middle-attack",
"expanded": "Man-in-the-middle attack",
"description": "Man-in-the-middle attack"
},
{
"value": "dns-spoofing",
"expanded": "DNS spoofing",
"description": "DNS spoofing"
},
{
"value": "dns-rebinding",
"expanded": "DNS rebinding",
"description": "DNS rebinding"
}
]
},
{
"predicate": "dns-server-attacks",
"entry": [
{
"value": "server-dos-and-ddos",
"expanded": "Server DoS & DDoS",
"description": "Server DoS & DDoS"
},
{
"value": "server-hijacking",
"expanded": "Server hijacking",
"description": "Server hijacking"
},
{
"value": "cache-poisoning",
"expanded": "Cache poisoning",
"description": "Cache poisoning"
}
]
},
{
"predicate": "dns-abuse-or-misuse",
"entry": [
{
"value": "domain-name-registration-abuse-cybersquatting",
"expanded": "Domain name registration abuse such as cybersquatting",
"description": "Domain name registration abuse such as cybersquatting"
},
{
"value": "domain-name-registration-abuse-typosquatting",
"expanded": "Domain name registration abuse such as typosquatting",
"description": "Domain name registration abuse such as typosquatting"
},
{
"value": "domain-name-registration-abuse-domain-reputation-and-re-registration",
"expanded": "Domain name registration abuse as domain reputation and re-registration",
"description": "Domain name registration abuse as domain reputation and re-gistration"
},
{
"value": "dns-reflection-dns-amplification",
"expanded": "DNS reflection - DNS amplification",
"description": "DNS reflection - DNS amplification"
},
{
"value": "malicious-or-compromised-domains-ips-malicious-botnets-c2",
"expanded": "Malicious or compromised domains/IPs - Malicious botnets (C&C servers)",
"description": "Malicious or compromised domains/IPs - Malicious botnets (C&C servers)"
},
{
"value": "malicious-or-compromised-domains-ips-fast-flux-domains",
"expanded": "Malicious or compromised domains/IPs - Malicious fast-flux domain & networks",
"description": "Malicious or compromised domains/IPs - Malicious fast-flux domain & networks"
},
{
"value": "malicious-or-compromised-domains-ips-malicious-dgas",
"expanded": "Malicious or compromised domains/IPs - Malicious DGAs",
"description": "Malicious or compromised domains/IPs - Malicious DGAs"
},
{
"value": "covert-channels-malicious-dns-tunneling",
"expanded": "Covert channels - Malicious DNS tunneling",
"description": "Covert channels - Malicious DNS tunneling"
},
{
"value": "covert-channels-malicious-payload-distribution",
"expanded": "Covert channels - Malicious DNS tunneling",
"description": "Covert channels - Malicious DNS tunneling"
},
{
"value": "benign-services-applications-malicious-dns-resolvers",
"expanded": "Benign services and applications - Malicious DNS resolvers",
"description": "Benign services and applications - Malicious DNS resolvers"
},
{
"value": "benign-services-applications-malicious-scanners",
"expanded": "Benign services and applications - Malicious scanners",
"description": "Benign services and applications - Malicious scanners"
},
{
"value": "benign-services-applications-url-shorteners",
"expanded": "Benign services and applications - URL shorteners",
"description": "Benign services and applications - URL shorteners"
}
]
}
]
}