MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [dga] Include the improvements from @danielplohmann

pull/245/head
Alexandre Dulaunoy 2022-05-13 09:25:24 +02:00
parent a71490fab7
commit 98443dbe30
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MANIFEST.json
View File

@ -201,7 +201,7 @@
{
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
"name": "dga",
"version": 1
"version": 2
},
{
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
@ -700,5 +700,5 @@
}
],
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
"version": "20220512"
"version": "20220513"
}

14
dga/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "dga",
"expanded": "Domain-Generation Algorithms",
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
"version": 1,
"version": 2,
"predicates": [
{
"value": "generation-scheme",
@ -44,11 +44,19 @@
"entry": [
{
"value": "time-dependent",
"expanded": "Time dependent"
"expanded": "The DGA uses temporal information in the seeding for its domain generation, resulting in sets of domains with certain validity time spans."
},
{
"value": "time-independent",
"expanded": "The DGA does not rely on temporal information in the seeding for its domain generation, resulting in a single set of domains."
},
{
"value": "deterministic",
"expanded": "Deterministic"
"expanded": "Given the implementation of the DGA and a seed, its full set of possible domains can be calculated at any point in time."
},
{
"value": "non-deterministic",
"expanded": "Domains depend on unpredictable seed input, e.g. on external dynamic information that can be published at a later time (e.g. via posting on social media), on data specific to the system it is executed on, or on arbitrary non-predictable PRNG output."
}
]
}