A Comprehensive Measurement Study
of Domain Generating Malware
Daniel Plohmann, Fraunhofer FKIE; Khaled Yakdan, University of Bonn;
Michael Klatt, DomainTools; Johannes Bader; Elmar Gerhards-Padilla, Fraunhofer FKIE
pull/245/head
Alexandre Dulaunoy 2022-05-12 16:40:44 +02:00
parent 259752b073
commit a71490fab7
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 63 additions and 2 deletions

View File

@ -89,7 +89,7 @@
"version": 5 "version": 5
}, },
{ {
"description": "La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital.", "description": "La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital del Perú.",
"name": "cnsd", "name": "cnsd",
"version": 20220426 "version": 20220426
}, },
@ -198,6 +198,11 @@
"name": "deception", "name": "deception",
"version": 1 "version": 1
}, },
{
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
"name": "dga",
"version": 1
},
{ {
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors", "description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
"name": "dhs-ciip-sectors", "name": "dhs-ciip-sectors",
@ -695,5 +700,5 @@
} }
], ],
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
"version": "20220505" "version": "20220512"
} }

56
dga/machinetag.json Normal file
View File

@ -0,0 +1,56 @@
{
"namespace": "dga",
"expanded": "Domain-Generation Algorithms",
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
"version": 1,
"predicates": [
{
"value": "generation-scheme",
"expanded": "Generation scheme used for the DGA"
},
{
"value": "seeding",
"expanded": "Seeding scheme used for the DGA"
}
],
"values": [
{
"predicate": "generation-scheme",
"entry": [
{
"value": "arithmetic",
"expanded": "Arithmetic",
"description": "Calculate a sequence of values that either have a direct ASCII representation usable for a domain name or designate an offset in one or more hard- coded arrays, constituting the alphabet of the DGA. "
},
{
"value": "hash",
"expanded": "Hash",
"description": "Use the hexdigest representation of a hash to produce the domain."
},
{
"value": "wordlist",
"expanded": "Wordlist",
"description": " Concatenate a sequence of words from one or more wordlists, resulting in less randomly appealing and thus more camouflaging domains"
},
{
"value": "permutation",
"expanded": "Permutation",
"description": "derive all possible AGDs (Algorithmically-Generated Domain) through permutation of an initial domain name."
}
]
},
{
"predicate": "seeding",
"entry": [
{
"value": "time-dependent",
"expanded": "Time dependent"
},
{
"value": "deterministic",
"expanded": "Deterministic"
}
]
}
]
}