new: [dga] First version of the DGA taxonomy based on https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_plohmann.pdf
A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann, Fraunhofer FKIE; Khaled Yakdan, University of Bonn; Michael Klatt, DomainTools; Johannes Bader; Elmar Gerhards-Padilla, Fraunhofer FKIEpull/245/head
parent
259752b073
commit
a71490fab7
|
@ -89,7 +89,7 @@
|
||||||
"version": 5
|
"version": 5
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital.",
|
"description": "La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital del Perú.",
|
||||||
"name": "cnsd",
|
"name": "cnsd",
|
||||||
"version": 20220426
|
"version": 20220426
|
||||||
},
|
},
|
||||||
|
@ -198,6 +198,11 @@
|
||||||
"name": "deception",
|
"name": "deception",
|
||||||
"version": 1
|
"version": 1
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
|
||||||
|
"name": "dga",
|
||||||
|
"version": 1
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
|
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
|
||||||
"name": "dhs-ciip-sectors",
|
"name": "dhs-ciip-sectors",
|
||||||
|
@ -695,5 +700,5 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
|
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
|
||||||
"version": "20220505"
|
"version": "20220512"
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
{
|
||||||
|
"namespace": "dga",
|
||||||
|
"expanded": "Domain-Generation Algorithms",
|
||||||
|
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
|
||||||
|
"version": 1,
|
||||||
|
"predicates": [
|
||||||
|
{
|
||||||
|
"value": "generation-scheme",
|
||||||
|
"expanded": "Generation scheme used for the DGA"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "seeding",
|
||||||
|
"expanded": "Seeding scheme used for the DGA"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"predicate": "generation-scheme",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "arithmetic",
|
||||||
|
"expanded": "Arithmetic",
|
||||||
|
"description": "Calculate a sequence of values that either have a direct ASCII representation usable for a domain name or designate an offset in one or more hard- coded arrays, constituting the alphabet of the DGA. "
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "hash",
|
||||||
|
"expanded": "Hash",
|
||||||
|
"description": "Use the hexdigest representation of a hash to produce the domain."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "wordlist",
|
||||||
|
"expanded": "Wordlist",
|
||||||
|
"description": " Concatenate a sequence of words from one or more wordlists, resulting in less randomly appealing and thus more camouflaging domains"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "permutation",
|
||||||
|
"expanded": "Permutation",
|
||||||
|
"description": "derive all possible AGDs (Algorithmically-Generated Domain) through permutation of an initial domain name."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "seeding",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "time-dependent",
|
||||||
|
"expanded": "Time dependent"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "deterministic",
|
||||||
|
"expanded": "Deterministic"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue