Re: [Intelmq-dev] Classification of malware events

15 Mar 2018


      On 12.03.2018 16:43, Sebastian Wagner wrote:
...
On 2018-03-12 16:32, Thomas Hungenberg wrote:
...
I'd prefer using "infected system" as the classification type for
malware infections as this fits with the classification level of
other malicious code events.
Then we would have:
taxonomy	type			identifier
malicious code	infected system		<malware-name>
malicious code	c&c			<malware-name>
malicious code	dga domain		<malware-name>
malicious code	malware distribution	<malware-name>
malicious code	malware configuration	<malware-name>
+1 Time to clean this chaos.
We could also use "malware infection" instead of "infected system"
and probably add a "malware" prefix to "c&c" and "dga domain" as well
to make these types more precise:
taxonomy	type			identifier
malicious code	malware infection	<malware-name>
malicious code	malware c&c		<malware-name>
malicious code	malware dga domain	<malware-name>
malicious code	malware distribution	<malware-name>
malicious code	malware configuration	<malware-name>
What do you think?
- Thomas
CERT-Bund Incident Response & Malware Analysis Team

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

Re: [Intelmq-dev] Classification of malware events