[Intelmq-dev] Classification of malware events
Thomas Hungenberg
th at cert-bund.de
Thu Mar 15 16:43:45 CET 2018
On 12.03.2018 16:43, Sebastian Wagner wrote:
> On 2018-03-12 16:32, Thomas Hungenberg wrote:
>> I'd prefer using "infected system" as the classification type for
>> malware infections as this fits with the classification level of
>> other malicious code events.
>>
>> Then we would have:
>>
>> taxonomy type identifier
>> malicious code infected system <malware-name>
>> malicious code c&c <malware-name>
>> malicious code dga domain <malware-name>
>> malicious code malware distribution <malware-name>
>> malicious code malware configuration <malware-name>
>
> +1 Time to clean this chaos.
We could also use "malware infection" instead of "infected system"
and probably add a "malware" prefix to "c&c" and "dga domain" as well
to make these types more precise:
taxonomy type identifier
malicious code malware infection <malware-name>
malicious code malware c&c <malware-name>
malicious code malware dga domain <malware-name>
malicious code malware distribution <malware-name>
malicious code malware configuration <malware-name>
What do you think?
- Thomas
CERT-Bund Incident Response & Malware Analysis Team
More information about the Intelmq-dev
mailing list