From 07c020828931404acef0f902430af1733bee1c9b Mon Sep 17 00:00:00 2001 From: ostorlab Date: Thu, 26 Oct 2023 10:47:02 +0100 Subject: [PATCH 1/5] Add Reputation KB entry --- .../COMMON/_INFO/REPUTATION_SCAN/context.md | 9 +++++++++ .../COMMON/_INFO/REPUTATION_SCAN/description.md | 1 + MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json | 12 ++++++++++++ .../COMMON/_INFO/REPUTATION_SCAN/recommendation.md | 11 +++++++++++ 4 files changed, 33 insertions(+) create mode 100644 MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md create mode 100644 MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md create mode 100644 MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json create mode 100644 MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/recommendation.md diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md new file mode 100644 index 00000000..ca1288a5 --- /dev/null +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md @@ -0,0 +1,9 @@ +The 'Domain Name and IP Address Reputation Report' assesses the reputation of domain names and IP addresses associated with your application. This report collects data from various APIs and public databases to determine if a domain name or IP address has been identified as potentially malicious. + +Low reputation IPs and domain names may not have proper security measures in place, making your application vulnerable to security breaches and data leaks. These entities could be susceptible to hacking, phishing, and other cyberattacks, putting your users' data and privacy at risk. + +Low reputation IPs and domain names may not be reliable in terms of uptime and availability. They could experience frequent downtime, slow response times, or even sudden shutdowns, causing disruptions to your application's functionality and user experience. + +Some low reputation domains and IPs may infringe upon intellectual property rights, contain malicious content, or engage in unethical or illegal activities. Associating your application with such entities can lead to legal issues, reputational damage, and potential regulatory compliance problems. + +If your application relies on low reputation domain names, it can negatively affect your search engine rankings. Search engines like Google consider the reputation and quality of the domains you link to. If you associate with low-quality domains, your application's visibility in search results may suffer. diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md new file mode 100644 index 00000000..170d0768 --- /dev/null +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md @@ -0,0 +1 @@ +Reputation analysis for domain names and ip addresses scanned by multiple APIs and public databases. \ No newline at end of file diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json new file mode 100644 index 00000000..df5276e3 --- /dev/null +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json @@ -0,0 +1,12 @@ +{ + "risk_rating": "info", + "short_description": "Report for domain name and ip addresses reputation score using multiple scanning APIs and databases.", + "references": { + "UrlScan" : "https://urlscan.io/", + "AbuseIPDB" : "https://www.abuseipdb.com/", + "GoogleSaveBrowsing" : "https://safebrowsing.google.com/" + }, + "title": "Domain name and IP address reputation report", + "privacy_issue": false, + "security_issue": true +} \ No newline at end of file diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/recommendation.md b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/recommendation.md new file mode 100644 index 00000000..87c4456e --- /dev/null +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/recommendation.md @@ -0,0 +1,11 @@ +If you discover that one of the domain names/IP addresses associated with your application has a bad reputation or is flagged as malicious, it's important to take action to address the issue and ensure the security and reliability of your application. +Actions you need to take will depend on the nature of the asset, your control over it, and the severity of the reputation issue. +Here are some recommendations on what to do in such a situation: + + * Determine why the asset has a bad reputation score. It could be due to various factors, such as hosting malicious content, spam, or being associated with a history of cyberattacks. Investigate the specifics of the problem. + + * Ensure that the reputation score is accurate and up-to-date. Sometimes, these scores can change over time due to legitimate reasons. Verify the source of the reputation score and try to understand the reasons behind it. + + * Consider isolating it from your primary systems. You may want to temporarily disable or quarantine the asset to prevent further potential issues while you investigate. + + * If the asset is associated with a service you control, take steps to patch and secure it. This might involve updating software, implementing stronger security measures, and ensuring it is not used for malicious purposes. From 37f977dcc8b5566e7c189981bddc7f010019ff75 Mon Sep 17 00:00:00 2001 From: ostorlab Date: Thu, 26 Oct 2023 10:49:34 +0100 Subject: [PATCH 2/5] small update --- MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json index df5276e3..6e9062f2 100644 --- a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json @@ -1,6 +1,6 @@ { "risk_rating": "info", - "short_description": "Report for domain name and ip addresses reputation score using multiple scanning APIs and databases.", + "short_description": "Report for domain name and IP addresses reputation score using multiple scanning APIs and databases.", "references": { "UrlScan" : "https://urlscan.io/", "AbuseIPDB" : "https://www.abuseipdb.com/", From 8c5ae2fe5de5c153cc5dcb72ad185aba45aabee0 Mon Sep 17 00:00:00 2001 From: Anas <129057829+ErebusZ@users.noreply.github.com> Date: Thu, 26 Oct 2023 12:05:28 +0100 Subject: [PATCH 3/5] Update MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json Co-authored-by: Alaeddine Mesbahi --- MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json index 6e9062f2..f5fce440 100644 --- a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json @@ -1,5 +1,5 @@ { - "risk_rating": "info", + "risk_rating": "high", "short_description": "Report for domain name and IP addresses reputation score using multiple scanning APIs and databases.", "references": { "UrlScan" : "https://urlscan.io/", From f2916efe2773fa346ddc665cd027122eb4f4e991 Mon Sep 17 00:00:00 2001 From: ErebusZ Date: Thu, 26 Oct 2023 12:07:52 +0100 Subject: [PATCH 4/5] fix commetns --- MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md | 9 --------- .../COMMON/_INFO/REPUTATION_SCAN/description.md | 10 +++++++++- 2 files changed, 9 insertions(+), 10 deletions(-) delete mode 100644 MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md deleted file mode 100644 index ca1288a5..00000000 --- a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/context.md +++ /dev/null @@ -1,9 +0,0 @@ -The 'Domain Name and IP Address Reputation Report' assesses the reputation of domain names and IP addresses associated with your application. This report collects data from various APIs and public databases to determine if a domain name or IP address has been identified as potentially malicious. - -Low reputation IPs and domain names may not have proper security measures in place, making your application vulnerable to security breaches and data leaks. These entities could be susceptible to hacking, phishing, and other cyberattacks, putting your users' data and privacy at risk. - -Low reputation IPs and domain names may not be reliable in terms of uptime and availability. They could experience frequent downtime, slow response times, or even sudden shutdowns, causing disruptions to your application's functionality and user experience. - -Some low reputation domains and IPs may infringe upon intellectual property rights, contain malicious content, or engage in unethical or illegal activities. Associating your application with such entities can lead to legal issues, reputational damage, and potential regulatory compliance problems. - -If your application relies on low reputation domain names, it can negatively affect your search engine rankings. Search engines like Google consider the reputation and quality of the domains you link to. If you associate with low-quality domains, your application's visibility in search results may suffer. diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md index 170d0768..ae43e688 100644 --- a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md +++ b/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md @@ -1 +1,9 @@ -Reputation analysis for domain names and ip addresses scanned by multiple APIs and public databases. \ No newline at end of file +Reputation analysis for domain names and IP addresses scanned by multiple APIs and public databases. + +Low reputation IPs and domain names may not have proper security measures in place, making your application vulnerable to security breaches and data leaks. These entities could be susceptible to hacking, phishing, and other cyberattacks, putting your users' data and privacy at risk. + +Low reputation IPs and domain names may not be reliable in terms of uptime and availability. They could experience frequent downtime, slow response times, or even sudden shutdowns, causing disruptions to your application's functionality and user experience. + +Some low reputation domains and IPs may infringe upon intellectual property rights, contain malicious content, or engage in unethical or illegal activities. Associating your application with such entities can lead to legal issues, reputational damage, and potential regulatory compliance problems. + +If your application relies on low reputation domain names, it can negatively affect your search engine rankings. Search engines like Google consider the reputation and quality of the domains you link to. If you associate with low-quality domains, your application's visibility in search results may suffer. From 3810269deae29b0c9ce1738daa83ec7bc729addb Mon Sep 17 00:00:00 2001 From: ErebusZ Date: Thu, 26 Oct 2023 12:41:49 +0100 Subject: [PATCH 5/5] correct location --- .../COMMON/{_INFO => _HIGH}/REPUTATION_SCAN/description.md | 0 MOBILE_CLIENT/COMMON/{_INFO => _HIGH}/REPUTATION_SCAN/meta.json | 0 .../COMMON/{_INFO => _HIGH}/REPUTATION_SCAN/recommendation.md | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename MOBILE_CLIENT/COMMON/{_INFO => _HIGH}/REPUTATION_SCAN/description.md (100%) rename MOBILE_CLIENT/COMMON/{_INFO => _HIGH}/REPUTATION_SCAN/meta.json (100%) rename MOBILE_CLIENT/COMMON/{_INFO => _HIGH}/REPUTATION_SCAN/recommendation.md (100%) diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md b/MOBILE_CLIENT/COMMON/_HIGH/REPUTATION_SCAN/description.md similarity index 100% rename from MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/description.md rename to MOBILE_CLIENT/COMMON/_HIGH/REPUTATION_SCAN/description.md diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json b/MOBILE_CLIENT/COMMON/_HIGH/REPUTATION_SCAN/meta.json similarity index 100% rename from MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/meta.json rename to MOBILE_CLIENT/COMMON/_HIGH/REPUTATION_SCAN/meta.json diff --git a/MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/recommendation.md b/MOBILE_CLIENT/COMMON/_HIGH/REPUTATION_SCAN/recommendation.md similarity index 100% rename from MOBILE_CLIENT/COMMON/_INFO/REPUTATION_SCAN/recommendation.md rename to MOBILE_CLIENT/COMMON/_HIGH/REPUTATION_SCAN/recommendation.md