CyberSkyline Posted November 24, 2021 ID:1489710 Share Posted November 24, 2021 Hello there, Our users report to us that MalwareBytes is categorizing us as "RiskWare". We host cybersecurity competitions and technical skills labs, so there are a number of artifacts such as compiled binaries and network pcaps hosted on our site which may be the cause of the categorization. Our domain is cyberskyline .dot. com, what are the steps that we need to take to be removed from the block list? Thanks for your attention in this matter! Link to post Share on other sites More sharing options...
1PW Posted November 24, 2021 ID:1489717 Share Posted November 24, 2021 (edited) Hello @CyberSkyline and hxxps://cyberskyline.com/ https://www.virustotal.com/gui/url/43f2c4d031751d2922b02d54c1f3f282ed02e86a8afeb8e32e7c08cb9ee8c04d?nocache=1 Thank you. MBG Riskware block - @gonzo Edited November 24, 2021 by 1PW Link to post Share on other sites More sharing options...
CyberSkyline Posted November 24, 2021 Author ID:1489719 Share Posted November 24, 2021 Hi @1PW, thank you! And yes that is correct. I had checked the VirusTotal scan results earlier as well but wasn't 100% sure if Malwarebytes was represented in the VirusTotal results. Which one of these is Malwarebytes? Link to post Share on other sites More sharing options...
Staff BjelakovicL Posted November 24, 2021 Staff ID:1489721 Share Posted November 24, 2021 (edited) Hi, Domain is blocked because of these links: https://cyberskyline.com/artifact/5ca3a87a0aa5052c05874b42/5c73cad2f346a133d37881e1/5cbc99a774381f380ef8182e/5cc0c62ea88474750e71cda5/5cc0c73da88474750e71cda6/download?t=0116 http://cyberskyline.com/artifact/5c858312818ae10923d68fb0/5c73cad2f346a133d37881e1/5cbc99a774381f380ef8182e/5cc0c62ea88474750e71cda5/5cc0c73da88474750e71cda6/download http://cyberskyline.com/artifact/5abc61e36bbe493b996b7238/5c73cad2f346a133d37881e1/5cbc99a774381f380ef8182e/5cc0c62ea88474750e71cda5/5cc0c73da88474750e71cda6/download?t=0116 http://cyberskyline.com/artifact/5bb42cb94cefcd72612bca88/5c73cad2f346a133d37881e1/5cbc99a774381f380ef8182e/5cc0c62ea88474750e71cda5/5cc0c73da88474750e71cda6/download?t=0116 https://cyberskyline.com/artifact/5abc61e36bbe493b996b7238/5c73cad2f346a133d37881e1/5cbc99a774381f380ef8182e/5cc0c62ea88474750e71cda5/5cc0c73da88474750e71cda6/download?t=0116 VT scan: https://www.virustotal.com/gui/file/579e331780e17ab0938d2b87a37f2218bad11f8890e297e4082cbdf12e0d2fe7 Edited November 24, 2021 by BjelakovicL Link to post Share on other sites More sharing options...
CyberSkyline Posted November 24, 2021 Author ID:1489725 Share Posted November 24, 2021 Hi @BjelakovicL, thanks for linking that. Yeah that's one of the artifacts that we host as part of a CTF, it's benign but it contains common malware code so that the users who are tasked with reversing it to identify what domain it's phoning home to (a fictitious one as well) can interact with something realistic. Any recommendations for our particular situation? I suppose we can host it on a separate domain but that seems like a counterintuitive approach as it could be seen as an evasive technique. Link to post Share on other sites More sharing options...
Staff Solution BjelakovicL Posted November 24, 2021 Staff Solution ID:1489726 Share Posted November 24, 2021 Understood, block will be removed then. Link to post Share on other sites More sharing options...
Recommended Posts