TH17102
Detected presence of files containing a Base-encoded URL.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | low | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. Obfuscation is a process of mangling the software code legibility, and it can be applied to URLs embedded in a software package. Obfuscation can interfere with the accuracy of security and software quality assessment solutions. For this reason, obfuscation is a technique commonly used by malicious actors as a means of bypassing security solutions and avoiding detection. While presence of URL obfuscation does not imply malicious intent, all of its uses in a software package should be documented and approved. URLs have their own encoding type called url-encoding, which is the preferred way of encoding URLs used on the web.
How to resolve the issueโ
- Investigate reported detections as indicators of software tampering.
- Consult Mitre ATT&CK documentation: T1027 - Obfuscated Files or Information.
- Consider encoding all embedded URL data with url-encoded format.
Recommended readingโ
- T1027 - Obfuscated Files or Information (External resource - Mitre ATT&CK documentation)
- Code obfuscation (ReversingLabs glossary)