Instruction: Domains supporting many Malwarebytes services and products.
Integrity requirements: high
Max severity: critical
Asset identifier: *.malwarebytes.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domains supporting many Malwarebytes services and products.
Integrity requirements: high
Max severity: critical
Asset identifier: *.mb-cosmos.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domains supporting many Malwarebytes services and products.
Integrity requirements: high
Max severity: critical
Asset identifier: *.mbamupdates.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domains supporting many Malwarebytes services and products.
Integrity requirements: high
Max severity: critical
Asset identifier: *.mwb-threatintel.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domains supporting many Malwarebytes services and products.
Integrity requirements: high
Max severity: critical
Asset identifier: *.mwbsys.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domains supporting many Malwarebytes services and products.
Integrity requirements: high
Max severity: critical
Asset identifier: AdwCleaner
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: **AdwCleaner** is the world’s most popular adware cleaner finds and removes unwanted programs and junkware so your online experience stays optimal and hassle-free.
* Product page: https://www.malwarebytes.com/adwcleaner
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468313-Malwarebytes-AdwCleaner
Note that this product is being deprecated, and is no longer eligible for bounty.
Integrity requirements: medium
Max severity: critical
Asset identifier: Any other Malwarebytes asset
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Please use this category to report vulnerabilities in any other assets not listed in other categories.
Note: Due to the broad scope of this category, eligibility and rewards will decided on the case-by-case basis.
Instruction: Malwarebytes Browser Guard crushes unwanted and unsafe content, giving you a safer and faster browsing experience. Not only that, it is the world’s first browser extension that can identify and stop tech support scams.
* Product page: https://www.malwarebytes.com/browserguard
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468293-Malwarebytes-Browser-Guard
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://forums.malwarebytes.com/forum/172-anti-ransomware-beta/
* Documentation: https://support.malwarebytes.com/hc/en-us/articles/360038523414-What-is-Malwarebytes-Anti-Ransomware
Integrity requirements: low
Max severity: medium
Asset identifier: Malwarebytes Device Control
Asset type: OTHER
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://www.malwarebytes.com/business/cloud
* Documentation: https://service.malwarebytes.com/hc/en-us/articles/4417282329491-Device-Control-in-Malwarebytes-Nebula
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes Endpoint Detection and Response (EDR)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Cross-platform threat prevention and remediation for Windows, Mac, and Linux
* Product page: https://www.malwarebytes.com/business/edr / https://www.malwarebytes.com/business/edr/server-security/
Instruction: Comprehensive security that keeps your devices safe and teams productive.
* Product page: https://www.malwarebytes.com/business/endpoint-protection / https://www.malwarebytes.com/business/endpoint-protection/server-security
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes Incident Response
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Malwarebytes Incident Response is the trusted standard in automated endpoint remediation. The solution bolsters your enterprise cyber resilience and incident response process by compressing response times with fast and complete remediation.
* Product page: https://www.malwarebytes.com/business/incident-response
* Documentation: https://www.malwarebytes.com/business/incident-response
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes Privacy (VPN)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: With a single click, our next-generation VPN helps protect your online privacy, secures your WiFi connection, and delivers speeds way faster than older VPNs.
* Product page: https://www.malwarebytes.com/vpn
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360003545953-Malwarebytes-Privacy
**Note**: The scope of the bug bounty program is limited to **ONLY** the VPN client installed on desktop/endpoint. **Server-side** is strictly **NOT** in scope, but your feedback is appreciated, **NOT** rewarded. The primary goal of this bug bounty program is to explore if there are any IP leak, DNS leak, and Data leak vulnerabilities present or not. As a researcher and creative thinker, you are welcome to explore for any other vulnerabilities if they are applicable to the client.
Integrity requirements: medium
Max severity: critical
Asset identifier: Malwarebytes Remediation for CrowdStrike
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: high
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Malwarebytes Remediation for CrowdStrike works seamlessly with CrowdStrike Real Time Response (RTR) functionality. It provides automated remediation that thoroughly removes malware on machines where CrowdStrike Falcon has stopped an attack.
* Product page: https://www.malwarebytes.com/business/crowdstrike
* Documentation: https://service.malwarebytes.com/hc/en-us/articles/4413798516627-Malwarebytes-Remediation-for-CrowdStrike-integration-guide
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes ToolSet (MBTS)
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://www.malwarebytes.com/techbench
* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057875-Toolset
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes Windows Firewall Control
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall and provides new extra features which makes Windows Firewall better. It runs in the system tray and allows the user to control the native firewall easily without having to waste time by navigating to the specific part of the firewall.
* Product page: https://www.binisoft.org/wfc
* Documentation: https://www.binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf
Integrity requirements: low
Max severity: medium
Asset identifier: Malwarebytes for Mac
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://www.malwarebytes.com/mac
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468253-Malwarebytes-for-Mac
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes for Teams
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://www.malwarebytes.com/business/teams
* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4414671777043-For-Teams
Integrity requirements: high
Max severity: critical
Asset identifier: Malwarebytes for Windows
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://www.malwarebytes.com/premium
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458014-Malwarebytes-for-Windows
Integrity requirements: high
Max severity: critical
Asset identifier: USB Flash Drive Control
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: USB Flash Drives Control is a freeware program that runs in system tray, next to the system clock, and provides access to control the way in which the USB removable drives are used on your computer. These options are available through the right click context menu on the system tray icon of the program.
* Product page: https://www.binisoft.org/usbc
Instruction: Understand risks quickly and strengthen defenses across your digital ecosystem with modules for our cloud-based security management platform.
* Product page: https://www.malwarebytes.com/business/vulnerability-patch-management
* Documentation: https://www.malwarebytes.com/business/vulnerability-patch-management
Integrity requirements: high
Max severity: critical
Asset identifier: blog.malwarebytes.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: This subdomain is operated by a third party, therefore, submissions will not be eligible for a bounty.
However, valid reports will still be addressed and reputation will possibly be awarded.
Integrity requirements: medium
Max severity: critical
Asset identifier: cloud.malwarebytes.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Platform that support most of Malwarebytes for business products.
* Product page: https://cloud.malwarebytes.com
* Documentation: https://www.malwarebytes.com/business/cloud
Integrity requirements: high
Max severity: critical
Asset identifier: com.malwarebytes.Malwarebytes
Asset type: APPLE_STORE_APP_ID
Availability requirement: high
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Get all the extra iOS security you need in one app. Protect yourself from online threats and put a stop to annoying spam calls and texts. Browse the web with confidence and focus on the messages that matter.
* Product page: https://www.malwarebytes.com/ios
* Appstore: https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS
Integrity requirements: high
Max severity: critical
Asset identifier: forums.malwarebytes.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: This subdomain is operated by a third party, therefore, submissions will not be eligible for a bounty.
However, valid reports will still be addressed and reputation will possibly be awarded.
Integrity requirements: medium
Max severity: critical
Asset identifier: my.malwarebytes.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Portal to manage your subscriptions and billing.
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458094-My-Account-Billing
Integrity requirements: high
Max severity: critical
Asset identifier: oneview.malwarebytes.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: The Malwarebytes OneView multi-tenant dashboard enables you to grow revenue while lowering costs with a single pane of glass to centrally manage customer and partner accounts, cloud subscriptions for servers and workstations, invoicing, and integrations. The admin console provides direct linkage to the Malwarebytes internal team for rapid creation and resolution of support tickets.
* Product page: https://www.malwarebytes.com/partners/managed-service-providers
* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057491-OneView
Integrity requirements: high
Max severity: critical
Asset identifier: org.malwarebytes.antimalware
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://www.malwarebytes.com/android / https://www.malwarebytes.com/chromebook
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458034-Malwarebytes-for-Android-Chrome-OS
Integrity requirements:
Max severity: critical
Asset identifier: support.malwarebytes.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: This subdomain is operated by a third party, therefore, submissions will not be eligible for a bounty.
However, valid reports will still be addressed and reputation will possibly be awarded.
