-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathindicators.yaml
143 lines (134 loc) · 4.43 KB
/
indicators.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
indicators:
-
type: github
name: NSO Group Pegasus Indicators of Compromise
sources:
- Amnesty International
references:
- https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2021-07-18_nso/pegasus.stix2
-
type: github
name: Predator Spyware Indicators of Compromise
sources:
- Meta
- Amnesty International
- Citizen Lab
- Cisco
- Inside Story
references:
- https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
- https://about.fb.com/news/2021/12/taking-action-against-surveillance-for-hire/
- https://blog.talosintelligence.com/mercenary-intellexa-predator/
- https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
- https://insidestory.gr/article/predatorgate-ti-egrafan-ta-sms-pagida-poy-elavan-epiheirimaties-ypoyrgoi-kai-dimosiografoi
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: intellexa_predator/predator.stix2
-
type: github
name: RCS Lab Spyware Indicators of Compromise
sources:
- Google
- Lookout
references:
- https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2022-06-23_rcs_lab/rcs.stix2
-
type: github
name: Stalkerware Indicators of Compromise
sources:
- ECHAP
references:
- https://github.com/AssoEchap/stalkerware-indicators
github:
owner: AssoEchap
repo: stalkerware-indicators
branch: master
path: generated/stalkerware.stix2
-
type: github
name: Surveillance campaign linked to mercenary spyware company
sources:
- Amnesty International
- Google
references:
- https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
- https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2023-03-29_android_campaign/malware.stix2
-
type: github
name: Quadream KingSpawn Indicators of Compromise
sources:
- Citizen Lab
- Microsoft
references:
- https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/
- https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2023-04-11_quadream/kingspawn.stix2
-
type: github
name: Operation Triangulation Indicators of Compromise
sources:
- Kaspersky Lab
references:
- https://securelist.com/operation-triangulation/109842/
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2023-06_01_operation_triangulation/operation_triangulation.stix2
-
type: github
name: WyrmSpy and DragonEgg Indicators of Compromise
sources:
- Lookout
references:
- https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2023-07-25_wyrmspy_dragonegg/wyrmspy_dragonegg.stix2
-
type: github
name: Wintego Helios Indicators of Compromise
sources:
- Amnesty International
references:
- https://securitylab.amnesty.org/latest/2024/05/a-web-of-surveillance/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2024-05-02_wintego_helios/wintego_helios.stix2
-
type: github
name: NoviSpy (Serbia) Indicators of Compromise
sources:
- Amnesty International
references:
- https://securitylab.amnesty.org/latest/2024/12/serbia-a-digital-prison-spyware-and-cellebrite-used-on-journalists-and-activists/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2024-12-16_serbia_novispy/novispy.stix2