forked from mvt-project/mvt-indicators
-
Notifications
You must be signed in to change notification settings - Fork 0
/
indicators.yaml
110 lines (104 loc) · 3.23 KB
/
indicators.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
indicators:
-
type: github
name: NSO Group Pegasus Indicators of Compromise
sources:
- Amnesty International
references:
- https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2021-07-18_nso/pegasus.stix2
-
type: github
name: Cytrox Predator Spyware Indicators of Compromise
sources:
- Meta
- Amnesty International
- Citizen Lab
references:
- https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2021-12-16_cytrox/cytrox.stix2
-
type: github
name: RCS Lab Spyware Indicators of Compromise
sources:
- Google
- Lookout
references:
- https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2022-06-23_rcs_lab/rcs.stix2
-
type: github
name: Stalkerware Indicators of Compromise
sources:
- ECHAP
references:
- https://github.com/AssoEchap/stalkerware-indicators
github:
owner: AssoEchap
repo: stalkerware-indicators
branch: master
path: generated/stalkerware.stix2
-
type: github
name: Surveillance campaign linked to mercenary spyware company
sources:
- Amnesty International
- Google
references:
- https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
- https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/
github:
owner: AmnestyTech
repo: investigations
branch: master
path: 2023-03-29_android_campaign/malware.stix2
-
type: github
name: Quadream KingSpawn Indicators of Compromise
sources:
- Citizen Lab
- Microsoft
references:
- https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/
- https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2023-04-11_quadream/kingspawn.stix2
-
type: github
name: Operation Triangulation Indicators of Compromise
sources:
- Kaspersky Lab
references:
- https://securelist.com/operation-triangulation/109842/
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2023-06_01_operation_triangulation/operation_triangulation.stix2
-
type: github
name: WyrmSpy and DragonEgg Indicators of Compromise
sources:
- Lookout
references:
- https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
github:
owner: mvt-project
repo: mvt-indicators
branch: main
path: 2023-07-25_wyrmspy_dragonegg/wyrmspy_dragonegg.stix2