NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”.
This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project,
a collaborative investigation that involves more than 80 journalists from 17 media organizations
in 10 countries coordinated by Forbidden Stories with technical support of "Amnesty International’s Security Lab"*.
However, on further analysis we* also noticed suspicious redirects and we can at least from the forensic work, use the information to prevent certain Domains and DNS's. it should make it harder for Pegasus, to communicate with the C&C's from the NSO Group.
This is a list of domains and DNSs which has been collected from Amnesty International’s Security Lab.
🔗 You can check the huge writeup here:
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
The list can be added to pihole and giving a little bit a protection not to get attacked nor getting any other packages from their respective servers.
🔗 https://github.com/Red-Laboratory/NSO-hosts