Skip to content

Commit

Permalink
Warning + remove false positive
Browse files Browse the repository at this point in the history
  • Loading branch information
@Te-k
Te-k committed Jul 22, 2021
1 parent 1c69421 commit ba749a9
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 1 deletion.
1 change: 1 addition & 0 deletions 2021-07-18_nso/README.md
View file
Expand Up @@ -12,5 +12,6 @@ These indicators include:
* `v4_validation_domains.txt`: list of Pegasus Version 4 validation/URL shortener domains
* `emails.txt`: list of iCloud accounts used for exploiting zero-click vulnerabilities in iMessage and other Apple apps
* `files.txt`: list of suspicious files
* **Warning**: the `com.apple.CrashReporter.plist` file listed here can be created by Pegasus but can also be legitimately created by the system during updates. Without additional indicators, it does not confirm the infection of a iPhone.
* `pegasus.stix2`: [STIX v2](https://oasis-open.github.io/cti-documentation/stix/intro.html) file containing IOCs that can be used with MVT
* `processes.txt`: list of Pegasus-related process names identified on compromised phones
1 change: 0 additions & 1 deletion 2021-07-18_nso/processes.txt
View file
Expand Up @@ -23,7 +23,6 @@ corecomnetd
ctrlfs
dhcp4d
Diagnostic-2543
Diagnosticd
Diagnostics-2543
eventfssd
eventsfssd
Expand Down

0 comments on commit ba749a9

Please sign in to comment.