Salve avete risorse utili per studiare questo malware capire come funziona ecc... Grazie in anticipo.
Conoscete malware simili e più recenti ?
Conoscete malware simili e più recenti ?
Domanda Pegasus spyware
- Autore discussione lolollo2222
- Data d'inizio
Ciao, per le risorse di questo tipo puoi sempre provare a dare un'occhiata su GitHub. Anche in questo caso si trova qualcosa:
github.com
Si tratta di sample che girano su IOS e
Android. Ovviamente se li trovi su GitHub è quasi certo che gli AV te li rilevano, però sono ottimi codici per studiare e imparare qualcosa.
GitHub - 9aylas/Pegasus-samples: Here's samples of android/ios spyware named "Pegasus" made by the NSOGROUP
Here's samples of android/ios spyware named "Pegasus" made by the NSOGROUP - 9aylas/Pegasus-samples
github.com
Si tratta di sample che girano su IOS e
Android. Ovviamente se li trovi su GitHub è quasi certo che gli AV te li rilevano, però sono ottimi codici per studiare e imparare qualcosa.
grazie milleCiao, per le risorse di questo tipo puoi sempre provare a dare un'occhiata su GitHub. Anche in questo caso si trova qualcosa:
GitHub - 9aylas/Pegasus-samples: Here's samples of android/ios spyware named "Pegasus" made by the NSOGROUP
Here's samples of android/ios spyware named "Pegasus" made by the NSOGROUP - 9aylas/Pegasus-samples
Si tratta di sample che girano su IOS e
Android. Ovviamente se li trovi su GitHub è quasi certo che gli AV te li rilevano, però sono ottimi codici per studiare e imparare qualcosa.
sono curioso, che tipo di studi vorresti fare? hai in mente di pubblicare qualche ricerca?
Ultima modifica:
purtroppo non ho questo livello di esperienza sto solo cercando di fare gli stessi passi dei ricercatori che hanno lavorato su questo malware e capire come funziona, inoltre guardandomi intorno, credo che utilizzino più o meno tutti le stesse tecniche, dato che mi sembra si nasconda una vera e propria industria per niente etica e oscura, comunque sono interessato a tutto ciò che riguarda il comportamento del malware come è stato progettato cosa lo rende permanente nel sistema ospite ecc..
secondo voi dovrei approfondire ho il sospetto che il mio iphone sia infetto
Type,Severity,Time (UTC),Event,Malware,Analyzer Module,Analyzer Time (UTC),Description
Device,Critical,2024-02-26 16:47:40,Indicator Match - Domain,MyCellSpy,WebKit Observations,2024-03-03 16:52:44,WebKit access to 'mycellspy.com' from app: 'Safari' (com.apple.mobilesafari).
Device,Critical,2024-02-26 16:47:42,Indicator Match - Domain,MyCellSpy,Safari History,2024-03-03 16:52:28,Safari visit to 'https://www.mycellspy.com/how-to-lo...ile-phone-through-the-cloud-service-function/'.
Device,Critical,2024-02-26 16:58:00,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 16:52:59,WebKit access to 'mspy.com' from app: 'Edge' (com.microsoft.msedge).
Device,Critical,2024-02-26 16:58:30,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 16:52:59,WebKit access to 'mspy.it' from app: 'Edge' (com.microsoft.msedge).
Device,Critical,2024-02-26 17:10:14,Indicator Match - Domain,uMobix,Safari History,2024-03-03 16:52:28,Safari visit to 'https://umobix.com/iphone-tracker.h...MIhLy2prLJhAMVYpdoCR28AQUsEAAYASAAEgJKu_D_BwE'.
Device,Critical,2024-02-26 17:10:15,Indicator Match - Domain,uMobix,Safari History,2024-03-03 16:52:28,Safari visit to 'https://umobix.com/iphone-tracker.h...MIhLy2prLJhAMVYpdoCR28AQUsEAAYASAAEgJKu_D_BwE'.
Device,Critical,2024-02-26 17:10:15,Indicator Match - Domain,uMobix,WebKit Observations,2024-03-03 16:52:44,WebKit access to 'umobix.com' from app: 'Safari' (com.apple.mobilesafari).
Device,Critical,2024-02-26 17:10:16,Indicator Match - Domain,uMobix,Safari History,2024-03-03 16:52:28,Safari visit to 'https://umobix.com/iphone-tracker.h...MIhLy2prLJhAMVYpdoCR28AQUsEAAYASAAEgJKu_D_BwE'.
Device,Info,2024-02-26 19:30:16,HTTP Redirect,,Safari History,2024-03-03 16:52:29,Found HTTP redirect to different domain: 'notifydisparage.com' -> 'landing.sisal.it'.
Device,Info,2024-03-01 18:18:22,HTTP Redirect,,Safari History,2024-03-03 16:52:31,Found HTTP redirect to different domain: 'en.wikipedia.org' -> 'en.m.wikipedia.org'.
Analyzer,Info,2024-03-03 15:59:23,STIX Download,,iMazing,2024-03-03 15:59:23,STIX file downloaded from 'https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2'.
Analyzer,Info,2024-03-03 15:59:23,STIX Download,,iMazing,2024-03-03 15:59:23,STIX file downloaded from 'https://raw.githubusercontent.com/mvt-project/mvt-indicators/main/intellexa_predator/predator.stix2'.
Analyzer,Info,2024-03-03 15:59:23,STIX Download,,iMazing,2024-03-03 15:59:23,STIX file downloaded from 'https://raw.githubusercontent.com/mvt-project/mvt-indicators/main/2022-06-23_rcs_lab/rcs.stix2'.
Analyzer,Info,2024-03-03 15:59:24,STIX Download,,iMazing,2024-03-03 15:59:24,STIX file downloaded from 'https://raw.githubusercontent.com/A...indicators/master/generated/stalkerware.stix2'.
Analyzer,Info,2024-03-03 15:59:24,STIX Download,,iMazing,2024-03-03 15:59:24,STIX file downloaded from 'https://raw.githubusercontent.com/D...2023-04-11_KingsPawn-QuaDream/kingspawn.stix2'.
Analyzer,Info,2024-03-03 15:59:25,STIX Download,,iMazing,2024-03-03 15:59:25,STIX file downloaded from 'https://raw.githubusercontent.com/m...n_triangulation/operation_triangulation.stix2'.
Analyzer,Info,2024-03-03 16:51:56,Device Backup,,iMazing,2024-03-03 16:51:56,Backup completed.
Analyzer,Info,2024-03-03 16:51:56,Backup Parsing,,iMazing,2024-03-03 16:51:56,Backup parsed.
Analyzer,Info,2024-03-03 16:51:56,Backup Extraction,,Messages,2024-03-03 16:51:56,'HomeDomain/Library/SMS/sms.db' extracted successfully.
Analyzer,Info,2024-03-03 16:51:56,Analysis,,Messages,2024-03-03 16:51:56,Analyzing 364 messages.
Analyzer,Warning,2024-03-03 16:51:57,Analysis,,Messages,2024-03-03 16:51:57,Cannot expand shortened URL: https://bit.ly/3dJHxrD (ChilkatLog: - SynchronousRequest: - DllDate: Nov 18 2022 - ChilkatVersion: 9.5.0.93 - UnlockPrefix: DGDNAS.CB4102024 - Architecture: Little Endian; 64-bit - Language: Visual C++ 2019 / x64 - VerboseLogging: 0 - domain: bit.ly - port: 443 - ssl: True - originallySetFromUrl: https://bit.ly/3dJHxrD - httpRequest: - httpVersion: 1.1 - verb: HEAD - path: /3dJHxrD - contentType: - charset: utf-8 - sendCharset: 1 - mimeHeader: - --httpRequest - Component successfully unlocked using purchased unlock code. - fullRequest: - a_synchronousRequest: - generateRequestHeader: - sbHost0: bit.ly - httpRequestGenStartLine: - genStartLine: - startLine: HEAD /3dJHxrD HTTP/1.1 - --genStartLine - --httpRequestGenStartLine - --generateRequestHeader - fullHttpRequest: - domain: bit.ly - port: 443 - ssl: True - openHttpConnection: - Opening connection directly to HTTP server. - httpHostname: bit.ly - httpPort: 443 - tls: True - socket2Connect: - connect2: - connectImplicitSsl: - clientHandshake: - clientHandshake2: - reuseSession_ifPossible: False - haveSessionInfo: False - --clientHandshake2 - --clientHandshake - --connectImplicitSsl - --connect2 - --socket2Connect - HTTPS secure channel established. - --openHttpConnection - connectTime: Elapsed time: 297 millisec - sendRequestHeader: - sendHeaderElapsedMs: 0 - --sendRequestHeader - statusCode: 410 - statusText: Gone - --fullHttpRequest - success: 1 - --a_synchronousRequest - success: True - --fullRequest - totalTime: Elapsed time: 437 millisec - Success. - --SynchronousRequest - --ChilkatLog - )
Analyzer,Info,2024-03-03 16:51:58,Backup Extraction,,Messages Attachments,2024-03-03 16:51:58,'HomeDomain/Library/SMS/sms.db' extracted successfully.
Analyzer,Info,2024-03-03 16:51:58,Analysis,,Messages Attachments,2024-03-03 16:51:58,No message attachments to analyze.
Analyzer,Info,2024-03-03 16:51:59,Backup Extraction,,Calendar,2024-03-03 16:51:59,'HomeDomain/Library/Calendar/Calendar.sqlitedb' extracted successfully.
Analyzer,Info,2024-03-03 16:51:59,Analysis,,Calendar,2024-03-03 16:51:59,Analyzing 28 calendat items.
Analyzer,Info,2024-03-03 16:52:00,Backup Extraction,,WhatsApp,2024-03-03 16:52:00,'AppDomainGroup-group.net.whatsapp.WhatsApp.shared/ChatStorage.sqlite' extracted successfully.
Analyzer,Info,2024-03-03 16:52:00,Analysis,,WhatsApp,2024-03-03 16:52:00,Analyzing 3122 WhatsApp messages.
Analyzer,Info,2024-03-03 16:52:01,Analysis,,WhatsApp,2024-03-03 16:52:01,Analyzing 3129 WhatsApp attachments
Analyzer,Info,2024-03-03 16:52:03,Backup Extraction,,Call History,2024-03-03 16:52:03,'HomeDomain/Library/CallHistoryDB/CallHistory.storedata' extracted successfully.
Analyzer,Info,2024-03-03 16:52:03,Analysis,,Call History,2024-03-03 16:52:03,Analyzing 200 calls.
Analyzer,Info,2024-03-03 16:52:04,Backup Extraction,,Safari History,2024-03-03 16:52:04,'HomeDomain/Library/Safari/History.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:04,Analysis,,Safari History,2024-03-03 16:52:04,Analyzing 4912 Safari history entries.
Analyzer,Info,2024-03-03 16:52:34,Backup Extraction,,Safari Browser State,2024-03-03 16:52:34,'HomeDomain/Library/Safari/BrowserState.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:34,Analysis,,Safari Browser State,2024-03-03 16:52:34,Analyzing 15 Safari sessions.
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.alibaba.sourcing/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,No WebKit observations to analyze in 'Alibaba.com' (com.alibaba.sourcing).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.MailCompositionService/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,No WebKit observations to analyze in 'com.apple.MailCompositionService' (com.apple.MailCompositionService).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.Music/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,No WebKit observations to analyze in 'Musica' (com.apple.Music).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.mobilemail/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,Analyzing 3 WebKit observations in 'Mail' (com.apple.mobilemail).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.mobilesafari/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,Analyzing 927 WebKit observations in 'Safari' (com.apple.mobilesafari).
Analyzer,Warning,2024-03-03 16:52:41,Analysis,,WebKit Observations,2024-03-03 16:52:41,"Cannot expand shortened URL: https://t.co/ (redirect URL is empty, this shortned URL is probably expired)"
Analyzer,Info,2024-03-03 16:52:45,Backup Extraction,,WebKit Observations,2024-03-03 16:52:45,'AppDomain-com.burbn.instagram/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:45,Analysis,,WebKit Observations,2024-03-03 16:52:45,Analyzing 975 WebKit observations in 'Instagram' (com.burbn.instagram).
Analyzer,Warning,2024-03-03 16:52:47,Analysis,,WebKit Observations,2024-03-03 16:52:47,"Cannot expand shortened URL: https://t.co/ (redirect URL is empty, this shortned URL is probably expired)"
Analyzer,Warning,2024-03-03 16:52:51,Analysis,,WebKit Observations,2024-03-03 16:52:51,Cannot expand shortened URL: https://forms.gle/ (ChilkatLog: - SynchronousRequest: - DllDate: Nov 18 2022 - ChilkatVersion: 9.5.0.93 - UnlockPrefix: DGDNAS.CB4102024 - Architecture: Little Endian; 64-bit - Language: Visual C++ 2019 / x64 - VerboseLogging: 0 - domain: forms.gle - port: 443 - ssl: True - originallySetFromUrl: https://forms.gle/ - httpRequest: - httpVersion: 1.1 - verb: HEAD - path: / - contentType: - charset: utf-8 - sendCharset: 1 - mimeHeader: - --httpRequest - Component successfully unlocked using purchased unlock code. - fullRequest: - a_synchronousRequest: - generateRequestHeader: - sbHost0: forms.gle - httpRequestGenStartLine: - genStartLine: - startLine: HEAD / HTTP/1.1 - --genStartLine - --httpRequestGenStartLine - --generateRequestHeader - fullHttpRequest: - domain: forms.gle - port: 443 - ssl: True - openHttpConnection: - Opening connection directly to HTTP server. - httpHostname: forms.gle - httpPort: 443 - tls: True - socket2Connect: - connect2: - connectImplicitSsl: - clientHandshake: - clientHandshake2: - reuseSession_ifPossible: False - haveSessionInfo: False - --clientHandshake2 - --clientHandshake - --connectImplicitSsl - --connect2 - --socket2Connect - HTTPS secure channel established. - --openHttpConnection - connectTime: Elapsed time: 47 millisec - sendRequestHeader: - sendHeaderElapsedMs: 0 - --sendRequestHeader - statusCode: 400 - statusText: Bad Request - --fullHttpRequest - success: 1 - --a_synchronousRequest - success: True - --fullRequest - totalTime: Elapsed time: 235 millisec - Success. - --SynchronousRequest - --ChilkatLog - )
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.earlystudio.esound/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,Analyzing 31 WebKit observations in 'eSound' (com.earlystudio.esound).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.Gmail/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,Analyzing 3 WebKit observations in 'Gmail' (com.google.Gmail).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.Maps/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,No WebKit observations to analyze in 'Google Maps' (com.google.Maps).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.b612/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,No WebKit observations to analyze in 'Google Earth' (com.google.b612).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.ios.youtube/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,No WebKit observations to analyze in 'YouTube' (com.google.ios.youtube).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.investing.app/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,Analyzing 94 WebKit observations in 'Investing.com' (com.investing.app).
Analyzer,Info,2024-03-03 16:52:53,Backup Extraction,,WebKit Observations,2024-03-03 16:52:53,'AppDomain-com.linkedin.LinkedIn/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:53,Analysis,,WebKit Observations,2024-03-03 16:52:53,Analyzing 169 WebKit observations in 'LinkedIn' (com.linkedin.LinkedIn).
Analyzer,Info,2024-03-03 16:52:54,Backup Extraction,,WebKit Observations,2024-03-03 16:52:54,'AppDomain-com.microsoft.math/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:54,Analysis,,WebKit Observations,2024-03-03 16:52:54,Analyzing 4 WebKit observations in 'Math' (com.microsoft.math).
Analyzer,Info,2024-03-03 16:52:54,Backup Extraction,,WebKit Observations,2024-03-03 16:52:54,'AppDomain-com.microsoft.msedge/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:54,Analysis,,WebKit Observations,2024-03-03 16:52:54,Analyzing 867 WebKit observations in 'Edge' (com.microsoft.msedge).
Analyzer,Warning,2024-03-03 16:52:55,Analysis,,WebKit Observations,2024-03-03 16:52:55,"Cannot expand shortened URL: https://t.co/ (redirect URL is empty, this shortned URL is probably expired)"
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-com.plus500.plus500/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 14 WebKit observations in 'Plus500' (com.plus500.plus500).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-com.skype.skype/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 31 WebKit observations in 'Skype' (com.skype.skype).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-com.wikiloc.wikiloc/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,No WebKit observations to analyze in 'Wikiloc' (com.wikiloc.wikiloc).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-it.bancamediolanum.imedfullclient/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 43 WebKit observations in 'Mediolanum' (it.bancamediolanum.imedfullclient).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-tv.twitch/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 2 WebKit observations in 'Twitch' (tv.twitch).
Analyzer,Info,2024-03-03 16:53:01,Analysis,,Configuration Profiles,2024-03-03 16:53:01,No configuration profile to analyze.
Analyzer,Info,2024-03-03 16:53:02,Property List Dictionary Is Empty,,ID Status Cache,2024-03-03 16:53:02,'HomeDomain/Library/Preferences/com.apple.identityservices.idstatuscache.plist' is empty since iOS 14.7.
Analyzer,Info,2024-03-03 16:53:03,Backup Extraction,,InteractionC,2024-03-03 16:53:03,'HomeDomain/Library/CoreDuet/People/interactionC.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:03,Analysis,,InteractionC,2024-03-03 16:53:03,Analyzing 617 interactions.
Analyzer,Info,2024-03-03 16:53:03,Backup Extraction,,InteractionC Attachment,2024-03-03 16:53:03,'HomeDomain/Library/CoreDuet/People/interactionC.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:03,Analysis,,InteractionC Attachment,2024-03-03 16:53:03,Analyzing 1 interaction attachments.
Analyzer,Info,2024-03-03 16:53:04,Backup Extraction,,Data Usage,2024-03-03 16:53:04,'WirelessDomain/Library/Databases/DataUsage.sqlite' extracted successfully.
Analyzer,Info,2024-03-03 16:53:04,Analysis,,Data Usage,2024-03-03 16:53:04,Analyzing 2000 processes.
Analyzer,Info,2024-03-03 16:53:05,Backup Extraction,,OS Analytics,2024-03-03 16:53:05,'HomeDomain/Library/Preferences/com.apple.osanalytics.addaily.plist' extracted successfully.
Analyzer,Info,2024-03-03 16:53:05,Analysis,,Backup Filenames,2024-03-03 16:53:05,Analyzing 3606 domains in 19270 backup filenames.
ho eliminato la cronologia e rimangono questi due avvisi
Type,Severity,Time (UTC),Event,Malware,Analyzer Module,Analyzer Time (UTC),Description
Device,Critical,2024-02-26 16:58:00,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 19:16:27,WebKit access to 'mspy.com' from app: 'Edge' (com.microsoft.msedge).
Device,Critical,2024-02-26 16:58:30,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 19:16:27,WebKit access to 'mspy.it' from app: 'Edge' (com.microsoft.msedge). alcuni avvisi erano dovuti al fatto che avessi fatto delle ricerce su mycellspy ed eliminando la cronologia sono andati via ma rimangono questi due avvisi
Messaggio unito automaticamente:
secondo voi dovrei approfondire ho il sospetto che il mio iphone sia infetto
Type,Severity,Time (UTC),Event,Malware,Analyzer Module,Analyzer Time (UTC),Description
Device,Critical,2024-02-26 16:47:40,Indicator Match - Domain,MyCellSpy,WebKit Observations,2024-03-03 16:52:44,WebKit access to 'mycellspy.com' from app: 'Safari' (com.apple.mobilesafari).
Device,Critical,2024-02-26 16:47:42,Indicator Match - Domain,MyCellSpy,Safari History,2024-03-03 16:52:28,Safari visit to 'https://www.mycellspy.com/how-to-lo...ile-phone-through-the-cloud-service-function/'.
Device,Critical,2024-02-26 16:58:00,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 16:52:59,WebKit access to 'mspy.com' from app: 'Edge' (com.microsoft.msedge).
Device,Critical,2024-02-26 16:58:30,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 16:52:59,WebKit access to 'mspy.it' from app: 'Edge' (com.microsoft.msedge).
Device,Critical,2024-02-26 17:10:14,Indicator Match - Domain,uMobix,Safari History,2024-03-03 16:52:28,Safari visit to 'https://umobix.com/iphone-tracker.h...MIhLy2prLJhAMVYpdoCR28AQUsEAAYASAAEgJKu_D_BwE'.
Device,Critical,2024-02-26 17:10:15,Indicator Match - Domain,uMobix,Safari History,2024-03-03 16:52:28,Safari visit to 'https://umobix.com/iphone-tracker.h...MIhLy2prLJhAMVYpdoCR28AQUsEAAYASAAEgJKu_D_BwE'.
Device,Critical,2024-02-26 17:10:15,Indicator Match - Domain,uMobix,WebKit Observations,2024-03-03 16:52:44,WebKit access to 'umobix.com' from app: 'Safari' (com.apple.mobilesafari).
Device,Critical,2024-02-26 17:10:16,Indicator Match - Domain,uMobix,Safari History,2024-03-03 16:52:28,Safari visit to 'https://umobix.com/iphone-tracker.h...MIhLy2prLJhAMVYpdoCR28AQUsEAAYASAAEgJKu_D_BwE'.
Device,Info,2024-02-26 19:30:16,HTTP Redirect,,Safari History,2024-03-03 16:52:29,Found HTTP redirect to different domain: 'notifydisparage.com' -> 'landing.sisal.it'.
Device,Info,2024-03-01 18:18:22,HTTP Redirect,,Safari History,2024-03-03 16:52:31,Found HTTP redirect to different domain: 'en.wikipedia.org' -> 'en.m.wikipedia.org'.
Analyzer,Info,2024-03-03 15:59:23,STIX Download,,iMazing,2024-03-03 15:59:23,STIX file downloaded from 'https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2'.
Analyzer,Info,2024-03-03 15:59:23,STIX Download,,iMazing,2024-03-03 15:59:23,STIX file downloaded from 'https://raw.githubusercontent.com/mvt-project/mvt-indicators/main/intellexa_predator/predator.stix2'.
Analyzer,Info,2024-03-03 15:59:23,STIX Download,,iMazing,2024-03-03 15:59:23,STIX file downloaded from 'https://raw.githubusercontent.com/mvt-project/mvt-indicators/main/2022-06-23_rcs_lab/rcs.stix2'.
Analyzer,Info,2024-03-03 15:59:24,STIX Download,,iMazing,2024-03-03 15:59:24,STIX file downloaded from 'https://raw.githubusercontent.com/A...indicators/master/generated/stalkerware.stix2'.
Analyzer,Info,2024-03-03 15:59:24,STIX Download,,iMazing,2024-03-03 15:59:24,STIX file downloaded from 'https://raw.githubusercontent.com/D...2023-04-11_KingsPawn-QuaDream/kingspawn.stix2'.
Analyzer,Info,2024-03-03 15:59:25,STIX Download,,iMazing,2024-03-03 15:59:25,STIX file downloaded from 'https://raw.githubusercontent.com/m...n_triangulation/operation_triangulation.stix2'.
Analyzer,Info,2024-03-03 16:51:56,Device Backup,,iMazing,2024-03-03 16:51:56,Backup completed.
Analyzer,Info,2024-03-03 16:51:56,Backup Parsing,,iMazing,2024-03-03 16:51:56,Backup parsed.
Analyzer,Info,2024-03-03 16:51:56,Backup Extraction,,Messages,2024-03-03 16:51:56,'HomeDomain/Library/SMS/sms.db' extracted successfully.
Analyzer,Info,2024-03-03 16:51:56,Analysis,,Messages,2024-03-03 16:51:56,Analyzing 364 messages.
Analyzer,Warning,2024-03-03 16:51:57,Analysis,,Messages,2024-03-03 16:51:57,Cannot expand shortened URL: https://bit.ly/3dJHxrD (ChilkatLog: - SynchronousRequest: - DllDate: Nov 18 2022 - ChilkatVersion: 9.5.0.93 - UnlockPrefix: DGDNAS.CB4102024 - Architecture: Little Endian; 64-bit - Language: Visual C++ 2019 / x64 - VerboseLogging: 0 - domain: bit.ly - port: 443 - ssl: True - originallySetFromUrl: https://bit.ly/3dJHxrD - httpRequest: - httpVersion: 1.1 - verb: HEAD - path: /3dJHxrD - contentType: - charset: utf-8 - sendCharset: 1 - mimeHeader: - --httpRequest - Component successfully unlocked using purchased unlock code. - fullRequest: - a_synchronousRequest: - generateRequestHeader: - sbHost0: bit.ly - httpRequestGenStartLine: - genStartLine: - startLine: HEAD /3dJHxrD HTTP/1.1 - --genStartLine - --httpRequestGenStartLine - --generateRequestHeader - fullHttpRequest: - domain: bit.ly - port: 443 - ssl: True - openHttpConnection: - Opening connection directly to HTTP server. - httpHostname: bit.ly - httpPort: 443 - tls: True - socket2Connect: - connect2: - connectImplicitSsl: - clientHandshake: - clientHandshake2: - reuseSession_ifPossible: False - haveSessionInfo: False - --clientHandshake2 - --clientHandshake - --connectImplicitSsl - --connect2 - --socket2Connect - HTTPS secure channel established. - --openHttpConnection - connectTime: Elapsed time: 297 millisec - sendRequestHeader: - sendHeaderElapsedMs: 0 - --sendRequestHeader - statusCode: 410 - statusText: Gone - --fullHttpRequest - success: 1 - --a_synchronousRequest - success: True - --fullRequest - totalTime: Elapsed time: 437 millisec - Success. - --SynchronousRequest - --ChilkatLog - )
Analyzer,Info,2024-03-03 16:51:58,Backup Extraction,,Messages Attachments,2024-03-03 16:51:58,'HomeDomain/Library/SMS/sms.db' extracted successfully.
Analyzer,Info,2024-03-03 16:51:58,Analysis,,Messages Attachments,2024-03-03 16:51:58,No message attachments to analyze.
Analyzer,Info,2024-03-03 16:51:59,Backup Extraction,,Calendar,2024-03-03 16:51:59,'HomeDomain/Library/Calendar/Calendar.sqlitedb' extracted successfully.
Analyzer,Info,2024-03-03 16:51:59,Analysis,,Calendar,2024-03-03 16:51:59,Analyzing 28 calendat items.
Analyzer,Info,2024-03-03 16:52:00,Backup Extraction,,WhatsApp,2024-03-03 16:52:00,'AppDomainGroup-group.net.whatsapp.WhatsApp.shared/ChatStorage.sqlite' extracted successfully.
Analyzer,Info,2024-03-03 16:52:00,Analysis,,WhatsApp,2024-03-03 16:52:00,Analyzing 3122 WhatsApp messages.
Analyzer,Info,2024-03-03 16:52:01,Analysis,,WhatsApp,2024-03-03 16:52:01,Analyzing 3129 WhatsApp attachments
Analyzer,Info,2024-03-03 16:52:03,Backup Extraction,,Call History,2024-03-03 16:52:03,'HomeDomain/Library/CallHistoryDB/CallHistory.storedata' extracted successfully.
Analyzer,Info,2024-03-03 16:52:03,Analysis,,Call History,2024-03-03 16:52:03,Analyzing 200 calls.
Analyzer,Info,2024-03-03 16:52:04,Backup Extraction,,Safari History,2024-03-03 16:52:04,'HomeDomain/Library/Safari/History.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:04,Analysis,,Safari History,2024-03-03 16:52:04,Analyzing 4912 Safari history entries.
Analyzer,Info,2024-03-03 16:52:34,Backup Extraction,,Safari Browser State,2024-03-03 16:52:34,'HomeDomain/Library/Safari/BrowserState.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:34,Analysis,,Safari Browser State,2024-03-03 16:52:34,Analyzing 15 Safari sessions.
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.alibaba.sourcing/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,No WebKit observations to analyze in 'Alibaba.com' (com.alibaba.sourcing).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.MailCompositionService/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,No WebKit observations to analyze in 'com.apple.MailCompositionService' (com.apple.MailCompositionService).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.Music/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,No WebKit observations to analyze in 'Musica' (com.apple.Music).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.mobilemail/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,Analyzing 3 WebKit observations in 'Mail' (com.apple.mobilemail).
Analyzer,Info,2024-03-03 16:52:39,Backup Extraction,,WebKit Observations,2024-03-03 16:52:39,'AppDomain-com.apple.mobilesafari/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:39,Analysis,,WebKit Observations,2024-03-03 16:52:39,Analyzing 927 WebKit observations in 'Safari' (com.apple.mobilesafari).
Analyzer,Warning,2024-03-03 16:52:41,Analysis,,WebKit Observations,2024-03-03 16:52:41,"Cannot expand shortened URL: https://t.co/ (redirect URL is empty, this shortned URL is probably expired)"
Analyzer,Info,2024-03-03 16:52:45,Backup Extraction,,WebKit Observations,2024-03-03 16:52:45,'AppDomain-com.burbn.instagram/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:45,Analysis,,WebKit Observations,2024-03-03 16:52:45,Analyzing 975 WebKit observations in 'Instagram' (com.burbn.instagram).
Analyzer,Warning,2024-03-03 16:52:47,Analysis,,WebKit Observations,2024-03-03 16:52:47,"Cannot expand shortened URL: https://t.co/ (redirect URL is empty, this shortned URL is probably expired)"
Analyzer,Warning,2024-03-03 16:52:51,Analysis,,WebKit Observations,2024-03-03 16:52:51,Cannot expand shortened URL: https://forms.gle/ (ChilkatLog: - SynchronousRequest: - DllDate: Nov 18 2022 - ChilkatVersion: 9.5.0.93 - UnlockPrefix: DGDNAS.CB4102024 - Architecture: Little Endian; 64-bit - Language: Visual C++ 2019 / x64 - VerboseLogging: 0 - domain: forms.gle - port: 443 - ssl: True - originallySetFromUrl: https://forms.gle/ - httpRequest: - httpVersion: 1.1 - verb: HEAD - path: / - contentType: - charset: utf-8 - sendCharset: 1 - mimeHeader: - --httpRequest - Component successfully unlocked using purchased unlock code. - fullRequest: - a_synchronousRequest: - generateRequestHeader: - sbHost0: forms.gle - httpRequestGenStartLine: - genStartLine: - startLine: HEAD / HTTP/1.1 - --genStartLine - --httpRequestGenStartLine - --generateRequestHeader - fullHttpRequest: - domain: forms.gle - port: 443 - ssl: True - openHttpConnection: - Opening connection directly to HTTP server. - httpHostname: forms.gle - httpPort: 443 - tls: True - socket2Connect: - connect2: - connectImplicitSsl: - clientHandshake: - clientHandshake2: - reuseSession_ifPossible: False - haveSessionInfo: False - --clientHandshake2 - --clientHandshake - --connectImplicitSsl - --connect2 - --socket2Connect - HTTPS secure channel established. - --openHttpConnection - connectTime: Elapsed time: 47 millisec - sendRequestHeader: - sendHeaderElapsedMs: 0 - --sendRequestHeader - statusCode: 400 - statusText: Bad Request - --fullHttpRequest - success: 1 - --a_synchronousRequest - success: True - --fullRequest - totalTime: Elapsed time: 235 millisec - Success. - --SynchronousRequest - --ChilkatLog - )
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.earlystudio.esound/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,Analyzing 31 WebKit observations in 'eSound' (com.earlystudio.esound).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.Gmail/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,Analyzing 3 WebKit observations in 'Gmail' (com.google.Gmail).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.Maps/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,No WebKit observations to analyze in 'Google Maps' (com.google.Maps).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.b612/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,No WebKit observations to analyze in 'Google Earth' (com.google.b612).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.google.ios.youtube/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,No WebKit observations to analyze in 'YouTube' (com.google.ios.youtube).
Analyzer,Info,2024-03-03 16:52:52,Backup Extraction,,WebKit Observations,2024-03-03 16:52:52,'AppDomain-com.investing.app/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:52,Analysis,,WebKit Observations,2024-03-03 16:52:52,Analyzing 94 WebKit observations in 'Investing.com' (com.investing.app).
Analyzer,Info,2024-03-03 16:52:53,Backup Extraction,,WebKit Observations,2024-03-03 16:52:53,'AppDomain-com.linkedin.LinkedIn/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:53,Analysis,,WebKit Observations,2024-03-03 16:52:53,Analyzing 169 WebKit observations in 'LinkedIn' (com.linkedin.LinkedIn).
Analyzer,Info,2024-03-03 16:52:54,Backup Extraction,,WebKit Observations,2024-03-03 16:52:54,'AppDomain-com.microsoft.math/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:54,Analysis,,WebKit Observations,2024-03-03 16:52:54,Analyzing 4 WebKit observations in 'Math' (com.microsoft.math).
Analyzer,Info,2024-03-03 16:52:54,Backup Extraction,,WebKit Observations,2024-03-03 16:52:54,'AppDomain-com.microsoft.msedge/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:52:54,Analysis,,WebKit Observations,2024-03-03 16:52:54,Analyzing 867 WebKit observations in 'Edge' (com.microsoft.msedge).
Analyzer,Warning,2024-03-03 16:52:55,Analysis,,WebKit Observations,2024-03-03 16:52:55,"Cannot expand shortened URL: https://t.co/ (redirect URL is empty, this shortned URL is probably expired)"
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-com.plus500.plus500/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 14 WebKit observations in 'Plus500' (com.plus500.plus500).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-com.skype.skype/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 31 WebKit observations in 'Skype' (com.skype.skype).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-com.wikiloc.wikiloc/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,No WebKit observations to analyze in 'Wikiloc' (com.wikiloc.wikiloc).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-it.bancamediolanum.imedfullclient/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 43 WebKit observations in 'Mediolanum' (it.bancamediolanum.imedfullclient).
Analyzer,Info,2024-03-03 16:53:00,Backup Extraction,,WebKit Observations,2024-03-03 16:53:00,'AppDomain-tv.twitch/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:00,Analysis,,WebKit Observations,2024-03-03 16:53:00,Analyzing 2 WebKit observations in 'Twitch' (tv.twitch).
Analyzer,Info,2024-03-03 16:53:01,Analysis,,Configuration Profiles,2024-03-03 16:53:01,No configuration profile to analyze.
Analyzer,Info,2024-03-03 16:53:02,Property List Dictionary Is Empty,,ID Status Cache,2024-03-03 16:53:02,'HomeDomain/Library/Preferences/com.apple.identityservices.idstatuscache.plist' is empty since iOS 14.7.
Analyzer,Info,2024-03-03 16:53:03,Backup Extraction,,InteractionC,2024-03-03 16:53:03,'HomeDomain/Library/CoreDuet/People/interactionC.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:03,Analysis,,InteractionC,2024-03-03 16:53:03,Analyzing 617 interactions.
Analyzer,Info,2024-03-03 16:53:03,Backup Extraction,,InteractionC Attachment,2024-03-03 16:53:03,'HomeDomain/Library/CoreDuet/People/interactionC.db' extracted successfully.
Analyzer,Info,2024-03-03 16:53:03,Analysis,,InteractionC Attachment,2024-03-03 16:53:03,Analyzing 1 interaction attachments.
Analyzer,Info,2024-03-03 16:53:04,Backup Extraction,,Data Usage,2024-03-03 16:53:04,'WirelessDomain/Library/Databases/DataUsage.sqlite' extracted successfully.
Analyzer,Info,2024-03-03 16:53:04,Analysis,,Data Usage,2024-03-03 16:53:04,Analyzing 2000 processes.
Analyzer,Info,2024-03-03 16:53:05,Backup Extraction,,OS Analytics,2024-03-03 16:53:05,'HomeDomain/Library/Preferences/com.apple.osanalytics.addaily.plist' extracted successfully.
Analyzer,Info,2024-03-03 16:53:05,Analysis,,Backup Filenames,2024-03-03 16:53:05,Analyzing 3606 domains in 19270 backup filenames.
Messaggio unito automaticamente:
ho eliminato la cronologia e rimangono questi due avvisi
Type,Severity,Time (UTC),Event,Malware,Analyzer Module,Analyzer Time (UTC),Description
Device,Critical,2024-02-26 16:58:00,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 19:16:27,WebKit access to 'mspy.com' from app: 'Edge' (com.microsoft.msedge).
Device,Critical,2024-02-26 16:58:30,Indicator Match - Domain,mSpy,WebKit Observations,2024-03-03 19:16:27,WebKit access to 'mspy.it' from app: 'Edge' (com.microsoft.msedge). alcuni avvisi erano dovuti al fatto che avessi fatto delle ricerce su mycellspy ed eliminando la cronologia sono andati via ma rimangono questi due avvisi
Invece le tecniche sono tutte diverse tra loro. Appunto per la segretezza di quest'industria nessuno condivide il proprio lavoro con gli altri.
A renderlo persistente sono i privilegi kernel: il servizio di sistema
rtbuddyd viene rimpiazzato da jsc, al boot caricherà un file js contenente un exploit webkit per evadere la sandbox riacquisendo i privilegi kernel e avviare l'agente ad ogni riavvio.Non lo è, come puoi vedere dalle ricerche sia pegasus che altro malware che hai ricercato dai log richiede una chain di exploit e ha mille conferme lato server, non puoi infettarti per sbaglio, soprattutto se hai l'ultima versione di iOS. Comunque serve attenzione a maneggiare il sample, se non sai cosa fai potresti fare altri danni.
DISCUSSIONI SIMILI
-
- 2
-
- 616