mvt-project / mvt-indicators Goto Github PK
View Code? Open in Web Editor NEWIndex and collection of MVT compatibile indicators of compromise.
License: MIT License
Index and collection of MVT compatibile indicators of compromise.
License: MIT License
Please any IOC of FirstMile?
Could the new Kaspersky detection methods be implemented in mvt? Thank you for your wonderful work. ๐
Ive detected some strange activity on my phone lately and been trying to figure it out, for a long time. I just think that maybe posting here u guys could help me out. My phone is receiving a tp-link-smarthome request and sending it to port 9999. It keeps on changing the source port but the destination remains the same just like a backdoor.
Frame 5992: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits) on interface wlan0, id 0
Section number: 1
Interface id: 0 (wlan0)
Interface name: wlan0
Encapsulation type: Ethernet (1)
Arrival Time: Mar 8, 2024 22:39:14.482624444 -03
UTC Arrival Time: Mar 9, 2024 01:39:14.482624444 UTC
Epoch Arrival Time: 1709948354.482624444
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.002034568 seconds]
[Time delta from previous displayed frame: 120.006425176 seconds]
[Time since reference or first frame: 723.581862141 seconds]
Frame Number: 5992
Frame Length: 189 bytes (1512 bits)
Capture Length: 189 bytes (1512 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:tplink-smarthome:json]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: MYPHONEMAC Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: MYPHONEMAC
Address: MYPHONEMAC
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src:MYPHONEIP Dst: 255.255.255.255
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 175
Identification: 0xb391 (45969)
010. .... = Flags: 0x2, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: UDP (17)
Header Checksum: 0xc5d3 [validation disabled]
[Header checksum status: Unverified]
Source Address:MYPHONEIP
Destination Address: 255.255.255.255
User Datagram Protocol, Src Port: 38624, Dst Port: 9999
Source Port: 38624
Destination Port: 9999
Length: 155
Checksum: 0x244e [unverified]
[Checksum Status: Unverified]
[Stream index: 249]
[Timestamps]
[Time since first frame: 120.006425176 seconds]
[Time since previous frame: 120.006425176 seconds]
UDP payload (147 bytes)
TP-Link Smart Home Protocol
Cmd: {"system":{"get_sysinfo":{}},"cnCloud":{"get_info":{}},"smartlife.iot.common.cloud":{"get_info":{}},"smartlife.cam.ipcamera.cloud":{"get_info":{}}}
JavaScript Object Notation
Object
Member: system
Object
Member: get_sysinfo
Object
Key: get_sysinfo
[Path: /system/get_sysinfo]
Key: system
[Path: /system]
Member: cnCloud
Object
Member: get_info
Object
Key: get_info
[Path: /cnCloud/get_info]
Key: cnCloud
[Path: /cnCloud]
Member: smartlife.iot.common.cloud
Object
Member: get_info
Object
Key: get_info
[Path: /smartlife.iot.common.cloud/get_info]
Key: smartlife.iot.common.cloud
[Path: /smartlife.iot.common.cloud]
Member: smartlife.cam.ipcamera.cloud
Object
Member: get_info
Object
Key: get_info
[Path: /smartlife.cam.ipcamera.cloud/get_info]
Key: smartlife.cam.ipcamera.cloud
[Path: /smartlife.cam.ipcamera.cloud]
After this I went on a quest to figure it out the destination port and found a "nobody" service listed as port 9999, no matter what I do, try to block udp traffic,tried to block this service, no matter what, it keeps coming back with different source door.
MVT - Mobile Verification Toolkit
https://mvt.re
Version: 2.1.3
Indicators updates checked recently, next automatic check in 12 hours
00:51:28 INFO [mvt.ios.cmd_check_backup] Parsing STIX2 indicators file at path
/home/jaiminho/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-07-18_nso_pegasus.stix2
INFO [mvt.ios.cmd_check_backup] Extracted 1547 indicators for collection with name "Pegasus"
INFO [mvt.ios.cmd_check_backup] Parsing STIX2 indicators file at path
/home/jaiminho/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-12-16_cytrox_cytrox.stix2
INFO [mvt.ios.cmd_check_backup] Extracted 333 indicators for collection with name "Predator"
INFO [mvt.ios.cmd_check_backup] Parsing STIX2 indicators file at path
/home/jaiminho/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2022-06-23_rcs_lab_rcs.stix2
INFO [mvt.ios.cmd_check_backup] Extracted 40 indicators for collection with name "RCSLab"
INFO [mvt.ios.cmd_check_backup] Loaded a total of 1920 unique indicator
update - thx for reply
Hello frinds, is there a like a deadline or any news regarding an update on celebritte ufed indicators? Brazilian army bought this software and when asked why, they did not specify its reasons.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.