API tools faq
paste
Advertisement
9r3nXPaRTa

Scan your Iphone Backup For NSO Pegasus Malware

9r3nXPaRTa
Sep 19th, 2021
1,428
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.13 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. # Refer to https://arkadiyt.com/2021/07/25/scanning-your-iphone-for-nso-group-pegasus-malware/
  4.  
  5.  
  6. # Install Mobile VerificationToolkit
  7. git clone https://github.com/mvt-project/mvt.git
  8. cd mvt
  9. docker build -t mvt .
  10.  
  11. #Install latest libimobiledevice, backup tool
  12. brew install --HEAD libimobiledevice
  13.  
  14. # Make a working directory
  15. mkdir -p ~/Desktop/mvt
  16.  
  17. # Please plug your iPhone
  18.  
  19. # Enable backup encryption - you'll be prompted for a password
  20. idevicebackup2 -i backup encryption on
  21.  
  22. # Backup the device
  23. idevicebackup2 backup --full ~/Desktop/mvt/
  24.  
  25. # run MVT container
  26. docker run -v ~/Desktop/mvt:/home/cases/mvt -it mvt
  27.  
  28.  
  29. # commands below is run under the MVT container
  30.  
  31. # Download Amnesty International's indicators of compromise
  32. wget https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2 -O pegasus.stix2
  33.  
  34. # We'll save our results here
  35. mkdir mvt/results
  36.  
  37. # Decrypt the backup
  38. mvt-ios decrypt-backup -p '<password>' -d mvt/decrypted mvt/00008101-0018545E26F1003A/
  39.  
  40. # Scan the decrypted backup
  41. mvt-ios check-backup --iocs pegasus.stix2 --output mvt/results mvt/decrypted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!