9r3nXPaRTa

Scan your Iphone Backup For NSO Pegasus Malware

Sep 19th, 2021
989
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2.  
  3. # Refer to https://arkadiyt.com/2021/07/25/scanning-your-iphone-for-nso-group-pegasus-malware/
  4.  
  5.  
  6. # Install Mobile VerificationToolkit
  7. git clone https://github.com/mvt-project/mvt.git
  8. cd mvt
  9. docker build -t mvt .
  10.  
  11. #Install latest libimobiledevice, backup tool
  12. brew install --HEAD libimobiledevice
  13.  
  14. # Make a working directory
  15. mkdir -p ~/Desktop/mvt
  16.  
  17. # Please plug your iPhone
  18.  
  19. # Enable backup encryption - you'll be prompted for a password
  20. idevicebackup2 -i backup encryption on
  21.  
  22. # Backup the device
  23. idevicebackup2 backup --full ~/Desktop/mvt/
  24.  
  25. # run MVT container
  26. docker run -v ~/Desktop/mvt:/home/cases/mvt -it mvt
  27.  
  28.  
  29. # commands below is run under the MVT container
  30.  
  31. # Download Amnesty International's indicators of compromise
  32. wget https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2 -O pegasus.stix2
  33.  
  34. # We'll save our results here
  35. mkdir mvt/results
  36.  
  37. # Decrypt the backup
  38. mvt-ios decrypt-backup -p '<password>' -d mvt/decrypted mvt/00008101-0018545E26F1003A/
  39.  
  40. # Scan the decrypted backup
  41. mvt-ios check-backup --iocs pegasus.stix2 --output mvt/results mvt/decrypted
RAW Paste Data