Incorportate and augment tinycheck's IOC

AssoEchap / stalkerware-indicators

Indicators of stalkerware apps

258 stars 42 forks source link

Incorportate and augment tinycheck's IOC #78

Closed jvoisin closed 2 years ago

jvoisin commented 2 years ago

We should check what domains are present in Tinycheck and missing in our ioc file, and augment the later with the former.

curl https://raw.githubusercontent.com/KasperskyLab/TinyCheck/main/assets/iocs.json |  jq '.iocs[] | select (.tag =="stalkerware" ) | select (.type=="domain" )

Te-k commented 2 years ago

Here is what is missing :

{'id': 1960, 'type': 'domain', 'tag': 'stalkerware', 'tlp': 'white', 'value': 'geozilla.com'}
{'id': 1961, 'type': 'domain', 'tag': 'stalkerware', 'tlp': 'white', 'value': 'life360.com'}
{'id': 1962, 'type': 'domain', 'tag': 'stalkerware', 'tlp': 'white', 'value': 'zoemob.com'}

Te-k commented 2 years ago

Done

jvoisin commented 2 years ago

Do we want some kind of monitoring, to ensure that we're not missing any?

Te-k commented 2 years ago

Yes, let's do that !