From 5ea3460c09ae864096df65c2d026b63013467ab8 Mon Sep 17 00:00:00 2001 From: tek Date: Tue, 12 Oct 2021 12:20:50 +0200 Subject: [PATCH] Minor documentation update --- docs/android/backup.md | 4 +++- docs/iocs.md | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/android/backup.md b/docs/android/backup.md index 602a505..601d492 100644 --- a/docs/android/backup.md +++ b/docs/android/backup.md @@ -22,7 +22,7 @@ adb backup -all ## Unpack the backup -In order to reliable unpack th [Android Backup Extractor (ABE)](https://github.com/nelenkov/android-backup-extractor) to convert it to a readable file format. Make sure that java is installed on your system and use the following command: +In order to unpack the backup, use [Android Backup Extractor (ABE)](https://github.com/nelenkov/android-backup-extractor) to convert it to a readable file format. Make sure that java is installed on your system and use the following command: ```bash java -jar ~/path/to/abe.jar unpack backup.ab backup.tar @@ -31,6 +31,8 @@ tar xvf backup.tar If the backup is encrypted, ABE will prompt you to enter the password. +Alternatively, [ab-decrypt](https://github.com/joernheissler/ab-decrypt) can be used for that purpose. + ## Check the backup You can then extract SMSs containing links with MVT: diff --git a/docs/iocs.md b/docs/iocs.md index 6b08020..b297b98 100644 --- a/docs/iocs.md +++ b/docs/iocs.md @@ -32,5 +32,6 @@ mvt-ios check-backup --iocs ~/iocs/malware1.stix --iocs ~/iocs/malware2.stix2 /p - The [Amnesty International investigations repository](https://github.com/AmnestyTech/investigations) contains STIX-formatted IOCs for: - [Pegasus](https://en.wikipedia.org/wiki/Pegasus_(spyware)) ([STIX2](https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2)) +- [This repository](https://github.com/Te-k/stalkerware-indicators) contains IOCs for Android stalkerware including [a STIX MVT-compatible file](https://github.com/Te-k/stalkerware-indicators/blob/master/stalkerware.stix2). Please [open an issue](https://github.com/mvt-project/mvt/issues/) to suggest new sources of STIX-formatted IOCs.