Bump to 1.4.0 to skip previously used PyPi versions

Bump version to v1.3.2
Bug fixes for config profile and shortcut module
2026-02-15 01:52:45 +00:00 · 2021-12-17 12:52:06 +01:00 · 2021-12-17 12:24:41 +01:00 · 2021-12-16 22:58:36 +01:00 · 2021-12-16 21:01:56 +01:00
4 changed files with 13 additions and 2 deletions
--- a/docs/iocs.md
+++ b/docs/iocs.md
@@ -38,6 +38,7 @@ export MVT_STIX2="/home/user/IOC1.stix2:/home/user/IOC2.stix2"

 - The [Amnesty International investigations repository](https://github.com/AmnestyTech/investigations) contains STIX-formatted IOCs for:
    - [Pegasus](https://en.wikipedia.org/wiki/Pegasus_(spyware)) ([STIX2](https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2))
+    - [Predator from Cytrox](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/) ([STIX2](https://github.com/AmnestyTech/investigations/tree/master/2021-12-16_cytrox/cytrox.stix2))
 - [This repository](https://github.com/Te-k/stalkerware-indicators) contains IOCs for Android stalkerware including [a STIX MVT-compatible file](https://github.com/Te-k/stalkerware-indicators/blob/master/stalkerware.stix2).

 Please [open an issue](https://github.com/mvt-project/mvt/issues/) to suggest new sources of STIX-formatted IOCs.
--- a/mvt/common/version.py
+++ b/mvt/common/version.py
@@ -6,7 +6,7 @@
 import requests
 from packaging import version

-MVT_VERSION = "1.3.1"
+MVT_VERSION = "1.4.0"


 def check_for_updates():
--- a/mvt/ios/modules/backup/configuration_profiles.py
+++ b/mvt/ios/modules/backup/configuration_profiles.py
@@ -4,6 +4,7 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/

+import os
 import plistlib
 from base64 import b64encode
 from mvt.common.utils import convert_timestamp_to_iso
@@ -25,11 +26,14 @@ class ConfigurationProfiles(IOSExtraction):
    def serialize(self, record):
        if not record["install_date"]:
            return
+
+        payload_name = record['plist'].get('PayloadDisplayName')
+        payload_description = record['plist'].get('PayloadDescription')
        return {
            "timestamp": record["install_date"],
            "module": self.__class__.__name__,
            "event": "configuration_profile_install",
-            "data": f"{record['plist']['PayloadType']} installed: {record['plist']['PayloadUUID']} - {record['plist']['PayloadDisplayName']}: {record['plist']['PayloadDescription']}"
+            "data": f"{record['plist']['PayloadType']} installed: {record['plist']['PayloadUUID']} - {payload_name}: {payload_description}"
        }

    def check_indicators(self):
@@ -54,6 +58,11 @@ class ConfigurationProfiles(IOSExtraction):

    def run(self):
        for conf_file in self._get_backup_files_from_manifest(domain=CONF_PROFILES_DOMAIN):
+            conf_rel_path = conf_file["relative_path"]
+            # Filter out all configuration files that are not configuration profiles.
+            if not conf_rel_path or not os.path.basename(conf_rel_path).startswith("profile-"):
+                continue
+
            conf_file_path = self._get_backup_file_from_id(conf_file["file_id"])
            if not conf_file_path:
                continue
--- a/mvt/ios/modules/mixed/shortcuts.py
+++ b/mvt/ios/modules/mixed/shortcuts.py
@@ -55,6 +55,7 @@ class Shortcuts(IOSExtraction):
        self.log.info("Found Shortcuts database at path: %s", self.file_path)

        conn = sqlite3.connect(self.file_path)
+        conn.text_factory = bytes
        cur = conn.cursor()
        cur.execute("""
              SELECT
Author	SHA1	Message	Date
Donncha Ó Cearbhaill	8f88f872df	Bump to 1.4.0 to skip previously used PyPi versions	2021-12-17 12:52:06 +01:00
Donncha Ó Cearbhaill	2d16218489	Bump version to v1.3.2	2021-12-17 12:24:41 +01:00
Donncha Ó Cearbhaill	3215e797ec	Bug fixes for config profile and shortcut module	2021-12-16 22:58:36 +01:00
Donncha Ó Cearbhaill	e65a598903	Add link to Cytrox indicators of compromise in docs	2021-12-16 21:01:56 +01:00