{
	"id": "acaa2644-eef2-4426-b052-43ca8679cf62",
	"created_at": "2026-04-06T00:14:45.215998Z",
	"updated_at": "2026-04-10T03:22:09.154032Z",
	"deleted_at": null,
	"sha1_hash": "120fe06dcf14d218ff3dc492e7a590ef363cc6cd",
	"title": "investigations/2021-07-18_nso at master · AmnestyTech/investigations",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42238,
	"plain_text": "investigations/2021-07-18_nso at master ·\r\nAmnestyTech/investigations\r\nBy DonnchaC\r\nArchived: 2026-04-05 19:37:49 UTC\r\nNSO Group Pegasus Indicator of Compromise\r\nThis repository contains network and device indicators of compromised related to NSO Group's Pegasus spyware.\r\nThese indicators are a result of multiple investigations by the Amnesty International Security Lab and other\r\npartners. Additional technical information was collected as part of a collaborative investigation, the Pegasus\r\nProject coordinated by Forbidden Stories and involving a global network of investigative journalists.\r\nAmnesty International has released a Technical Methodology report which outlines how to use these indicators to\r\nhunt for Pegasus and other mobile spyware products. The Amnesty International Security Lab is also releasing an\r\nopen-source tool, the Mobile Verification Toolkit (MVT). MVT can be used with the the pegasus.stix2 indicators\r\nto check a devices for potential signs of compromise with Pegasus spyware.\r\nThese indicators include:\r\ndomains.txt : list of all Pegasus-related domains, with sub-files:\r\nv2_domains.txt : list of Pegasus Version 2 infrastructure. These domains were identifed and published\r\npreviously by Citizen Lab\r\nv3_domains.txt : list of Pegasus Version 3 infrastructure\r\nv4_domains.txt : list of Pegasus Version 4 infrastructure\r\nv4_validation_domains.txt : list of Pegasus Version 4 validation/URL shortener domains\r\nemails.txt : list of iCloud accounts used for exploiting zero-click vulnerabilities in iMessage and other\r\nApple apps\r\nfiles.txt : list of suspicious files\r\npegasus.stix2 : STIX v2 file containing IOCs that can be used with MVT\r\nprocesses.txt : list of Pegasus-related process names identified on compromised phones\r\nSource: https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso\r\nhttps://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso"
	],
	"report_names": [
		"2021-07-18_nso"
	],
	"threat_actors": [],
	"ts_created_at": 1775434485,
	"ts_updated_at": 1775791329,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/120fe06dcf14d218ff3dc492e7a590ef363cc6cd.pdf",
		"text": "https://archive.orkl.eu/120fe06dcf14d218ff3dc492e7a590ef363cc6cd.txt",
		"img": "https://archive.orkl.eu/120fe06dcf14d218ff3dc492e7a590ef363cc6cd.jpg"
	}
}