MOONSHINE and DarkNimbus in the DNS Spotlight
WhoisXML API found 460+ artifacts tied to the Earth Minotaur attack leveraging MOONSHINE and DarkNimbus. Download the threat research materials now.
Continue reading Download reportExposing 1,100+ NSO Spyware Group’s Domains, IP Addresses, and MD5 Hashes
The NSO Spyware Group’s spyware dubbed “Pegasus” is known for its ability to be covertly installed on mobile phones running different versions of Android and iOS and spy on their owners’ activities.
Pegasus was created to allow government agencies to monitor possibly illegal activities performed by citizens on their watchlists. Pegasus, however, has been widely criticized for violating people’s right to privacy and potentially targeting journalists and heads of state.1
Given the risks that Pegasus poses, WhoisXML API Security Researcher Dancho Danchev investigated 28 email addresses used by known registrants tied to the NSO Spyware Group. Danchev’s in-depth look also uncovered:
- 369 connected domains
- 82 IP addresses
- 646 MD5 hashes
Anyone, individuals and organizations alike, who do not want to get spied on through Pegasus for privacy and security reasons may want to avoid any form of contact or communication with the IoCs and artifacts featured in the report.
Get access to thousands of digital properties related to the NSO Spyware Group’s Pegasus and learn how to uncover more on your own by downloading the report.
- [1] https://www.theverge.com/22589942/nso-group-pegasus-project-amnesty-investigation-journalists-activists-targeted