OSINT - Cytrox Spyware Indicators of Compromise
OSINT - Cytrox Spyware Indicators of Compromise
AI Analysis
Technical Summary
The provided information pertains to OSINT (Open Source Intelligence) indicators of compromise related to Cytrox spyware, a surveillance malware family. Cytrox spyware is known to be used for targeted surveillance operations, often by state-sponsored actors. This particular entry is an OSINT report from CIRCL, dated January 30, 2022, describing indicators of compromise (IOCs) associated with Cytrox spyware. The report does not specify affected software versions or detailed technical indicators, and no known exploits in the wild are reported. The threat level is marked as '3' with an analysis score of '2', indicating moderate concern but limited confirmed impact or exploitation. Cytrox spyware typically targets mobile devices and is capable of extensive data exfiltration, including access to communications, location data, and device sensors. The lack of detailed technical data or patches suggests this is an intelligence report rather than a vulnerability advisory. The certainty of the information is moderate (50%), and the threat is categorized as low severity by the source. The spyware is linked to surveillance vendors, indicating its use in espionage or intelligence gathering rather than widespread cybercrime. Overall, this OSINT report highlights the presence and potential indicators of Cytrox spyware infections but does not provide actionable technical details or evidence of active exploitation campaigns at the time of publication.
Potential Impact
For European organizations, the primary impact of Cytrox spyware would be on confidentiality and privacy, especially for entities involved in sensitive communications, such as government agencies, diplomatic missions, journalists, human rights organizations, and critical infrastructure operators. The spyware's ability to exfiltrate sensitive data could lead to espionage, loss of intellectual property, and compromise of personal data. Although no widespread exploitation is reported, targeted attacks could undermine trust in mobile communications and pose risks to national security and privacy compliance under GDPR. The low reported severity and absence of known exploits suggest limited immediate risk to the broader European enterprise environment. However, high-value targets within Europe could face significant consequences if infected, including reputational damage and operational disruption. The spyware's stealthy nature complicates detection and remediation, increasing the potential long-term impact if infections go unnoticed.
Mitigation Recommendations
Given the lack of specific technical indicators or patches, mitigation should focus on proactive detection and prevention strategies tailored to spyware threats like Cytrox. European organizations should: 1) Implement advanced mobile threat defense solutions capable of detecting spyware behaviors and anomalies on mobile devices. 2) Enforce strict mobile device management (MDM) policies, including restricting installation of untrusted applications and enforcing regular security updates. 3) Conduct threat hunting exercises using available OSINT indicators and behavioral analytics to identify potential infections. 4) Educate users on phishing and social engineering tactics commonly used to deliver spyware payloads. 5) Collaborate with national cybersecurity centers and intelligence agencies to share threat intelligence and receive updated IOCs. 6) Employ network monitoring to detect unusual outbound traffic patterns indicative of data exfiltration. 7) Regularly audit and harden mobile device configurations, including disabling unnecessary sensors or permissions that spyware could exploit. These measures go beyond generic advice by focusing on mobile-specific defenses and intelligence sharing, critical for combating sophisticated spyware threats like Cytrox.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Belgium, Netherlands, Poland
Indicators of Compromise
- domain: koenigseggg.com
- domain: bitlly.live
- domain: newslive2.xyz
- domain: uberegypt.cn.com
- domain: yuom7.net
- domain: connectivitycheck.online
- domain: webaffise.com
- domain: ffoxnewz.com
- domain: miniiosapps.xyz
- domain: audit-pvv.com
- domain: orangegypt.co
- domain: youarefired.xyz
- domain: aramexegypt.com
- domain: mozillaupdate.xyz
- domain: safelyredirecting.digital
- domain: mycoffeeshop.shop
- domain: bookjob.club
- domain: youtubewatch.co
- domain: download4you.xyz
- domain: cyber.country
- domain: itcgr.live
- domain: getsignalapps.live
- domain: clockupdate.com
- domain: updateservice.center
- domain: crashonline.site
- domain: speedymax.shop
- domain: safelyredirecting.com
- domain: lylink.online
- domain: ferrari.gr.com
- domain: telecomegy-ads.com
- domain: tw.itter.me
- domain: instagam.click
- domain: distedc.com
- domain: alraeesnews.net
- domain: bitlinkin.xyz
- domain: ewish.cards
- domain: sniper.pet
- domain: wtc1111.com
- domain: newsbeast.gr.com
- domain: in-politics.com
- domain: wtc2222.com
- domain: icloudflair.com
- domain: omanreal.net
- domain: lexpress.me
- domain: chatwithme.store
- domain: link-m.xyz
- domain: efsyn.online
- domain: mitube1.link
- domain: updete.xyz
- domain: weathersite.online
- domain: llinkedin.net
- domain: api-telecommunication.com
- domain: 2y4nothing.xyz
- domain: updates4you.xyz
- domain: fastuploads.xyz
- domain: kormoran.bid
- domain: jquery-updater.xyz
- domain: synctimestamp.com
- domain: bmw.gr.com
- domain: insider.gr.com
- domain: smsuns.com
- domain: uservicescheck.com
- domain: connectivitycheck.live
- domain: newzeto.xyz
- domain: hellasjournal.website
- domain: danas.bid
- domain: enikos.news
- domain: nabd.site
- domain: quickupdates.xyz
- domain: trecv.xyz
- domain: we-site.net
- domain: getsignalapps.com
- domain: bi.tly.gr.com
- domain: kinder.engine.ninja
- domain: nemshi-news.live
- domain: yo.utube.to
- domain: instagam.in
- domain: svetovid.bid
- domain: vodafoneegypt.tech
- domain: cellconn.net
- domain: solargroup.xyz
- domain: youtubesyncapi.com
- domain: ancienthistory.xyz
- domain: goldenscint.com
- domain: speedygonzales.xyz
- domain: liponals.store
- domain: altsantiri.news
- domain: viva.gr.com
- domain: sinai-new.com
- domain: eagerfox.xyz
- domain: weathear.live
- domain: adibjan.net
- domain: alpineai.uk
- domain: livingwithbadkidny.xyz
- domain: espressonews.gr.com
- domain: olexegy.com
- domain: blacktrail.xyz
- domain: yout.ube.gr.com
- domain: leanwithme.xyz
- domain: apps-ios.net
- domain: bi.tly.link
- domain: fbc8213450838f7ae251d4519c195138.xyz
- domain: fisherman.engine.ninja
- domain: politique-koaci.info
- domain: adultpcz.xyz
- domain: youtube.gr.live
- domain: yallakora-egy.com
- domain: android-apps.tech
- domain: instagam.photos
- domain: flexipagez.com
- domain: ereportaz.news
- domain: kohaicorp.com
- domain: md-news-direct.com
- domain: worldnws.xyz
- domain: landingpge.xyz
- domain: etisalatgreen.com
- domain: lamborghini-s.shop
- domain: nemshi-news.xyz
- domain: teslal.shop
- domain: hellasjournal.company
- domain: bbcsworld.com
- domain: fireup.xyz
- domain: goldenscent.net
- domain: youtu-be.net
- domain: trkc.online
- domain: niceonesa.net
- domain: api-apple-buy.com
- domain: mifcbook.link
- domain: symoty.com
- domain: cut.red
- domain: dragonair.xyz
- domain: updatetime.zone
- domain: shortenurls.me
- domain: qwxzyl.com
- domain: invoker.icu
- domain: nassosblog.gr.com
- domain: youtube.voto
- domain: hopnope.xyz
- domain: myutbe.net
- domain: shortmee.one
- domain: almasryelyuom.com
- domain: youtub.app
- domain: elpais.me
- domain: actumali.org
- domain: bit-li.ws
- domain: fimes.gr.com
- domain: ps2link.xyz
- domain: tribune-mg.xyz
- domain: bumabara.bid
- domain: simetricode.uk
- domain: ps1link.xyz
- domain: hellottec.art
- domain: stonisi.news
- domain: xf.actor
- domain: ikea-egypt.net
- domain: bit-ly.link
- domain: tly.link
- domain: nikjol.xyz
- domain: egyqaz.com
- domain: ios-apps.store
- domain: serviceupdaterequest.com
- domain: tovima.live
- domain: wha.tsapp.me
- domain: businesnews.net
- domain: tiol.xyz
- domain: mobnetlink1.com
- domain: shortxyz.com
- domain: ube.gr.com
- domain: teslali.com
- domain: iibt.xyz
- domain: kranos.gr.com
- domain: solargoup.xyz
- domain: carrefourmisr.com
- domain: 5m5.io
- domain: pronews.gr.com
- domain: shortwidgets.com
- domain: pocopoc.xyz
- domain: charmander.xyz
- domain: enigmase.xyz
- domain: xnxx-hub.com
- domain: proupload.xyz
- domain: cloudstatistics.net
- domain: burgerprince.us
- domain: infosms-a.site
- domain: heiiasjournai.com
- domain: citroen.gr.com
- domain: ebill.cosmote.center
- domain: ckforward.one
- domain: syncupdate.site
- domain: shortely.xyz
- domain: canyouc.xyz
- domain: suzuki.gr.com
- domain: makeitshort.xyz
- domain: amazing.lab
- domain: protothema.live
- domain: tinyurl.cloud
- domain: conlnk.one
- domain: timeupdate.xyz
- domain: localegem.net
- domain: tesla-s.shop
- domain: bityl.me
- domain: xyvok.xyz
- domain: wtc3333.com
- domain: itly.link
- domain: heaven.army
- domain: pdfviewer.app
- domain: teslal.xyz
- domain: nemshi.net
- domain: bank-alahly.com
- domain: syncservices.one
- domain: sportsnewz.site
- domain: bit-ly.org
- domain: newzgroup.xyz
- domain: guardian-tt.me
- domain: zougla.news
- domain: wavekli.xyz
- domain: fastdownload.me
- domain: iosmnbg.com
- domain: oilgy.xyz
- domain: linkit.cloud
- domain: url-tiny.app
- domain: vodafonegypt.com
- domain: cbbc01.xyz
- domain: goldescent.com
- domain: bitlyrs.com
- domain: niceonase.com
- domain: link-protection.com
- domain: connectivitychecker.com
- domain: url-promo.club
- domain: forwardeshoptt.com
- domain: uservicesforyou.com
- domain: playestore.net
- domain: advertsservices.com
- domain: servers-mobile.info
- domain: mobnetlink2.com
- domain: guardnew.live
- domain: sepenet.gr.com
- domain: z2adigital.cloud
- domain: instegram.co
- domain: browsercheck.services
- domain: static-graph.com
- domain: cnn.gr.com
- domain: shorten.fi
- domain: celebrnewz.xyz
- domain: lifestyleshops.net
- domain: pastepast.net
- domain: snapfire.xyz
- domain: omeega.xyz
- domain: koora-egypt.com
- domain: etisalategypt.tech
- domain: yo.utube.digital
- domain: sextape225.me
- domain: supportset.net
- domain: getupdatesnow.xyz
- domain: prmopromo.com
- domain: ilnk.xyz
- domain: tsrt.xyz
- domain: affise.app
- domain: telenorconn.com
- domain: mobnetlink3.com
- domain: zougla.gr.com
- domain: myfcbk.net
- domain: z2a.digital
- domain: engine.ninja
- domain: gosokm.com
- domain: z2digital.cloud
- domain: utube.digital
- domain: mlinks.ws
- domain: redeitt.com
- domain: updatingnews.xyz
- domain: limk.one
- domain: nissan.gr.com
- domain: sports-mdg.xyz
- domain: politika.bid
- domain: sephoragroup.com
- domain: msas.ws
- domain: orchomenos.news
- domain: mywebsitevpstest.xyz
- domain: novosti.bid
- domain: twtter.net
- domain: nabde.app
- domain: addons.news
- domain: lexpress-mg.xyz
- domain: redirecting.live
- domain: mytrips.quest
- domain: bitt.fi
- domain: landingpg.xyz
- domain: lnkedin.org
- domain: linktothisa.xyz
- domain: adservices.gr.com
- domain: timestampsync.com
- domain: olxeg.com
- domain: bit-li.com
- domain: weathernewz.xyz
- domain: linkit.digital
- domain: onlineservices.gr.com
- domain: guardnews.live
- domain: trecvf.xyz
- domain: speedy.sbs
- domain: advfb.xyz
- domain: qwert.xyz
- domain: alraeeenews.com
- domain: sitepref.xyz
- domain: covid19masks.shop
- domain: tly.gr.com
- domain: cloudtimesync.com
- domain: tinylinks.live
- domain: itter.me
- domain: bity.ws
- domain: tgrthgsrgwrthwrtgwr.xyz
- domain: icloudeu.com
- domain: otaupdatesios.com
- domain: applepps.com
- domain: paok-24.com
- domain: inservices.digital
- domain: tinyulrs.com
- domain: tiny.gr.com
- domain: networkenterprise.net
- domain: timeupdateservice.com
- domain: kathimerini.news
- domain: atheere.com
- domain: hempower.shop
- domain: eg-gov.org
- file: /data/local/tmp/wd/
- file: /data/local/tmp/wd/fs.db
- file: /private/var/tmp/hooker
- file: /private/var/tmp/takePhoto
- file: /private/var/tmp/UserEventAgent
- file: /private/var/tmp/com.apple.WebKit.Networking
- text: STIX 2.1
- stix2-pattern: [configuration-profile:id='76DAB334-7E17-475D-A5D6-0794EB5818A5']
- file: cytrox.stix2
- text: STIX 2.0
- link: https://github.com/AmnestyTech/investigations/tree/master/2021-12-16_cytrox
- text: This repository contains network and device indicators of compromised (IoCs) related to the IOS and Android spyware tools developed by the cyber-surveillance company Cytrox. These indicators were first published in December 2021 by Meta in their Threat Report on the Surveillance-for-Hire Industry and by Citizen Lab in their report Pegasus vs. Predator - Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware. Additional indicators of compromise were identified by the Amnesty Tech Security Lab as part of an independent investigation.
- text: Report
OSINT - Cytrox Spyware Indicators of Compromise
Description
OSINT - Cytrox Spyware Indicators of Compromise
AI-Powered Analysis
Technical Analysis
The provided information pertains to OSINT (Open Source Intelligence) indicators of compromise related to Cytrox spyware, a surveillance malware family. Cytrox spyware is known to be used for targeted surveillance operations, often by state-sponsored actors. This particular entry is an OSINT report from CIRCL, dated January 30, 2022, describing indicators of compromise (IOCs) associated with Cytrox spyware. The report does not specify affected software versions or detailed technical indicators, and no known exploits in the wild are reported. The threat level is marked as '3' with an analysis score of '2', indicating moderate concern but limited confirmed impact or exploitation. Cytrox spyware typically targets mobile devices and is capable of extensive data exfiltration, including access to communications, location data, and device sensors. The lack of detailed technical data or patches suggests this is an intelligence report rather than a vulnerability advisory. The certainty of the information is moderate (50%), and the threat is categorized as low severity by the source. The spyware is linked to surveillance vendors, indicating its use in espionage or intelligence gathering rather than widespread cybercrime. Overall, this OSINT report highlights the presence and potential indicators of Cytrox spyware infections but does not provide actionable technical details or evidence of active exploitation campaigns at the time of publication.
Potential Impact
For European organizations, the primary impact of Cytrox spyware would be on confidentiality and privacy, especially for entities involved in sensitive communications, such as government agencies, diplomatic missions, journalists, human rights organizations, and critical infrastructure operators. The spyware's ability to exfiltrate sensitive data could lead to espionage, loss of intellectual property, and compromise of personal data. Although no widespread exploitation is reported, targeted attacks could undermine trust in mobile communications and pose risks to national security and privacy compliance under GDPR. The low reported severity and absence of known exploits suggest limited immediate risk to the broader European enterprise environment. However, high-value targets within Europe could face significant consequences if infected, including reputational damage and operational disruption. The spyware's stealthy nature complicates detection and remediation, increasing the potential long-term impact if infections go unnoticed.
Mitigation Recommendations
Given the lack of specific technical indicators or patches, mitigation should focus on proactive detection and prevention strategies tailored to spyware threats like Cytrox. European organizations should: 1) Implement advanced mobile threat defense solutions capable of detecting spyware behaviors and anomalies on mobile devices. 2) Enforce strict mobile device management (MDM) policies, including restricting installation of untrusted applications and enforcing regular security updates. 3) Conduct threat hunting exercises using available OSINT indicators and behavioral analytics to identify potential infections. 4) Educate users on phishing and social engineering tactics commonly used to deliver spyware payloads. 5) Collaborate with national cybersecurity centers and intelligence agencies to share threat intelligence and receive updated IOCs. 6) Employ network monitoring to detect unusual outbound traffic patterns indicative of data exfiltration. 7) Regularly audit and harden mobile device configurations, including disabling unnecessary sensors or permissions that spyware could exploit. These measures go beyond generic advice by focusing on mobile-specific defenses and intelligence sharing, critical for combating sophisticated spyware threats like Cytrox.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 3
- Analysis
- 2
- Uuid
- 4b475a5f-ea47-4f2f-aea3-d8ba9bd1b6b6
- Original Timestamp
- 1643539206
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainkoenigseggg.com | — | |
domainbitlly.live | — | |
domainnewslive2.xyz | — | |
domainuberegypt.cn.com | — | |
domainyuom7.net | — | |
domainconnectivitycheck.online | — | |
domainwebaffise.com | — | |
domainffoxnewz.com | — | |
domainminiiosapps.xyz | — | |
domainaudit-pvv.com | — | |
domainorangegypt.co | — | |
domainyouarefired.xyz | — | |
domainaramexegypt.com | — | |
domainmozillaupdate.xyz | — | |
domainsafelyredirecting.digital | — | |
domainmycoffeeshop.shop | — | |
domainbookjob.club | — | |
domainyoutubewatch.co | — | |
domaindownload4you.xyz | — | |
domaincyber.country | — | |
domainitcgr.live | — | |
domaingetsignalapps.live | — | |
domainclockupdate.com | — | |
domainupdateservice.center | — | |
domaincrashonline.site | — | |
domainspeedymax.shop | — | |
domainsafelyredirecting.com | — | |
domainlylink.online | — | |
domainferrari.gr.com | — | |
domaintelecomegy-ads.com | — | |
domaintw.itter.me | — | |
domaininstagam.click | — | |
domaindistedc.com | — | |
domainalraeesnews.net | — | |
domainbitlinkin.xyz | — | |
domainewish.cards | — | |
domainsniper.pet | — | |
domainwtc1111.com | — | |
domainnewsbeast.gr.com | — | |
domainin-politics.com | — | |
domainwtc2222.com | — | |
domainicloudflair.com | — | |
domainomanreal.net | — | |
domainlexpress.me | — | |
domainchatwithme.store | — | |
domainlink-m.xyz | — | |
domainefsyn.online | — | |
domainmitube1.link | — | |
domainupdete.xyz | — | |
domainweathersite.online | — | |
domainllinkedin.net | — | |
domainapi-telecommunication.com | — | |
domain2y4nothing.xyz | — | |
domainupdates4you.xyz | — | |
domainfastuploads.xyz | — | |
domainkormoran.bid | — | |
domainjquery-updater.xyz | — | |
domainsynctimestamp.com | — | |
domainbmw.gr.com | — | |
domaininsider.gr.com | — | |
domainsmsuns.com | — | |
domainuservicescheck.com | — | |
domainconnectivitycheck.live | — | |
domainnewzeto.xyz | — | |
domainhellasjournal.website | — | |
domaindanas.bid | — | |
domainenikos.news | — | |
domainnabd.site | — | |
domainquickupdates.xyz | — | |
domaintrecv.xyz | — | |
domainwe-site.net | — | |
domaingetsignalapps.com | — | |
domainbi.tly.gr.com | — | |
domainkinder.engine.ninja | — | |
domainnemshi-news.live | — | |
domainyo.utube.to | — | |
domaininstagam.in | — | |
domainsvetovid.bid | — | |
domainvodafoneegypt.tech | — | |
domaincellconn.net | — | |
domainsolargroup.xyz | — | |
domainyoutubesyncapi.com | — | |
domainancienthistory.xyz | — | |
domaingoldenscint.com | — | |
domainspeedygonzales.xyz | — | |
domainliponals.store | — | |
domainaltsantiri.news | — | |
domainviva.gr.com | — | |
domainsinai-new.com | — | |
domaineagerfox.xyz | — | |
domainweathear.live | — | |
domainadibjan.net | — | |
domainalpineai.uk | — | |
domainlivingwithbadkidny.xyz | — | |
domainespressonews.gr.com | — | |
domainolexegy.com | — | |
domainblacktrail.xyz | — | |
domainyout.ube.gr.com | — | |
domainleanwithme.xyz | — | |
domainapps-ios.net | — | |
domainbi.tly.link | — | |
domainfbc8213450838f7ae251d4519c195138.xyz | — | |
domainfisherman.engine.ninja | — | |
domainpolitique-koaci.info | — | |
domainadultpcz.xyz | — | |
domainyoutube.gr.live | — | |
domainyallakora-egy.com | — | |
domainandroid-apps.tech | — | |
domaininstagam.photos | — | |
domainflexipagez.com | — | |
domainereportaz.news | — | |
domainkohaicorp.com | — | |
domainmd-news-direct.com | — | |
domainworldnws.xyz | — | |
domainlandingpge.xyz | — | |
domainetisalatgreen.com | — | |
domainlamborghini-s.shop | — | |
domainnemshi-news.xyz | — | |
domainteslal.shop | — | |
domainhellasjournal.company | — | |
domainbbcsworld.com | — | |
domainfireup.xyz | — | |
domaingoldenscent.net | — | |
domainyoutu-be.net | — | |
domaintrkc.online | — | |
domainniceonesa.net | — | |
domainapi-apple-buy.com | — | |
domainmifcbook.link | — | |
domainsymoty.com | — | |
domaincut.red | — | |
domaindragonair.xyz | — | |
domainupdatetime.zone | — | |
domainshortenurls.me | — | |
domainqwxzyl.com | — | |
domaininvoker.icu | — | |
domainnassosblog.gr.com | — | |
domainyoutube.voto | — | |
domainhopnope.xyz | — | |
domainmyutbe.net | — | |
domainshortmee.one | — | |
domainalmasryelyuom.com | — | |
domainyoutub.app | — | |
domainelpais.me | — | |
domainactumali.org | — | |
domainbit-li.ws | — | |
domainfimes.gr.com | — | |
domainps2link.xyz | — | |
domaintribune-mg.xyz | — | |
domainbumabara.bid | — | |
domainsimetricode.uk | — | |
domainps1link.xyz | — | |
domainhellottec.art | — | |
domainstonisi.news | — | |
domainxf.actor | — | |
domainikea-egypt.net | — | |
domainbit-ly.link | — | |
domaintly.link | — | |
domainnikjol.xyz | — | |
domainegyqaz.com | — | |
domainios-apps.store | — | |
domainserviceupdaterequest.com | — | |
domaintovima.live | — | |
domainwha.tsapp.me | — | |
domainbusinesnews.net | — | |
domaintiol.xyz | — | |
domainmobnetlink1.com | — | |
domainshortxyz.com | — | |
domainube.gr.com | — | |
domainteslali.com | — | |
domainiibt.xyz | — | |
domainkranos.gr.com | — | |
domainsolargoup.xyz | — | |
domaincarrefourmisr.com | — | |
domain5m5.io | — | |
domainpronews.gr.com | — | |
domainshortwidgets.com | — | |
domainpocopoc.xyz | — | |
domaincharmander.xyz | — | |
domainenigmase.xyz | — | |
domainxnxx-hub.com | — | |
domainproupload.xyz | — | |
domaincloudstatistics.net | — | |
domainburgerprince.us | — | |
domaininfosms-a.site | — | |
domainheiiasjournai.com | — | |
domaincitroen.gr.com | — | |
domainebill.cosmote.center | — | |
domainckforward.one | — | |
domainsyncupdate.site | — | |
domainshortely.xyz | — | |
domaincanyouc.xyz | — | |
domainsuzuki.gr.com | — | |
domainmakeitshort.xyz | — | |
domainamazing.lab | — | |
domainprotothema.live | — | |
domaintinyurl.cloud | — | |
domainconlnk.one | — | |
domaintimeupdate.xyz | — | |
domainlocalegem.net | — | |
domaintesla-s.shop | — | |
domainbityl.me | — | |
domainxyvok.xyz | — | |
domainwtc3333.com | — | |
domainitly.link | — | |
domainheaven.army | — | |
domainpdfviewer.app | — | |
domainteslal.xyz | — | |
domainnemshi.net | — | |
domainbank-alahly.com | — | |
domainsyncservices.one | — | |
domainsportsnewz.site | — | |
domainbit-ly.org | — | |
domainnewzgroup.xyz | — | |
domainguardian-tt.me | — | |
domainzougla.news | — | |
domainwavekli.xyz | — | |
domainfastdownload.me | — | |
domainiosmnbg.com | — | |
domainoilgy.xyz | — | |
domainlinkit.cloud | — | |
domainurl-tiny.app | — | |
domainvodafonegypt.com | — | |
domaincbbc01.xyz | — | |
domaingoldescent.com | — | |
domainbitlyrs.com | — | |
domainniceonase.com | — | |
domainlink-protection.com | — | |
domainconnectivitychecker.com | — | |
domainurl-promo.club | — | |
domainforwardeshoptt.com | — | |
domainuservicesforyou.com | — | |
domainplayestore.net | — | |
domainadvertsservices.com | — | |
domainservers-mobile.info | — | |
domainmobnetlink2.com | — | |
domainguardnew.live | — | |
domainsepenet.gr.com | — | |
domainz2adigital.cloud | — | |
domaininstegram.co | — | |
domainbrowsercheck.services | — | |
domainstatic-graph.com | — | |
domaincnn.gr.com | — | |
domainshorten.fi | — | |
domaincelebrnewz.xyz | — | |
domainlifestyleshops.net | — | |
domainpastepast.net | — | |
domainsnapfire.xyz | — | |
domainomeega.xyz | — | |
domainkoora-egypt.com | — | |
domainetisalategypt.tech | — | |
domainyo.utube.digital | — | |
domainsextape225.me | — | |
domainsupportset.net | — | |
domaingetupdatesnow.xyz | — | |
domainprmopromo.com | — | |
domainilnk.xyz | — | |
domaintsrt.xyz | — | |
domainaffise.app | — | |
domaintelenorconn.com | — | |
domainmobnetlink3.com | — | |
domainzougla.gr.com | — | |
domainmyfcbk.net | — | |
domainz2a.digital | — | |
domainengine.ninja | — | |
domaingosokm.com | — | |
domainz2digital.cloud | — | |
domainutube.digital | — | |
domainmlinks.ws | — | |
domainredeitt.com | — | |
domainupdatingnews.xyz | — | |
domainlimk.one | — | |
domainnissan.gr.com | — | |
domainsports-mdg.xyz | — | |
domainpolitika.bid | — | |
domainsephoragroup.com | — | |
domainmsas.ws | — | |
domainorchomenos.news | — | |
domainmywebsitevpstest.xyz | — | |
domainnovosti.bid | — | |
domaintwtter.net | — | |
domainnabde.app | — | |
domainaddons.news | — | |
domainlexpress-mg.xyz | — | |
domainredirecting.live | — | |
domainmytrips.quest | — | |
domainbitt.fi | — | |
domainlandingpg.xyz | — | |
domainlnkedin.org | — | |
domainlinktothisa.xyz | — | |
domainadservices.gr.com | — | |
domaintimestampsync.com | — | |
domainolxeg.com | — | |
domainbit-li.com | — | |
domainweathernewz.xyz | — | |
domainlinkit.digital | — | |
domainonlineservices.gr.com | — | |
domainguardnews.live | — | |
domaintrecvf.xyz | — | |
domainspeedy.sbs | — | |
domainadvfb.xyz | — | |
domainqwert.xyz | — | |
domainalraeeenews.com | — | |
domainsitepref.xyz | — | |
domaincovid19masks.shop | — | |
domaintly.gr.com | — | |
domaincloudtimesync.com | — | |
domaintinylinks.live | — | |
domainitter.me | — | |
domainbity.ws | — | |
domaintgrthgsrgwrthwrtgwr.xyz | — | |
domainicloudeu.com | — | |
domainotaupdatesios.com | — | |
domainapplepps.com | — | |
domainpaok-24.com | — | |
domaininservices.digital | — | |
domaintinyulrs.com | — | |
domaintiny.gr.com | — | |
domainnetworkenterprise.net | — | |
domaintimeupdateservice.com | — | |
domainkathimerini.news | — | |
domainatheere.com | — | |
domainhempower.shop | — | |
domaineg-gov.org | — |
File
| Value | Description | Copy |
|---|---|---|
file/data/local/tmp/wd/ | — | |
file/data/local/tmp/wd/fs.db | — | |
file/private/var/tmp/hooker | — | |
file/private/var/tmp/takePhoto | — | |
file/private/var/tmp/UserEventAgent | — | |
file/private/var/tmp/com.apple.WebKit.Networking | — | |
filecytrox.stix2 | — |
Text
| Value | Description | Copy |
|---|---|---|
textSTIX 2.1 | — | |
textSTIX 2.0 | — | |
textThis repository contains network and device indicators of compromised (IoCs) related to the IOS and Android spyware tools developed by the cyber-surveillance company Cytrox. These indicators were first published in December 2021 by Meta in their Threat Report on the Surveillance-for-Hire Industry and by Citizen Lab in their report Pegasus vs. Predator - Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware. Additional indicators of compromise were identified by the Amnesty Tech Security Lab as part of an independent investigation. | — | |
textReport | — |
Stix2 pattern
| Value | Description | Copy |
|---|---|---|
stix2-pattern[configuration-profile:id='76DAB334-7E17-475D-A5D6-0794EB5818A5'] | — |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://github.com/AmnestyTech/investigations/tree/master/2021-12-16_cytrox | — |
Threat ID: 682b81048ee1a77b717bca41
Added to database: 5/19/2025, 7:05:40 PM
Last enriched: 6/18/2025, 7:34:21 PM
Last updated: 9/27/2025, 10:21:52 AM
Views: 26
Related Threats
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.