mvt-project
First mile IOC
Finally folks first mile IOCs on page 73 abuse of ss7 and others https://drive.google.com/drive/folders/1uKBspZ2onhM6LMl9MjuTdCNIQP5fau_Z
Big up for brazilian federal police which investigated and detected it the bad use against civilians
That's amazing, thanks for sharing! I don't speak portuguese but from what I understand, it was using SS7 geolocation and not a spyware really, so probably nothing we can identify on the phone directly through forensics.
Somehow this happens because of the telephone operators, companies were also awared they were acting against the law,which it gives us another knowledge of how it happens, ive been searching for this for so long friends, i hope we identify more IOCs I still think they didnt openned all because they still use it.
Can I keep this issue opened so when other friends reviews it we can put here?
Hi! tks for sharing the report, @renozion . I read it (I'm Brazilian) and I can confirm that what it's saying about First Mile is that it is exploiting SS7 only, so, as @Te-k said, nothing that can be identified on a phone with forensics. the report also says that the only thing necessary for acquiring geolocation, through IMSI or phone number, is access to the SS7 network, but in the case of first mile it does not involve needing support from the telecom companies. the further analysis contains info about the VM used and some IPs, but this is about the devices used to operate the too and not IoCs. I hope I could help clarifying a bit
