{"uuid": "d7a4d29d-a076-4708-bc6e-85a724d49a16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0022", "type": "seen", "source": "https://gist.github.com/ramoram19/0ec2792d3ec2a42ec4dc4a80bbcafc3a", "content": "title: Pegasus / Predator Spyware\nid: mercenary-spyware\ndescription: Detecta APKs y certificados de spyware mercenario\nstatus: critical\nlogsource:\n  category: application\ndetection:\n  selection:\n    package_name|contains:\n      - \"com.pegasus\"\n      - \"com.predator\"\n      - \"com.graphite\"\n    certificate|contains:\n      - \"NSO Group\"\n      - \"Cytrox\"\n  condition: selection\nlevel: critical\n\n---\n\ntitle: Stalkerware popular\nid: stalkerware-common\ndescription: Detecta apps de monitoreo conocidas\nstatus: stable\nlogsource:\n  category: application\ndetection:\n  selection:\n    package_name|contains:\n      - \"com.flexispy\"\n      - \"com.mspy\"\n      - \"com.thetruthspy\"\n      - \"com.spyzie\"\n  condition: selection\nlevel: high\n\n---\n\ntitle: Abuso de permisos cr\u00edticos\nid: triple-permission-abuse\ndescription: Apps que piden c\u00e1mara, micr\u00f3fono y ubicaci\u00f3n\nstatus: stable\nlogsource:\n  category: application\ndetection:\n  selection:\n    permissions|all:\n      - \"CAMERA\"\n      - \"RECORD_AUDIO\"\n      - \"ACCESS_FINE_LOCATION\"\n  condition: selection\nlevel: medium\n\n---\n\ntitle: Device Admin sospechoso\nid: device-admin-abuse\ndescription: Detecta apps que abusan de Device Admin\nstatus: stable\nlogsource:\n  category: application\ndetection:\n  selection:\n    permissions|contains:\n      - \"BIND_DEVICE_ADMIN\"\n  condition: selection\nlevel: high\n\n---\n\ntitle: CVE Stagefright\nid: cve-stagefright\ndescription: Detecta dispositivos vulnerables a CVE-2015-1538 (Stagefright)\nstatus: experimental\nlogsource:\n  category: device\ndetection:\n  selection:\n    build_fingerprint|contains:\n      - \"Android 5.0\"\n      - \"Android 5.1\"\n  condition: selection\nlevel: critical\n\n---\n\ntitle: CVE BlueFrag\nid: cve-bluefrag\ndescription: Detecta vulnerabilidad CVE-2020-0022 en Bluetooth\nstatus: experimental\nlogsource:\n  category: device\ndetection:\n  selection:\n    patch_level|before: \"2020-02-01\"\n  condition: selection\nlevel: critical\n\n---\n\ntitle: CVE DirtyPipe\nid: cve-dirtypipe\ndescription: Detecta kernel vulnerable a CVE-2022-0847 (DirtyPipe)\nstatus: experimental\nlogsource:\n  category: device\ndetection:\n  selection:\n    kernel_version|contains:\n      - \"5.8\"\n      - \"5.9\"\n      - \"5.10\"\n  condition: selection\nlevel: critical\n\n---\n\ntitle: Malicious DNS C2 domains\nid: dns-c2-detection\ndescription: Bloquea conexiones a dominios de comando y control conocidos\nstatus: stable\nlogsource:\n  category: network\ndetection:\n  selection:\n    dns_query|contains:\n      - \"pegasus-c2.net\"\n      - \"predator-update.com\"\n      - \"spyware-control.org\"\n      - \"malware-c2.io\"\n      - \"stalkerware-sync.net\"\n  condition: selection\nlevel: critical\n\n---\n\ntitle: Artefactos forenses de spyware\nid: forensic-artifacts\ndescription: Detecta rastros en logs y bugreports aunque el APK ya no est\u00e9 presente\nstatus: experimental\nlogsource:\n  category: filesystem\ndetection:\n  selection:\n    file_path|contains:\n      - \"/data/system/pegasus/\"\n      - \"/data/system/predator/\"\n      - \"/data/local/tmp/spyware/\"\n      - \"/sdcard/.hidden/spylogs/\"\n    file_content|contains:\n      - \"spyware\"\n      - \"c2_connection\"\n      - \"exfiltration\"\n  condition: selection\nlevel: high\n", "creation_timestamp": "2026-06-13T20:51:56.000000Z"}