Comments (3)
do you think its possible to document verified detections vs. false positives or offer some training for MVT? Seems like this would have been an easy catch for someone more versed in the software even if not a technical expert
We're looking at introducing confidence levels in detections in future - some early work around this in #431.
It looks like this ClevGuard indicator originated from https://github.com/AssoEchap/stalkerware-indicators. In this case it's detecting a visit to a stalkerware related domain name - an expert should review among other things the MVT output, the possible matching indicator and the context of other events on the forensic timeline to determine whether an infection actually occurred.
At this time the Security Lab can only provide forensic support to members of civil society. If you fulfil this category and have a concern in future please do reach out again via https://securitylab.amnesty.org/get-help/ and we'll do our best to help. In terms of partnership proposals please reach out to share [ AT symbol] amnesty.tech. Due to the volume of requests, we may be unable to respond to requests which are not clearly from civil society.
from mvt.
Hey @L0laL33tz thanks for opening an issue.
Re:
MVT seems to make no distinctions between websites visited and software installed
could you give more details on the false positive you encountered, e.g. which modules are involved?
We've recently added some clearer messaging around non-expert use, particularly if detections are found:
NOTE: Detected indicators of compromise. Only expert review can confirm if the detected indicators are signs of an attack.
Please seek reputable expert help if you have serious concerns about a possible spyware attack. Such support is available to human rights defenders and civil society through Amnesty International's Security Lab at https://securitylab.amnesty.org/get-help/?c=mvt
from mvt.
Sure, here's the detection it threw:
I did reach out to amnesty techlab but never heard back. I understand that it's probably overwhelming to answer every request, so re:
Only expert review can confirm if the detected indicators are signs of an attack
do you think its possible to document verified detections vs. false positives or offer some training for MVT? Seems like this would have been an easy catch for someone more versed in the software even if not a technical expert
from mvt.
Related Issues (20)
- Feature request - offline/airgap installation HOT 2
- First Test
- Add support for structured levels of alerts, detections and logging
- Possible wrong suspicious app HOT 5
- Suspicious app not installed from the app store or MDM (false detection?) HOT 7
- Not dealing with the 'files' folder when check-iocs HOT 1
- whatsapp module "device is busy" HOT 1
- Docker permission denied; backup path not found (beginners)
- Tip: Self-check Droid via Termux and sudo HOT 1
- Binance
- Missing application.json HOT 5
- MVT disconnects mid process Samsung S23 -- SM-S911U
- Oneplus 10T Tmobile -- Cannot complete
- Error in running extraction from module WebkitSessionResourceLog
- STIX2 Files Not Fully Parsed HOT 2
- Can't download APK on Windows HOT 1
- Android keeps asking for PC permission HOT 3
- adb device not found HOT 5
- Improves STIX2 parsing and doc
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mvt.