Integrate more Stalkerware IOCs

Question

Integrate more Stalkerware IOCs

Te-k opened this issue 2 years ago · 5 comments

Hi,

I would like to submit a PR to integrate IOCs from this repo https://github.com/Te-k/stalkerware-indicators in order to add more appids to your detection. Would that be ok ?

Answer 1 · 2022-12-07T00:35:56.000Z

Great suggestion! Do you have a preferred way to integrate IoC with isdi?

Answer 2 · 2022-12-16T06:36:06.000Z

@tek feel free to provide feedback on the above PR

Answer 3 · 2022-12-20T17:35:27.000Z

Hey, apologies for not following through on this. Is there any reason for you to get IOCs in static data in the repository instead of having the app download the file regularly? It would be more likely to have the last version of IOCs.
Something like :

On startup, the app check if therer is an IOC file and when it was created. if it doesn't exist or is older than a week, download it from github
Then load the IOC file in the IOCs directly
What do you think?

Answer 4 · 2023-03-17T23:06:46.000Z

@Te-k the PR proposes a Github action to pull IOC file every week

Answer 5 · 2023-03-20T15:38:20.000Z

Thanks, is there any reason to have the file in the repository rather than downloaded on use?