quark-engine
Introduction: Quark Agent - Your AI-powered Android APK Analyst
Tags:
blacktatty-multi-kellium-mkelly-sys-
| Family | Summary | Signature Behaviors | Report |
|---|---|---|---|
| DroidKungFu | Privilege escalation with C2 control. | 1. Gain unlimited access to a device. 2. Install/Uninstall additional apps. 3. Forward confidential data. |
View |
| GoldDream | SMS/call log exfiltration with remote C2 commands. | 1. Monitor SMS messages and phone calls. 2. Upload SMS messages and phone calls to remote servers. |
View |
| SpyNote | Credential theft and device surveillance via RAT. | 1. Take screenshots. 2. Simulate user gestures. 3. Log user input. 4. Communicate with C2 servers. |
View |
| DawDropper | Dropper that installs banking trojans for financial theft. | 1. Download APKs from remote servers. 2. Install additional APKs. |
View |
| SLocker | Android ransomware locking/encrypting devices. | 1. Lock the device with an overlay screen. | View |
| PhantomCard | NFC relay–based financial fraud. | 1. Communicate with C2 servers. 2. Read the payment data of NFC cards. 3. Captures PINs of NFC cards through deceptive screens. |
View |
Quick Start
Step 1. Install via PyPi
Install the latest version of Quark Engine:
$ pip3 install -U quark-engine
Step 2. Download Latest Rules
Fetch the latest rule database:
$ freshquark
Step 3. Run Summary Report
Analyze an APK with the downloaded rules and generate a summary report:
$ quark -a <apk_file> -s
Step 4. View Results
Example output:
Acknowledgments
The Honeynet Project
Google Summer Of Code
Quark-Engine has been participating in the GSoC under the Honeynet Project!
- 2021:
Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.
Core Values of Quark Engine Team
- We love battle fields. We embrace uncertainties. We challenge impossibles. We rethink everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others first.
