New Artifact Types
New types of artifacts allow you to search based on
new WildFire® static analysis information for APK files and embedded
URLs in Mac samples. The AutoFocus™ API supports searches with
these new artifacts.
For guidance on how to search effectively in AutoFocus, refer
to Search Operators and Values and
the Guidelines for Partial Searches.
To navigate to an artifact type in the search
editor quickly, Find
an Artifact Type.
Artifact Type | Definition |
|---|---|
APK App Icon | The file path for the icon of the app that
the APK file installs.  |
APK App Name | The name of the app when it displays on
an Android device.  |
APK Certificate File | The file path for the certificate(s) that
the app owner used to sign the APK file, information about the certificate
owner and issuer such as name and location (if available), and the
MD5, SHA1, and SHA256 hashes used to sign the certificate.  |
APK Internal File | The file format, file path, and SHA256 of
the files included in the APK file.  |
APK Suspicious Behavior | A sequence of actions that the APK file
exhibits, the target of the actions (if there is one), and the location
of the files that exhibited the actions. For example, for the suspicious
behavior “APK files sends an SMS to a fixed number,” the target
is the phone number that received the SMS.  |
APK Suspicious Pattern | A class of patterns observed in the APK
file, a description what the pattern does, and the location of the
files where the pattern occurred.  |
Mac Embedded URLs | URLs that are part of a Mac file. The Path
column contains the path for the section of the app where the URL
is located.  |
