New Artifact Types

New types of artifacts allow you to search based on new WildFire® static analysis information for APK files and embedded URLs in Mac samples. The AutoFocus™ API supports searches with these new artifacts.
For guidance on how to search effectively in AutoFocus, refer to Search Operators and Values and the Guidelines for Partial Searches.
To navigate to an artifact type in the search editor quickly, Find an Artifact Type.
Artifact Type
Definition
APK App Icon
The file path for the icon of the app that the APK file installs.
apk-app-icon.png
APK App Name
The name of the app when it displays on an Android device.
apk-app-name.png
APK Certificate File
The file path for the certificate(s) that the app owner used to sign the APK file, information about the certificate owner and issuer such as name and location (if available), and the MD5, SHA1, and SHA256 hashes used to sign the certificate.
apk-certificate-file.png
APK Internal File
The file format, file path, and SHA256 of the files included in the APK file.
apk-internal-file.png
APK Suspicious Behavior
A sequence of actions that the APK file exhibits, the target of the actions (if there is one), and the location of the files that exhibited the actions. For example, for the suspicious behavior “APK files sends an SMS to a fixed number,” the target is the phone number that received the SMS.
apk-suspicious-behavior.png
APK Suspicious Pattern
A class of patterns observed in the APK file, a description what the pattern does, and the location of the files where the pattern occurred.
apk-suspicious-pattern.png
Mac Embedded URLs
URLs that are part of a Mac file. The Path column contains the path for the section of the app where the URL is located.
mac-embedded-url.png

Recommended For You