Android Artifacts
Table of Contents
Expand all | Collapse all
-
- Get Session Details
- Get Sample Analysis
- Get Tags
- Get Tag Details
- Get Threat Indicator Feed
- Get Custom Threat Indicator Feed
- Get Threat Intelligence Card Summary
- Export List
- Get Anti-spyware, Vulnerability, and File-Format Signature
- Get Antivirus Signature
- Get DNS Signature
- Get Geolocation
- Get Anti-spyware, Vulnerability, and File-Format Release Info
Android Artifacts
The following table provides field names and related
information for Android-specific artifacts.
Field Name | Artifact Type as
it Appears on AutoFocus Web Portal | Field Type | Acceptable Values and
Examples |
|---|---|---|---|
| sample.tasks.apk_app_icon | APK App Icon | StringProx | Android application icon file path. Example: res/drawable-hdpi/logo.png |
| sample.tasks.apk_app_name | APK App Name | StringProx | Android application name. Example: ElfBrowser |
| sample.tasks.apk_certificate_id | APK Certificate | StringProx | Valid APK certificate ID. Example: D3E9E50DB0AB284EA7F667B6CD9B66A1 |
| sample.tasks.apk_cert_file | APK Certificate File | StringProx | File path to the certificate file, which contains
owner and issuer information along with hashes used to sign the certificate. Example: certificate , META-INF/PDGVPCK.RSA , owner=CN=pktool, OU=maizi, O=maizi, L=sc, ST=sc,C=CN , issuer=CN=pktool, OU=maizi, O=maizi, L=sc, ST=sc, C=CN , md5=D3E9E50DB0AB284EA7F667B6CD9B66A1 , sha1=F483B0AF7786123B54946556B1C7E6AC70F1A865 , sha256=6AE89219FC5F8E7397D15B2C786A7D0330FC603FC901AC49C9E3220B9AD26DF1 |
| sample.tasks.apk_defined_activity | APK Defined Activity | StringProx | The class name of activities defined in the
APK file. Example: com.google.android.apps.photos.permissions.runtime.NoPermissionsActivity |
| sample.tasks.apk_defined_intent_filter | APK Defined Intent Filter | StringProx | Expression in an app’s manifest file that
specifies the type of intents that the component would like
to receive. Example: com.google.android.apps.photos.actionqueue.INTERNALACTION |
| sample.tasks.apk_defined_receiver | APK Defined Receiver | StringProx | Example: com.android.kvis.MyReceiver |
| sample.tasks.apk_defined_sensor | APK Defined Sensor | StringProx | Required sensor readings within an app. Example: Receivesensor readings from gps |
| sample.tasks.apk_defined_service | APK Defined Service | StringProx | Background services used within an APK. Example: com.canvasmpedometer.PedometerService |
| sample.tasks.apk_embedded_library | APK Embedded Libraries | StringProx | Third-party libraries that are included
in the APK file. Example: "AndroidInternal (Generic Library)" |
| sample.tasks.apk_embeded_url | APK Embedded URL | StringProx | URL and originating file path within an APK. Example: https://akick.com , classes.dex/com/koncept/akick/MainAdditionals$1.smali |
| sample.tasks.apk_internal_file | APK Internal File | StringProx | Path to a file within an Android APK. Example: res/menu/sms_activity.xml |
| sample.tasks.apk_packagename | APK Package Name | StringProx | Unique app name used by APK on device. Example: com.yojorico.phot ogallery |
| sample.tasks.apk_isrepackaged | APK Repackaged | StringProx | Possible values: False True |
| sample.tasks.apk_requested_permission | APK Requested Permission | StringProx | Example: android.permission.WRITE_EXTERNALSTORAGE Refer
to the Android API Reference for permission
values. |
| sample.tasks.apk_sensitive_api_call | APK Sensitive API Call | StringProx | API calls embedded in the APK file that access
restricted services or resources. Example: java/lang/Runtime;->exec |
| sample.tasks.apk_digital_signer | APK Signer | StringProx | Personal information used by owner to sign
a certificate. Example: "CN=Android Debug,O=Android, C=US" |
| sample.tasks.apk_suspicious_api_call | APK Suspicious API Call | StringProx | API calls embedded in the APK file that access
restricted services or resources. Example: java/lang/Runtime;->exec, /smali/smali/com/android/kvis/b/L.smali |
| sample.tasks.apk_suspicious_action_monitored | APK Suspicious Action | StringProx | Suspicious action from an APK file based
on dynamic analysis. Example: Attempted to create a file |
| sample.tasks.apk_suspicious_file | APK Suspicious File | StringProx | A malicious file and filetype. Example: /smali/lib/armeabi/libjackpal-androidterm4.so , ELF |
| sample.tasks.apk_suspicious_string | APK Suspicious String | StringProx | A string in code that indicates suspicious behavior. Example: pminstall , /smali/smali/com/qq/RTUtils.smali |
| sample.tasks.apk_version_num | APK Version | StringProx | Application version number. Example: 1.0 |
| sample.tasks.apk_suspicious_behavior | APK Suspicious Behavior | StringProx | Suspicious behavior from an APK file based
on static analysis. Example: APK file can send an SMS message |
| sample.tasks.apk_suspicious_pattern | APK Suspicious Pattern | StringProx | Suspicious pattern from an APK file based
on static analysis. Example: APK file listens to the phone state |