Christopher Talib

I'm thinking about a way to be able to "follow" public yara rules. I.e. to be able to have a list or matches for a specific rules, not necessarily being...

Hi! I am currently working on my local DB and noticed that when a samples has only one similar sample, it doesn't show in the threat intel tab "Similar Samples"...

https://github.com/quark-engine/quark-engine

I've noticed that in the case of some samples where VT has no detection but there are other detection, the display on threat level is inconsistent between the card and...

CC: https://attack.mitre.org/matrices/mobile/android/

Case: * The user is on a sample page and click log in * The user is logged in * The user is redirected to the sample page (current behaviour:...

Ignore 3rd party SDKs

1

From: https://cryptax.medium.com/investigating-android-malware-with-pithus-17d2143cc528 Reduce false positives, by ignoring 3rd party SDKs. DroidLysis does it apparently.

From: https://cryptax.medium.com/investigating-android-malware-with-pithus-17d2143cc528 In APK Analysis > Receivers, show which intent/actions/filters apply to the receiver.

From: https://cryptax.medium.com/investigating-android-malware-with-pithus-17d2143cc528 Detect if a sample is packed and unpack it. *note*: maybe there is something to do with jadx here.

From: https://cryptax.medium.com/investigating-android-malware-with-pithus-17d2143cc528 For the similarity, problem is we don't know what is similar between the samples. Suggestion: using Quark's chart radar to compare malware labels.