quark-engine

Malware Family Analysis Report Showcase

Family	Summary	Signature Behaviors	Report
DroidKungFu	Privilege escalation with C2 control.	1. Gain unlimited access to a device. 2. Install/Uninstall additional apps. 3. Forward confidential data.	View
GoldDream	SMS/call log exfiltration with remote C2 commands.	1. Monitor SMS messages and phone calls. 2. Upload SMS messages and phone calls to remote servers.	View
SpyNote	Credential theft and device surveillance via RAT.	1. Take screenshots. 2. Simulate user gestures. 3. Log user input. 4. Communicate with C2 servers.	View
DawDropper	Dropper that installs banking trojans for financial theft.	1. Download APKs from remote servers. 2. Install additional APKs.	View
SLocker	Android ransomware locking/encrypting devices.	1. Lock the device with an overlay screen.	View
PhantomCard	NFC relay–based financial fraud.	1. Communicate with C2 servers. 2. Read the payment data of NFC cards. 3. Captures PINs of NFC cards through deceptive screens.	View

Quick Start

Step 1. Install via PyPi

Install the latest version of Quark Engine:

$ pip3 install -U quark-engine

Step 2. Download Latest Rules

Fetch the latest rule database:

$ freshquark

Step 3. Run Summary Report

Analyze an APK with the downloaded rules and generate a summary report:

$ quark -a <apk_file> -s

Step 4. View Results

Example output:

Acknowledgments

The Honeynet Project

Google Summer Of Code

Quark-Engine has been participating in the GSoC under the Honeynet Project!

• 2021:
  • YuShiang Dang: New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects
  • Sheng-Feng Lu: Replace the core library of Quark-Engine

Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.

Core Values of Quark Engine Team

• We love battle fields. We embrace uncertainties. We challenge impossibles. We rethink everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others first.