apk artifacts analyzer closes#2444 + upgraded stringsifter

[g4ze]

closes #2444

Description

Please include a summary of the change and link to the related issue.

Type of change

Please delete options that are not relevant.

• [ ] Bug fix (non-breaking change which fixes an issue).
• [ ] New feature (non-breaking change which adds functionality).
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

• [ ] I have read and understood the rules about how to Contribute to this project
• [ ] The pull request is for the branch develop
• [ ] A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • [ ] I strictly followed the documentation "How to create a Plugin"
  • [ ] Usage file was updated.
  • [ ] Advanced-Usage was updated (in case the plugin provides additional optional configuration).
  • [ ] I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
  • [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
  • [ ] If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
  • [ ] Check if it could make sense to add that analyzer/connector to other freely available playbooks.
  • [ ] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • [ ] If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks.
  • [ ] If the plugin requires mocked testing, _monkeypatch() was used in its class to apply the necessary decorators.
  • [ ] I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method. This serves us to provide a valid sample for testing.
• [ ] If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
• [ ] Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• [ ] I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• [ ] If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).
• [ ] If the GUI has been modified:
  • [ ] I have a provided a screenshot of the result in the PR.
  • [ ] I have created new frontend tests for the new component or updated existing ones.
• [ ] After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.

[g4ze]

malware_tools_analyzers-user@0e3f29973277:/opt/deploy/artifacts/artifa
cts$ /opt/deploy/artifacts/venv/bin/python3 /opt/deploy/artifacts/artifacts/artifacts.py ./bitbar-sample-app.apk 
{
    "version": "1.1.1",
    "md5": "00cc5435151aa38a091781922c0390a4",
    "dex": [
        "classes.dex"
    ],
    "library": [],
    "network": {
        "ip": [],
        "url": [],
        "param": []
    },
    "root": [],
    "string": {
        "base64": [],
        "telegram_id": [],
        "known": []
    },
    "family": {
        "name": "CryCrypto",
        "match": 20.63,
        "value": {
            "permission": 28.57,
            "application": 0.0,
            "intent": 33.33
        }
    },
    "sandbox": [
        "https://tria.ge/s?q=00cc5435151aa38a091781922c0390a4",
        "https://www.joesandbox.com/analysis/search?q=00cc5435151aa38a091781922c0390a4",
        "https://www.virustotal.com/gui/search/00cc5435151aa38a091781922c0390a4",
        "https://bazaar.abuse.ch/browse.php?search=md5:00cc5435151aa38a091781922c0390a4",
        "https://koodous.com/apks?search=00cc5435151aa38a091781922c0390a4"
    ],
    "elapsed_time": 0.09
}

the command works perfectly fine inside the container but fails while analyzer run:

[g4ze]

How is gui and cli exec different? Are we not literally running the same command internally? The same command gives desired op when I shell inside the container.

[g4ze]

{ "name": "APK_Artifacts", "process_time": 5.07, "status": "SUCCESS", "end_time": "2024-08-27T10:03:15.563886Z", "parameters": {}, "type": "analyzer", "id": 72, "report": { "dex": [ "classes.dex" ], "md5": "8a05a189e58ccd7275f7ffdf88c2c191", "root": [], "family": { "name": "CryCrypto", "match": 11.11, "value": { "intent": 33.33, "permission": 0.0, "application": 0.0 } }, "string": { "known": [], "base64": [], "telegram_id": [] }, "library": [], "network": { "ip": [], "url": [], "param": [] }, "sandbox": [ "https://tria.ge/s?q=8a05a189e58ccd7275f7ffdf88c2c191", "https://www.joesandbox.com/analysis/search?q=8a05a189e58ccd7275f7ffdf88c2c191", "https://www.virustotal.com/gui/search/8a05a189e58ccd7275f7ffdf88c2c191", "https://bazaar.abuse.ch/browse.php?search=md5:8a05a189e58ccd7275f7ffdf88c2c191", "https://koodous.com/apks?search=8a05a189e58ccd7275f7ffdf88c2c191" ], "version": "1.1.1", "elapsed_time": 0.02 },

[g4ze]

[g4ze]

all gtg docs here https://github.com/intelowlproject/docs/pull/4

[g4ze]

Wohoooo all tasks done!!!!!!🤝

[mlodic]

great work man!