MaintainTeam/Hypatia
1
0
Fork 0
mirror of https://github.com/MaintainTeam/Hypatia.git synced 2025-03-01 05:48:23 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support for the MalwareBazaar database

Browse source 
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-12-19 16:58:11 -05:00
parent c70b45a4ee
commit 3bd703d6b8
No known key found for this signature in database
GPG key ID: B286E9F57A07424B
7 changed files with 19 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -65,6 +65,7 @@ Credits
- Nex (@botherder) for extra databases (CC BY-SA 4.0) - Nex (@botherder) for extra databases (CC BY-SA 4.0)
- Amnesty International for extra databases (CC BY 2.0) - Amnesty International for extra databases (CC BY 2.0)
- Echap for extra databases (CC BY 4.0) - Echap for extra databases (CC BY 4.0)
- MalwareBazaar for extra databases (CC0)
- RecursiveFileObserver.java (GPL-3.0-or-later): Daniel Gultsch, ownCloud Inc., Bartek Przybylski - RecursiveFileObserver.java (GPL-3.0-or-later): Daniel Gultsch, ownCloud Inc., Bartek Przybylski
- GPGDetachedSignatureVerifier.java (GPL-2.0-or-later): Federico Fissore, Arduino LLC - GPGDetachedSignatureVerifier.java (GPL-2.0-or-later): Federico Fissore, Arduino LLC
- Petra Mirelli for the German/Spanish/Italian translations, the app banner/feature graphic, and various tweaks. - Petra Mirelli for the German/Spanish/Italian translations, the app banner/feature graphic, and various tweaks.

4
app/build.gradle
View file

@ -6,8 +6,8 @@ android {
applicationId "us.spotco.malwarescanner" applicationId "us.spotco.malwarescanner"
minSdkVersion 16 minSdkVersion 16
targetSdkVersion 32 targetSdkVersion 32
versionCode 105 versionCode 107
versionName "2.32" versionName "2.33"
resConfigs 'en', 'af', 'de', 'el', 'es', 'fi', 'fr', 'it', 'pl', 'pt', 'ru', 'tr', 'zh-rCN' resConfigs 'en', 'af', 'de', 'el', 'es', 'fi', 'fr', 'it', 'pl', 'pt', 'ru', 'tr', 'zh-rCN'
} }
buildTypes { buildTypes {

3
app/src/main/java/us/spotco/malwarescanner/Database.java
View file

@ -107,6 +107,9 @@ class Database {
signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hdb.gz")); signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hdb.gz"));
signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hsb.gz")); signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hsb.gz"));
} }
if (prefs.getBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", true)) {
signatureDatabases.add(new SignatureDatabase(baseURL, "malware_bazaar.hsb.gz"));
}
if (prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false)) { if (prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false)) {
signatureDatabases.add(new SignatureDatabase(baseURL, "main.hdb.gz")); signatureDatabases.add(new SignatureDatabase(baseURL, "main.hdb.gz"));
signatureDatabases.add(new SignatureDatabase(baseURL, "main.hsb.gz")); signatureDatabases.add(new SignatureDatabase(baseURL, "main.hsb.gz"));

7
app/src/main/java/us/spotco/malwarescanner/MainActivity.java
View file

@ -150,7 +150,8 @@ public class MainActivity extends Activity {
localizeDBDescription("ESET\n • SIZE: SIZE_SMALL\n • LICENSE: BSD 2-Clause\n • AUTHOR: ESET\n • SOURCE: https://github.com/eset/malware-ioc\n"), localizeDBDescription("ESET\n • SIZE: SIZE_SMALL\n • LICENSE: BSD 2-Clause\n • AUTHOR: ESET\n • SOURCE: https://github.com/eset/malware-ioc\n"),
localizeDBDescription("Targeted Threats\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY-SA 4.0\n • AUTHOR: Nex\n • SOURCE: https://github.com/botherder/targetedthreats\n"), localizeDBDescription("Targeted Threats\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY-SA 4.0\n • AUTHOR: Nex\n • SOURCE: https://github.com/botherder/targetedthreats\n"),
localizeDBDescription("Amnesty Tech Investigations\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 2.0\n • AUTHOR: Amnesty International\n • SOURCE: https://github.com/amnestytech/investigations\n"), localizeDBDescription("Amnesty Tech Investigations\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 2.0\n • AUTHOR: Amnesty International\n • SOURCE: https://github.com/amnestytech/investigations\n"),
localizeDBDescription("Stalkerware\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 4.0\n • AUTHOR: Echap\n • SOURCE: https://github.com/AssoEchap/stalkerware-indicators")}; localizeDBDescription("Stalkerware\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 4.0\n • AUTHOR: Echap\n • SOURCE: https://github.com/AssoEchap/stalkerware-indicators\n"),
localizeDBDescription("MalwareBazaar\n • SIZE: SIZE_SMALL\n • LICENSE: CC0\n • AUTHOR: Abuse.ch\n • SOURCE: https://bazaar.abuse.ch")};
final boolean[] databaseDefaults = { final boolean[] databaseDefaults = {
prefs.getBoolean("SIGNATURES_CLAMAV-ANDROID", true), prefs.getBoolean("SIGNATURES_CLAMAV-ANDROID", true),
prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false), prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false),
@ -158,7 +159,8 @@ public class MainActivity extends Activity {
prefs.getBoolean("SIGNATURES_ESET", true), prefs.getBoolean("SIGNATURES_ESET", true),
prefs.getBoolean("SIGNATURES_TARGETEDTHREATS", true), prefs.getBoolean("SIGNATURES_TARGETEDTHREATS", true),
prefs.getBoolean("SIGNATURES_AMNESTY", true), prefs.getBoolean("SIGNATURES_AMNESTY", true),
prefs.getBoolean("SIGNATURES_STALKERWARE", true)}; prefs.getBoolean("SIGNATURES_STALKERWARE", true),
prefs.getBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", true)};
Dialog databaseDialog; Dialog databaseDialog;
AlertDialog.Builder databaseBuilder = new AlertDialog.Builder(this); AlertDialog.Builder databaseBuilder = new AlertDialog.Builder(this);
@ -173,6 +175,7 @@ public class MainActivity extends Activity {
prefs.edit().putBoolean("SIGNATURES_TARGETEDTHREATS", databaseDefaults[4]).apply(); prefs.edit().putBoolean("SIGNATURES_TARGETEDTHREATS", databaseDefaults[4]).apply();
prefs.edit().putBoolean("SIGNATURES_AMNESTY", databaseDefaults[5]).apply(); prefs.edit().putBoolean("SIGNATURES_AMNESTY", databaseDefaults[5]).apply();
prefs.edit().putBoolean("SIGNATURES_STALKERWARE", databaseDefaults[6]).apply(); prefs.edit().putBoolean("SIGNATURES_STALKERWARE", databaseDefaults[6]).apply();
prefs.edit().putBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", databaseDefaults[7]).apply();
}); });
databaseDialog = databaseBuilder.create(); databaseDialog = databaseBuilder.create();

1
app/src/main/res/values/arrays.xml
View file

@ -21,6 +21,7 @@
<item>• Nex (@botherder): Signature Databases</item> <item>• Nex (@botherder): Signature Databases</item>
<item>• Amnesty International: Signature Databases</item> <item>• Amnesty International: Signature Databases</item>
<item>• Echap: Signature Databases</item> <item>• Echap: Signature Databases</item>
<item>• MalwareBazaar: Signature Databases</item>
<item>• RecursiveFileObserver.java: Daniel Gultsch, ownCloud Inc., Bartek Przybylski</item> <item>• RecursiveFileObserver.java: Daniel Gultsch, ownCloud Inc., Bartek Przybylski</item>
<item>• GPGDetachedSignatureVerifier.java: Federico Fissore, Arduino LLC</item> <item>• GPGDetachedSignatureVerifier.java: Federico Fissore, Arduino LLC</item>
<item>• Google: App Icon</item> <item>• Google: App Icon</item>

2
fastlane/metadata/android/en-US/changelogs/107.txt Normal file
View file

@ -0,0 +1,2 @@
* New database with 60k+ signatures from MalwareBazaar by abuse.ch
* @Manuel-Senpai for updated Spanish translations.

5
scripts/0malware_bazaar-android.sh Normal file
View file

@ -0,0 +1,5 @@
#!/bin/bash
#License: GPLv3
#Description: Hypatia conversion script for https://bazaar.abuse.ch/export/csv/full/ (CC0)
grep "\"apk\"" full.csv | awk '{ print $3 } ' | sed 's/^"//' | sed 's/",$/:0:MalwareBazaar/' > malware_bazaar.hsb;
gzip *.hsb;