Caution
This library is a machine-generated implementation of the parsing and matching of Android artifacts performed by mvt. It has not been fully reviewed, it is completely experimental, and it should not be used until manually checked and tested.
A pure Java library that parses Android artifacts and matches them against indicators of compromise.
Package base: org.osservatorionessuno.libmvt.
gradle testUse IndicatorsUpdates to download the latest indicator files or to fetch a
specific IOC file.
IndicatorsUpdates updates = new IndicatorsUpdates();
updates.update(); // download index and IOC files to ~/.mvt/indicators
Indicators iocs = Indicators.loadFromDirectory(updates.getIndicatorsFolder().toFile());
// download an extra IOC file
updates.download("https://example.com/my_iocs.stix2");Alternatively load IOCs from an existing directory:
Indicators iocs = Indicators.loadFromDirectory(Path.of("/path/to/iocs").toFile());Run all modules on a directory exported with androidqf:
Path dir = Path.of("/path/to/androidqf");
AndroidQFRunner runner = new AndroidQFRunner(dir);
runner.setIndicators(iocs);
Map<String, Artifact> result = runner.runAll();Individual modules can be invoked via runModule("processes") etc.
See AndroidQFRunner.AVAILABLE_MODULES for the list.