Skip to content

Check receiver names for IoCs #721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
viktor3002 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Check receiver names for IoCs #721

viktor3002 wants to merge 2 commits into from

Conversation

@viktor3002
Copy link
Collaborator

@viktor3002 viktor3002 commented Dec 1, 2025

If a known malicious app id is a substring of a receiver name, a warning is shown to the user

@github-actions
Copy link
Contributor

github-actions bot commented Dec 1, 2025
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
src/mvt/android
   cli.py1685766%62, 82–85, 96, 115–147, 183–214, 254–255, 318–319, 326, 384–385, 415–428, 436–437
   cmd_check_adb.py11373%32–48
   cmd_check_androidqf.py1063072%81–84, 88–89, 92, 101–102, 106–115, 124, 127–128, 137, 148–162, 167–171
   cmd_check_backup.py671775%71–72, 78–79, 85–88, 105–118, 122
   cmd_check_bugreport.py45882%81–84, 88, 91, 97, 103
   cmd_download_apks.py876921%38–42, 51–53, 65–99, 105–112, 116–172, 175–177, 180–184
   utils.py16569%11–20
src/mvt/android/artifacts
   dumpsys_accessibility.py30197%14
   dumpsys_adb.py921386%50–51, 91, 99–101, 113–115, 141–142, 148–151
   dumpsys_appops.py1061091%27, 69–71, 117–118, 155, 171–173, 179
   dumpsys_battery_daily.py42490%17, 27, 42–43
   dumpsys_battery_history.py48785%16, 47–55
   dumpsys_dbinfo.py42686%18, 60–65
   dumpsys_package_activities.py40490%12, 64, 70–71
   dumpsys_packages.py121596%18–23, 160, 167
   dumpsys_platform_compat.py22291%16, 31
   dumpsys_receivers.py57984%24, 29, 34, 39, 45, 51, 97, 103–104
   file_timestamps.py18194%32
   getprop.py36489%40, 53, 59, 62
   mounts.py703057%53, 79–80, 84, 113–118, 129–162, 177–186
   processes.py34974%20, 24–25, 31, 55, 59, 63–65
   tombstone_crashes.py1491590%97–99, 102–107, 160–161, 187, 227–228, 268
src/mvt/android/modules/adb
   base.py14811224%51–61, 66–73, 77–138, 142, 146–148, 157, 166–167, 171–172, 185, 198–200, 218–224, 234–269, 282–306, 309–351, 355
   chrome_history.py372435%30–38, 41, 50–56, 64–98, 101–110
   dumpsys_full.py16944%25, 35–45
   files.py725721%37–45, 48–56, 59–70, 73–88, 93–121, 124–155
   getprop.py14750%26–35, 38–43
   logcat.py211433%25, 35–57
   packages.py17215311%39–47, 50–72, 75–108, 111–167, 171–181, 186–217, 220–317
   processes.py13654%26, 36–42
   root_binaries.py251828%24, 34–36, 39–70
   selinux_status.py171041%26–35, 38–48
   settings.py251828%26–35, 38–58
   sms.py796024%56–65, 68–69, 77–90, 98–127, 137–151, 154–179
   whatsapp.py533926%31, 41–42, 50–60, 68–103, 106–113
src/mvt/android/modules/androidqf
   aqf_files.py782371%12–13, 78, 87–89, 93, 97–106, 111–114, 120, 129–134
   aqf_log_timestamps.py24240%6–62
   aqf_packages.py58788%46–51, 74, 79, 84, 104
   aqf_settings.py24292%51–52
   base.py43295%73–74
   mounts.py291548%51–74
   root_binaries.py44686%76–78, 81–82, 101
   sms.py491373%54, 57, 62–63, 79–84, 87, 91–97, 102–103
src/mvt/android/modules/backup
   base.py35391%61–62, 67
   helpers.py22195%27
   sms.py33488%40, 44, 47–48
src/mvt/android/modules/bugreport
   base.py581869%47–48, 53–54, 61–66, 70, 85–92, 96–97
   dumpsys_accessibility.py17382%38–42, 51
   dumpsys_activities.py16288%42–46
   dumpsys_adb_state.py16381%38–42, 51
   dumpsys_appops.py15287%38–42
   dumpsys_battery_daily.py15287%38–42
   dumpsys_battery_history.py15287%38–42
   dumpsys_dbinfo.py16288%40–44
   dumpsys_getprop.py26773%40–44, 51–52, 57–60
   dumpsys_packages.py24388%39–43, 56
   dumpsys_platform_compat.py16288%38–42
   dumpsys_receivers.py25964%39–47, 54–58
   tombstones.py24579%39–43, 52, 57–59
src/mvt/android/parsers
   backup.py110992%62, 102–103, 109, 129, 132, 175, 190–191
src/mvt/common
   artifact.py10190%22
   cmd_check_iocs.py413222%30–44, 47–92
   command.py1435065%79–85, 91–109, 117–130, 140–168, 174–178, 181–183, 189, 223, 240, 244–245
   indicators.py3257278%39–41, 54–60, 139, 151, 157, 163, 169, 191, 205–210, 293, 305, 317, 359–362, 379, 404–422, 449, 471, 502, 521, 536–542, 555–563, 574, 598, 623, 632–639, 654, 679–692, 703, 706, 733, 780–793, 804, 822
   logo.py423517%18–83, 89–96
   module.py1264366%71–79, 84–88, 103–123, 164, 173, 178, 188, 207–208, 224–225, 241–255
   options.py13377%27–33
   updates.py16013416%27–38, 43–56, 61–69, 72–74, 81–89, 92–94, 97–114, 117–137, 140–178, 185–219, 226–236, 239–269
   url.py25676%327, 366, 372–376
   utils.py1083766%49–51, 64, 96–97, 111, 125–126, 165–182, 197–198, 211–212, 219–228, 243, 253, 261
   virustotal.py231343%25–52
src/mvt/ios
   cli.py1496656%62, 82–85, 96, 125–169, 188–211, 254–255, 288–311, 334–347, 355–356
   cmd_check_fs.py14471%33–48, 51
   decrypt.py1149219%33–36, 39, 48–56, 61–64, 73–123, 131–181, 192–221, 227–231, 244–255
   versions.py32391%21, 30, 48
src/mvt/ios/modules
   base.py902374%54, 64, 71–96, 114, 122, 129, 137–138, 157–160, 195–196
   net_base.py1234861%68–70, 100–101, 182–237, 252–263, 275, 320–321, 329–330, 334
src/mvt/ios/modules/backup
   backup_info.py29293%43, 79
   configuration_profiles.py674631%43–48, 58, 61–88, 103–178
   manifest.py81890%59, 66, 112–118, 123, 169–170
   profile_events.py513237%44, 55, 58–67, 71–97, 103–110, 113
src/mvt/ios/modules/fs
   analytics.py655023%34, 44, 52–77, 80–137, 140–143, 146–152
   analytics_ios_versions.py362628%30, 40, 48–86
   cache_files.py463524%24, 34–45, 48–62, 65–80, 92–99
   filesystem.py42881%52, 56–57, 61, 77–78, 89–90
   net_netusage.py181044%34, 44–57
   safari_favicon.py372630%31, 41, 50–60, 63–115, 118–124
   shutdownlog.py655417%30, 40, 49–69, 72–127, 130–133
   version_history.py20955%32, 42, 50–65
   webkit_base.py221627%17–24, 27–38
   webkit_indexeddb.py13469%34, 44, 53–54
   webkit_localstorage.py12467%32, 42, 51–52
   webkit_safariviewservice.py10370%32, 42–43
src/mvt/ios/modules/mixed
   applications.py754639%50–57, 61–97, 103–111, 117–122, 132–144, 150, 152–154
   calendar.py49296%75–78
   calls.py221055%41, 53–82
   chrome_favicon.py362336%42, 50–60, 66–104
   chrome_history.py301743%44, 54–61, 67–102
   contacts.py281739%45–75
   firefox_favicon.py321941%43, 52–62, 68–106
   firefox_history.py301743%47, 55–62, 68–101
   global_preferences.py27293%45, 47
   idstatuscache.py563930%46, 55–72, 75–105, 110–120
   interactionc.py554027%251–275, 281–320
   locationd.py836522%58–70, 73–133, 136–155, 160–172
   osanalytics_addaily.py311745%45, 56–63, 70–98
   safari_browserstate.py763061%68, 71–75, 96–108, 115–135, 170, 176–183
   safari_history.py704437%48, 59–98, 107, 110–113, 116–151, 163–171
   shortcuts.py675025%47–55, 71–78, 84–153
   sms.py691381%74, 86, 110–127, 140, 154
   sms_attachments.py422443%44, 57–74, 97–128
   tcc.py833163%68, 85, 108–128, 143–146, 166–208
   webkit_resource_load_statistics.py521081%67–68, 93–94, 128–135
   webkit_session_resource_log.py866327%56–66, 70, 73–113, 119–165, 172–189
   whatsapp.py513825%43–48, 56–63, 69–135
TOTAL6639261761% 

Tests Skipped Failures Errors Time
109 1 💤 0 ❌ 0 🔥 7.719s ⏱️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@viktor3002 @besendorf