Skip to content

Update README to Match QuarkEngine’s New 2026 Direction #854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pulorsok merged 2 commits into from
Jan 17, 2026
Merged

Update README to Match QuarkEngine’s New 2026 Direction #854

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
469e34c
Revise README for Android Malware Ontology and features
pulorsok Jan 16, 2026
177cfad
Update title for Android Malware section
pulorsok Jan 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 39 additions & 70 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<img alt="build status" src="https://github.com/quark-engine/quark-engine/actions/workflows/pytest.yml/badge.svg">
</a>
<a href="https://codecov.io/gh/quark-engine/quark-engine">
<img alt="codecov" src="https://codecov.io/gh/quark-engine/quark-engine/branch/master/graph/badge.svg">
<img alt="codecov" src="https://codecov.io/gh/ev-flow/quark-engine/graph/badge.svg">
</a>
<a href="https://github.com/18z/quark-rules/blob/master/LICENSE">
<img alt="license" src="https://img.shields.io/badge/License-GPLv3-blue.svg">
Expand All @@ -32,89 +32,58 @@
<img src="https://i.imgur.com/8GwkWei.png"/>
</p>

# New Features Coming Soon to Quark Agent
## Malware Family Analysis Report Showcase

<table>
<tr>
<td><img src="https://github.com/user-attachments/assets/e8f150e8-a27f-4d0f-b3f0-346714a4cdc4" width="310"></td>
<td><img src="https://github.com/user-attachments/assets/1a209c41-7f14-4a71-957a-637148e8a5ec" width="310"></td>
<td><img src="https://github.com/user-attachments/assets/ad93ee2d-e65d-4ac6-8df2-909153151f68" width="310"></td>
</tr>
<tr>
<td><img src="https://github.com/user-attachments/assets/ea66a178-0eb1-4832-9b3f-745b973639aa" width="310"></td>
<td><img src="https://github.com/user-attachments/assets/342a4e3f-33bd-4ff4-92ed-7869356ee1c7" width="310"></td>
<td><img src="https://github.com/user-attachments/assets/a95e99b1-b7aa-4672-89be-cd2f6bc9e3cd" width="310"></td>
</tr>
</table>

![Oct-11-2024 17-27-46](https://github.com/user-attachments/assets/6643b80b-bd85-450a-b646-9ef1a8b55bc3)

| Family | Summary | Signature Behaviors | Report |
|-------------|----------------------------------------------------|--------------------------|--------|
| DroidKungFu | Privilege escalation with C2 control. | 1. Gain unlimited access to a device.<br>2. Install/Uninstall additional apps.<br>3. Forward confidential data. | [View](https://quark-engine.readthedocs.io/en/latest/quark_rules.html#new-quark-rules-for-droidkungfu) |
| GoldDream | SMS/call log exfiltration with remote C2 commands. | 1. Monitor SMS messages and phone calls.<br>2. Upload SMS messages and phone calls to remote servers. | [View](https://quark-engine.readthedocs.io/en/latest/quark_rules.html#new-quark-rules-for-golddream) |
| SpyNote | Credential theft and device surveillance via RAT. | 1. Take screenshots.<br>2. Simulate user gestures.<br>3. Log user input.<br>4. Communicate with C2 servers. | [View](https://quark-engine.readthedocs.io/en/latest/quark_rules.html#new-quark-rules-for-spynote) |
| DawDropper | Dropper that installs banking trojans for financial theft. | 1. Download APKs from remote servers.<br>2. Install additional APKs. | [View](https://quark-engine.readthedocs.io/en/latest/quark_rules.html#new-quark-rules-for-dawdropper) |
| SLocker | Android ransomware locking/encrypting devices. | 1. Lock the device with an overlay screen. | [View](https://quark-engine.readthedocs.io/en/latest/quark_rules.html#new-quark-rules-for-slocker) |
| PhantomCard | NFC relay–based financial fraud. | 1. Communicate with C2 servers.<br>2. Read the payment data of NFC cards.<br>3. Captures PINs of NFC cards through deceptive screens. | [View](https://quark-engine.readthedocs.io/en/latest/quark_rules.html#new-quark-rules-for-phantomcard) |

![Screenshot 2024-09-26 at 2 40 55 PM](https://github.com/user-attachments/assets/9a83b256-1b9f-480f-a061-2400e2e868bc)
<img width="1507" alt="Screenshot 2024-09-26 at 2 41 52 PM" src="https://github.com/user-attachments/assets/b6c3c1bf-aa6a-40e3-aebb-7f1ec375d3d5">

We are currently focused on:

- The next step of the detection process for auto-suggestion.
- Effortlessly create detection workflows with natural language—no coding required.
- Easily adjust and refine workflows through an intuitive drag-and-drop interface.
- Instantly update and integrate changes as Quark Agent understands and adapts to workflow modifications.

We are committed to providing an intuitive and user-friendly experience, enabling users to design detection workflows seamlessly through both textual and visual methods.

Many features are still under development and fine-tuning, and we will roll them out step by step as they become ready.

If you have any suggestions, please don’t hesitate to share them with us!

To stay updated with the latest news, make sure to watch our GitHub repository and follow us on [X (Twitter)](https://twitter.com/quarkengine).

# Quark Agent - Your AI-powered Android APK Analyst

![quark agent demo](https://hackmd.io/_uploads/By6ggTni0.png)

With Quark Agent, you can perform analyses using only natural language. It creates Quark Script code following your ideas and adjusts the code promptly as you provide feedback.

# Showcase:

Here’s a demonstration of using Quark Agent to detect the CWE-798 vulnerability in the ovaa.apk file.

### Step 1: Environments Requirements

* Make sure your Python version is 3.10 or above.

### Step 2: Install Quark Agent

* Install Quark Agent by running:
## Quick Start

### Step 1. Install via PyPi
Install the latest version of Quark Engine:
```bash
git clone https://github.com/quark-engine/quark-engine.git && cd quark-engine
pip install .[QuarkAgent]
$ pip3 install -U quark-engine
```

### Step 3: Prepare the Detection Rule and the Sample File

### Step 2. Download Latest Rules
Fetch the latest rule database:
```bash
.
├── ...
├── quark
├── ...
├── agent # Put rule file and sample file here
├── ...
$ freshquark
```

You can download the **rule file** [here](https://github.com/quark-engine/quark-script/blob/main/constructCryptoGraphicKey.json) and the **sample file** [here](https://github.com/oversecured/ovaa).

### Step 4: Add your OpenAI API key

Add your OpenAI API key in `quarkAgentWeb.py`

```python
os.environ["OPENAI_API_KEY"] = 'your-api-key-here'
```

### Step 5: Run Quark Agent

### Step 3. Run Summary Report
Analyze an APK with the downloaded rules and generate a summary report:
```bash
$ cd quark/agent
$ python3 quarkAgentWeb.py

# You can now chat with Quark Agent in your browser.
# The default URL is http://127.0.0.1:5000
$ quark -a <apk_file> -s
```
### Step 4. View Results
Example output:
<img width="1280" height="461" alt="Screenshot-2025-11-25-22-36-54" src="https://github.com/user-attachments/assets/fc919b8d-d10d-4f14-bdd5-0a58b0893708" />

Open a browser and navigate to `127.0.0.1:5000` to start using Quark Agent

See more CWE detections using [quark scripts](https://quark-engine.readthedocs.io/en/latest/quark_script.html) and play them with Quark Agent !

# Acknowledgments
## Acknowledgments

### The Honeynet Project

Expand All @@ -125,11 +94,11 @@ See more CWE detections using [quark scripts](https://quark-engine.readthedocs.i
Quark-Engine has been participating in the GSoC under the Honeynet Project!

* 2021:
* [YuShiang Dang](https://twitter.com/YushianhD): [New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects](https://quark-engine.github.io/2021/08/17/GSoC-2021-YuShiangDang/)
* [Sheng-Feng Lu](https://twitter.com/haeter525): [Replace the core library of Quark-Engine](https://quark-engine.github.io/2021/08/17/GSoC-2021-ShengFengLu/)
* [YuShiang Dang](https://twitter.com/YushianhD): [New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects](https://github.com/ev-flow/ref/blob/main/GSoC-2021-YuShiangDang.md)
* [Sheng-Feng Lu](https://twitter.com/haeter525): [Replace the core library of Quark-Engine](https://github.com/ev-flow/ref/blob/main/GSoC-2021-ShengFengLu.md)

Stay tuned for the upcoming GSoC! Join the [Honeynet Slack chat](https://gsoc-slack.honeynet.org/) for more info.

# Core Values of Quark Engine Team
## Core Values of Quark Engine Team

* We love **battle fields**. We embrace **uncertainties**. We challenge **impossibles**. We **rethink** everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others **first**.
Loading