You can use * as wildcard, ( and ) to group conditions, AND and OR as operators.
Example of query:
permissions: *INTERNET AND java_classes: amazon
Attributes you can filter:
| md5 |
Sample MD5
md5: 3acab2... |
| sha1 |
Sample SHA1
sha1: 3acab2... |
| sha256 |
Sample SHA256
sha256: 3acab2... |
| uaid |
Sample UAID
uaid: 3acab2... |
| permissions |
Requested Android permission
permissions: *.internet |
| java_classes |
Defined Java class
java_classes: "Lcom/amazon/device" |
| features |
Requested Android feature
features: *camera |
| handle |
Application package name
handle: fr.meteo |
| app_name |
Application name
app_name: Google |
| domains |
Found domain
domains: *google* |
| cert_md5 |
Certificate MD5 fingerprint
cert_md5: 3acab2... |
| cert_sha1 |
Certificate SHA1 fingerprint
cert_sha1: 3acab2... |
| cert_sha256 |
Certificate SHA256 fingerprint
cert_sha256: 3acab2... |
| cert_issuer |
Certificate issuer
cert_issuer: *google* |
| vt.malicious |
VT detection
vt.malicious:>1 |