APKSIELD

byShaguftha Kulsum

Based on the attached APKSHIELD synopsis for CIDECODE Hackathon 2026, build a COMPLETE FULL-STACK WEB APPLICATION called APKSHIELD — an India-specific APK Threat Analysis Platform with C2 Detection for cybercrime investigators. Build an actual working application, not a UI mockup or demo. Use: Frontend: - React.js - Tailwind CSS - D3.js - WebSockets Backend: - Python 3.11 - FastAPI - Celery - Redis Database & Storage: - PostgreSQL - SQLAlchemy - MinIO APK Analysis: - androguard - apktool - JADX - Frida - Android Emulator/AVD - mitmproxy - tshark - scapy - YARA - scikit-learn Threat Intelligence: - VirusTotal API - AbuseIPDB - Shodan - MISP Implement: - JWT authentication - APK upload system - Static APK analysis - Dynamic sandbox analysis - Permission extraction - URL/IP extraction - Firebase-as-C2 detection - Telegram bot token extraction - Runtime API hooking - PCAP generation - DNS logging - Beaconing detection - IOC extraction - MITRE ATT&CK mapping - Threat scoring engine - Malware classification - D3.js infrastructure graph - Real-time WebSocket logs - FIR-ready PDF forensic reports - Evidence chain logging - Investigator dashboard - Role-based access control Make the platform India-specific by including: - fake Indian banking app detection - SBI/HDFC/ICICI/Paytm/PhonePe spoof detection - Aadhaar/IRCTC phishing APK detection - Indian cybercrime investigation workflows - FIR-ready reporting format Generate: - full frontend - full backend - API routes - database schema - Docker setup - Docker Compose - Celery workers - WebSocket implementation - reusable architecture - setup instructions - README.md The final output should resemble a real SOC-grade malware investigation platform used by Indian cybercrime investigators and must be fully runnable locally using Docker.

LandingCasesLoginLogs
Landing

Comments (0)

No comments yet. Be the first!

System Requirements

System Requirement Document
Page 1 of 5

APKSHIELD System Requirements Document

1. Introduction

APKSHIELD is an India-specific APK Threat Analysis Platform designed for cybercrime investigators. It provides comprehensive tools for detecting and analyzing APK threats, with a focus on local cybercrime trends and workflows.

2. System Overview

APKSHIELD is a full-stack web application that integrates various tools and services to provide a robust platform for APK threat analysis. The system is designed to automate the analysis process, provide real-time updates, and generate forensic reports tailored for Indian law enforcement.

Key Components:

  • Frontend: User interface for investigators and admins.
  • Backend: Microservices for handling authentication, APK analysis, and report generation.
  • Database: PostgreSQL for storing user data, analysis results, and logs.
  • Analysis Engine: Tools for static and dynamic APK analysis.
  • Threat Intelligence APIs: Integration with external services for enhanced threat detection.
Page 2 of 5

3. Functional Requirements

  • As an Investigator, I should be able to upload suspicious APK files.
  • As an Investigator, I should be able to run static and dynamic analysis.
  • As an Investigator, I should be able to view live logs, IOC extraction, threat scores, MITRE mappings, and C2 infrastructure graphs.
  • As an Investigator, I should be able to generate FIR-ready forensic reports.
  • As an Investigator, I should be able to manage investigation cases and evidence.
  • As an Admin, I should be able to manage users and permissions.
  • As an Admin, I should be able to configure APIs and threat intelligence feeds.
  • As an Admin, I should be able to monitor sandbox/emulator infrastructure.
  • As an Admin, I should be able to manage malware databases, YARA rules, and system settings.
  • As an Admin, I should be able to view platform-wide analytics and logs.

4. User Personas

  • Investigator: Conducts APK analysis, manages cases, and generates reports.
  • Admin: Manages system configurations, user permissions, and oversees platform operations.

5. Visuals Colors and Theme

Page 3 of 5

Color Palette

  • primary: #1A237E (Deep Indigo)
  • primary_light: #534BAE (Light Indigo)
  • secondary: #FF5722 (Coral)
  • accent: #FFC107 (Amber)
  • highlight: #FF9800 (Orange)
  • bg: #F5F5F5 (Light Grey)
  • surface: rgba(255, 255, 255, 0.9) (White)
  • text: #212121 (Dark Grey)
  • text_muted: #757575 (Muted Grey)
  • border: rgba(33, 33, 33, 0.1) (Subtle Grey)

6. Signature Design Concept

Interactive Threat Map

The homepage will feature an interactive threat map of India, visualized using D3.js. Users can hover over different regions to see real-time threat levels and recent APK analysis results. Clicking on a region will zoom in to show detailed statistics and recent cases. The map will be animated with transitions using framer-motion to smoothly navigate between views. This interactive map will serve as the central hub for investigators to quickly assess and respond to threats.

7. Interaction Model & Motion Direction

  • Interaction Model: Parallax
  • Motion Direction: The landing page will use layered depth via scroll, with interactive elements like the threat map and real-time logs. Internal pages will have moderate animations for smooth transitions and hover effects.
Page 4 of 5

8. Non-Functional Requirements

  • The platform must support high concurrency for multiple investigators.
  • Real-time updates should have a latency of less than 1 second.
  • The system should be scalable to handle large volumes of APK data.
  • Ensure data integrity and secure access through robust authentication mechanisms.

9. Tech Stack

  • Frontend: React.js, Tailwind CSS, D3.js, WebSockets
  • Backend: Python 3.11, FastAPI, Celery, Redis
  • Database: PostgreSQL, SQLAlchemy
  • Storage: MinIO
  • APK Analysis: androguard, apktool, JADX, Frida, Android Emulator/AVD, mitmproxy, tshark, scapy, YARA, scikit-learn
  • Threat Intelligence: VirusTotal API, AbuseIPDB, Shodan, MISP

10. Assumptions and Constraints

  • The platform will be deployed using Docker and Docker Compose for local development.
  • The system will operate under Indian cyber laws and regulations.
  • The platform will be optimized for use by Indian law enforcement agencies.
Page 5 of 5

11. Glossary

  • APK: Android Package Kit, the file format used by Android for distribution and installation of mobile apps.
  • IOC: Indicators of Compromise, artifacts observed on a network or in an operating system that indicate a computer intrusion.
  • C2: Command and Control, a set of tools and techniques used by attackers to maintain communications with compromised systems.
  • FIR: First Information Report, a document prepared by police organizations in India when they receive information about the commission of a cognizable offense.

This document provides a comprehensive overview of the APKSHIELD project, ensuring all stakeholders are aligned on the system's design and functionality.

Landing design preview
Landing: View Threat Map
Login: Sign In
Dashboard: View Platform Analytics
Users: Manage Investigators
Users: Set Permissions
Settings: Configure APIs
Settings: Manage Threat Feeds
Settings: Update YARA Rules
Sandbox: Monitor Infrastructure
Sandbox: View Emulator Status
Database: Manage Malware DB
Logs: View Audit Trail