User Guide
Synapse-PolySwarm User Guide
Synapse-PolySwarm adds new Storm commands to allow you to query the PolySwarm API using your existing API key.
Getting Started
Check with your Admin to enable permissions and find out if you need a personal API key.
Examples
Setting your personal API key
To set-up a personal use API key:
> polyswarm.setup.apikey --self myapikey
Setting PolySwarm API key for the current user.
Run a custom search of the PolySwarm metadata
The polyswarm.metadata.search command can be used to execute a search of
PolySwarm metadata and ingest resulting file:bytes nodes including associated
it:av:filehit nodes to annotate AV scan results. The query is specified using
Elastic Search syntax.
> polyswarm.metadata.search --size 2 "scan.latest_scan.ClamAV.assertion:malicious AND scan.detections.malicious:>1"
file:bytes=sha256:2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
.created = 2024/11/19 21:26:03.610
:_polyswarm:polyscore = 0.9999992152897648
:md5 = 3a7d7c06ce418eb97dc0e336d2eb70f7
:name = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
:sha1 = 05babd85001462f51c009ff5802a3f53a72f35d5
:sha256 = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
#rep.polyswarm.mal.otwycal
file:bytes=sha256:57affabeeb30e313ad942abefa203de63c35a2d43528d43288979512181b2faf
.created = 2024/11/19 21:26:04.434
:_polyswarm:polyscore = 0.999997386328349
:md5 = e4783c08d2b78b70554cd7486b9edb6a
:name = 57affabeeb30e313ad942abefa203de63c35a2d43528d43288979512181b2faf
:sha1 = cd8c27ea53782fbed547939d9ad49d9032d7c00d
:sha256 = 57affabeeb30e313ad942abefa203de63c35a2d43528d43288979512181b2faf
#rep.polyswarm.mal.otwycal
The query is recorded using an it:exec:query node which is linked to the resulting file:bytes
nodes via a -(found)> light-weight edge.
> it:exec:query
it:exec:query=c20c01001e60351fed20706d679f01d9
.created = 2024/11/19 21:26:03.563
:api:url = https://api.polyswarm.network/v3/search/metadata/query
:language = polyswarm-metadata
:text = scan.latest_scan.ClamAV.assertion:malicious AND scan.detections.malicious:>1
:time = 2024/11/19 21:26:03.492
You may also use the --debug option to print the returned JSON blob to review the
available fields which you can use in a query.
> polyswarm.metadata.search --debug --size 1 "scan.latest_scan.ClamAV.assertion:malicious AND scan.detections.malicious:>1"
{'artifact': {'created': '2022-08-18T17:57:47.740301+00:00',
'id': '15549339119999329',
'md5': '3a7d7c06ce418eb97dc0e336d2eb70f7',
'sha1': '05babd85001462f51c009ff5802a3f53a72f35d5',
'sha256': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280'},
'exiftool': {'characterset': 'Windows, Latin1',
'codesize': 19968,
'companyname': 'Apache Software Foundation',
'entrypoint': '0x4e000',
'filedescription': 'OpenOffice Writer',
'fileflags': '(none)',
'fileflagsmask': '0x003f',
'fileos': 'Windows NT 32-bit',
'filesize': '316 KiB',
'filesubtype': 0,
'filetype': 'Win32 EXE',
'filetypeextension': 'exe',
'fileversion': '4.00.9800',
'fileversionnumber': '4.0.9800.500',
'imageversion': 0.0,
'initializeddatasize': 302592,
'internalname': 'swriter',
'languagecode': 'German',
'linkerversion': 9.0,
'machinetype': 'Intel 386 or later, and compatibles',
'mimetype': 'application/octet-stream',
'objectfiletype': 'Executable application',
'originalfilename': 'swriter.exe',
'osversion': 5.0,
'petype': 'PE32',
'productversion': '4.00.9800',
'productversionnumber': '4.0.9800.500',
'subsystem': 'Windows GUI',
'subsystemversion': 5.0,
'timestamp': '2019:09:03 20:06:46+00:00',
'uninitializeddatasize': 0},
'hash': {'authentihash': '71ae4c1ab3e1a6b49e3e33e71517149a237757cb12fd97e58dc0207e7f15ad9a',
'md5': '3a7d7c06ce418eb97dc0e336d2eb70f7',
'sha1': '05babd85001462f51c009ff5802a3f53a72f35d5',
'sha256': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',
'sha3_256': '64274dcdb0ad9ed7afb6768117607c7eb2d435a95c9508aab1e2e1a3fdfe080a',
'sha3_512': 'b38a902cd28ecbf25be702c416a352be1c728ff6e59a04f49d8d7c74e8e9f0e61b2631115b003b69f1505005987bd5efa8b800b5d2f9082dae79cbaf85a6501e',
'sha512': '5d0de1bf8c1ae3a69856204593852061c748436bde3a55efd3292de936ae0e6cc6591b39726cdb6ebc640a49c16aac2724c29387959a69a08e7f8ce9fa2ef5a0',
'ssdeep': '1536:uUZqkTZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZLYT0jcGZrr:ufO4S/B5LN/iFtIIN',
'tlsh': '856422d14118ee13c9d1c57e04f625239ad2bc668199b04d2e68b3bb7c3f2dd8e9ed21'},
'lief': {'entrypoint': 4513792,
'exported_functions': (),
'has_nx': True,
'imported_functions': ('CommandLineToArgvW',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_crt_debugger_hook',
'_onexit',
'_except_handler4_common',
'_invoke_watson',
'_controlfp_s',
'__set_app_type',
'_encode_pointer',
'__p__fmode',
'__p__commode',
'_adjust_fdiv',
'__setusermatherr',
'_configthreadlocale',
'_initterm_e',
'_initterm',
'_wcmdln',
'exit',
'_XcptFilter',
'_exit',
'_cexit',
'__wgetmainargs',
'_amsg_exit',
'memset',
'_wsplitpath',
'_wmakepath',
'_lock',
'_decode_pointer',
'GetSystemTimeAsFileTime',
'GetTickCount',
'QueryPerformanceCounter',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'InterlockedCompareExchange',
'Sleep',
'InterlockedExchange',
'GetStartupInfoW',
'GetCommandLineW',
'GetModuleFileNameW',
'CreateProcessW',
'WaitForSingleObject',
'CloseHandle',
'GetLastError',
'FormatMessageW',
'LocalFree',
'GetCurrentProcessId',
'GetCurrentThreadId',
'MessageBoxW'),
'is_pie': True,
'libraries': ('SHELL32.dll',
'MSVCR90.dll',
'KERNEL32.dll',
'USER32.dll'),
'virtual_size': 335872},
'modified': '2022-08-18T17:58:24.717808',
'pefile': {'app_container': False,
'compile_date': '2019-09-03 20:06:46',
'exports': (),
'force_integrity': False,
'force_no_isolation': False,
'has_debug_info': True,
'has_export_table': False,
'has_import_table': True,
'high_entropy_aslr': False,
'imphash': 'cf436b2d8382be2acb3225554d5da2ff',
'imported_functions': ('CommandLineToArgvW',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_crt_debugger_hook',
'_onexit',
'_except_handler4_common',
'_invoke_watson',
'_controlfp_s',
'__set_app_type',
'_encode_pointer',
'__p__fmode',
'__p__commode',
'_adjust_fdiv',
'__setusermatherr',
'_configthreadlocale',
'_initterm_e',
'_initterm',
'_wcmdln',
'exit',
'_XcptFilter',
'_exit',
'_cexit',
'__wgetmainargs',
'_amsg_exit',
'memset',
'_wsplitpath',
'_wmakepath',
'_lock',
'_decode_pointer',
'GetSystemTimeAsFileTime',
'GetTickCount',
'QueryPerformanceCounter',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'InterlockedCompareExchange',
'Sleep',
'InterlockedExchange',
'GetStartupInfoW',
'GetCommandLineW',
'GetModuleFileNameW',
'CreateProcessW',
'WaitForSingleObject',
'CloseHandle',
'GetLastError',
'FormatMessageW',
'LocalFree',
'GetCurrentProcessId',
'GetCurrentThreadId',
'MessageBoxW'),
'is_dll': False,
'is_driver': False,
'is_exe': True,
'is_probably_packed': False,
'libraries': ('SHELL32.dll',
'MSVCR90.dll',
'KERNEL32.dll',
'USER32.dll'),
'no_bind': False,
'pdb': ('C:\\Source\\openoffice\\main\\desktop\\wntmsci12.pro\\bin\\swriter.pdb',),
'pdb_guids': ('{48e79735-f89d-4044-b7db5b0ba5ab820e}',),
'resources': ({'entropy': 2.8620125261651017,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': 'bae11528e82987ecaf30896a1bd4cc35',
'mimetype': 'application/octet-stream',
'offset': '17268',
'sha1': '434648ed74119a1abeb7bfbd06f82be2604810ca',
'sha256': '1cbc3d246cd0c2551e59e38ebc06a8afa237f48be7796891b607cd9600fbb76d',
'size': '1640',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 3.2353814111800454,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': '577bd8e5e7b875a600c736264e73f473',
'mimetype': 'application/octet-stream',
'offset': '18908',
'sha1': '47da9be6215e0ab8a4a8f5cfa3074e72e96dfb6d',
'sha256': '57987b54fd1797eb9ced88b6e6a8d3e90b65000c327f7606fc75fc932381fab5',
'size': '744',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 3.281099688151822,
'extended_mimetype': 'GLS_BINARY_LSB_FIRST',
'language': 'LANG_ENGLISH',
'md5': 'f3c08905a58315885f3493daa9fc8c57',
'mimetype': 'application/octet-stream',
'offset': '19652',
'sha1': '71985335a5eca309312db30c1600443d7a465d8f',
'sha256': '9cb7a67d0d946e72e1f63e98670642964553b6d5392645f1a11c4d1d9ad7f339',
'size': '296',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 6.542641119226872,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': '8661e9b4d9df7ee1a6bb6ba0dc7872ab',
'mimetype': 'application/octet-stream',
'offset': '19948',
'sha1': '0c4ff96c51a95a527c6e93e407a4729f28833b47',
'sha256': '7806496ad28c2eab013d6286a2c5aadac3777b14e6e8991d27250f66e0998664',
'size': '3752',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 6.537505568998333,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': '59448a2788be2a36f915a70de6e652e9',
'mimetype': 'application/octet-stream',
'offset': '23700',
'sha1': 'd8796ecc8ff93255f9fdeab57df15351c134367f',
'sha256': '5af58ca63920f2199f9c736a0e64495446f9533115b6edf0a2db9f2ba1a45d54',
'size': '2216',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 4.685875828832479,
'extended_mimetype': 'GLS_BINARY_LSB_FIRST',
'language': 'LANG_ENGLISH',
'md5': '544974682ad33c61db7da567f9a5e658',
'mimetype': 'application/octet-stream',
'offset': '25916',
'sha1': '6e3760a2e2393e63ca95106354b3bd78d0d7d9e0',
'sha256': '8dd13aefef2516cd19dec9531a59b6480da86be5f2a13df646edad9b6430bb6f',
'size': '1384',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 5.718169121417516,
'extended_mimetype': 'dBase III DBT, version number '
'0, next free block index 40',
'language': 'LANG_ENGLISH',
'md5': 'fa6987dc69b58ead0fb5011c24e2dc02',
'mimetype': 'application/octet-stream',
'offset': '27300',
'sha1': 'b1fe56a2d345536bfb5958c45c640ebaa44a642b',
'sha256': 'c786ad9e8a8ba2a66eb3df9e7c7a3c939175e04956e8a04c1a41c59fed62c0bf',
'size': '270376',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 6.177281609901054,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': '91b76456d6b0b07176862df18a4b3c9d',
'mimetype': 'application/octet-stream',
'offset': '297676',
'sha1': 'cb2ad10937f1a61fb06bfe649f5a52a14946937e',
'sha256': '061ceb5213fa5cb669a4a219789d25ced9fbec2d5387ec5a1cbb19056a9ad768',
'size': '9640',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 6.242882688123039,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': 'f508cb5739834e4ad8fbc93af887f864',
'mimetype': 'application/octet-stream',
'offset': '307316',
'sha1': '8bf8077890435544c6e5a19823d56b2031f0a023',
'sha256': '06830f08ff19daa676ee086195cd779a4debb9202a34609e0fa3615982f8c7cb',
'size': '4264',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 6.239446066895165,
'extended_mimetype': 'GLS_BINARY_LSB_FIRST',
'language': 'LANG_ENGLISH',
'md5': 'a38244e8b0f6aba387abc0f582073604',
'mimetype': 'application/octet-stream',
'offset': '311580',
'sha1': '195109aadde3c2746013ccf51026b7808a30edf7',
'sha256': '04015f5d0b607727f7b1a0650d214802d079f061a7a77ad08903f5c51420211d',
'size': '1128',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_ICON'},
{'entropy': 2.0998438973656643,
'extended_mimetype': 'ASCII text, with no line '
'terminators',
'language': 'LANG_ENGLISH',
'md5': '400949f703d618537213d34e65fd4194',
'mimetype': 'text/plain',
'offset': '312708',
'sha1': '19f485b17174eeb28ebfcb863d875dbedd145384',
'sha256': '628a5e9816a06413e63e030f3b3e22bb01fa5cd1145cd75de8eaa8b19946a46f',
'size': '26',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_RCDATA'},
{'entropy': 3.3393538721672007,
'extended_mimetype': 'SysEx File -',
'language': 'LANG_ENGLISH',
'md5': 'fccd769330892c2cd918da9992a9b898',
'mimetype': 'application/octet-stream',
'offset': '312736',
'sha1': 'a5d8eb46850b8c931368b0aa946471336ac31650',
'sha256': '223531f0f7bc75cf37fee20a9b430735aadd1af8d52cd1f54ef68a4c4ff51522',
'size': '20',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_RCDATA'},
{'entropy': 2.8816230302579715,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': 'f31e83f3983ae6f10ef166a7a686c680',
'mimetype': 'application/octet-stream',
'offset': '312756',
'sha1': '54a844e25e8e2d64e6433dddffd8aeabf71fee22',
'sha256': 'aebb98855fa8fc3adb0efcf4888a7354e50ed0e47688f6b6ad5e18a1db6399b7',
'size': '146',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_GROUP_ICON'},
{'entropy': 3.1155457175256616,
'extended_mimetype': 'data',
'language': 'LANG_ENGLISH',
'md5': 'b8908beb1f9b4eac7690b6447e856d83',
'mimetype': 'application/octet-stream',
'offset': '312904',
'sha1': 'a577d0bef0876ac9581ada6f5c5cc44112054c27',
'sha256': '46ec84efe9d905259a62b3683ef2d2b84cce84f308b35673c7ac990105656d55',
'size': '916',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_VERSION'},
{'entropy': 5.020695082894528,
'extended_mimetype': 'ASCII text, with CRLF line '
'terminators',
'language': 'LANG_ENGLISH',
'md5': '5a32206e4bb9d06170ae00fa980db49b',
'mimetype': 'text/plain',
'offset': '313820',
'sha1': '126a45f48625322ba11eb0acf1ade9115ad6802b',
'sha256': '9f2fc067639866642bb1a73fb43006d233e569d25566b16dedec472fe5d3c5c3',
'size': '598',
'sublanguage': 'SUBLANG_ENGLISH_US',
'type': 'RT_MANIFEST'}),
'resources_by_language': {'LANG_ENGLISH': 15},
'resources_by_type': {'RT_GROUP_ICON': 1,
'RT_ICON': 10,
'RT_MANIFEST': 1,
'RT_RCDATA': 2,
'RT_VERSION': 1},
'rich_header_hash_sha256': '1a6311d6d250da7693252a2f5d260605d4ba5af3f0536ec096e302c890ef9303',
'sections': ({'entropy': 5.704049037262922,
'md5': '2cf0f922cda9cd58f9699c72aa837632',
'name': '.text',
'raw_size': '3584',
'sha1': '6bd8eafe894137745e6be19f3f2ff3aaf15cc684',
'sha256': '329edbe484e578c2beb047d82b2cbced38a591546761a26c0861c2490211fb80',
'virtual_address': '4096',
'virtual_size': '3146'},
{'entropy': 4.8144941287351415,
'md5': 'e3be7162b7aee073c8340a3f3a98ddb5',
'name': '.rdata',
'raw_size': '2048',
'sha1': 'ee8f2291da3fbd52ebab4f29a651cc8aa2b8a0ef',
'sha256': '2f8355d4de002e4b3b02395cec2466b6f87e3ea86b5ed2e2a51eb111561f6b31',
'virtual_address': '8192',
'virtual_size': '1930'},
{'entropy': 0.49065711983219923,
'md5': '83de01d7b98f85507b8a8d245d8b2d78',
'name': '.data',
'raw_size': '512',
'sha1': 'eb62fa94b0f85587cb27cfe683360f364c142175',
'sha256': '137c320a6728e19fc0844249352902eec45a09372a2cd90c95cf12c7b1e9fa5a',
'virtual_address': '12288',
'virtual_size': '928'},
{'entropy': 5.8165484760888795,
'md5': '9ad352f347aa938acecc286c25d7a80f',
'name': '.rsrc',
'raw_size': '298496',
'sha1': '812f872188894c242aa66680813ba67fa1bbb2e5',
'sha256': 'cb95af75e402f204e1a024d5a9bfdcb37b1d7c64977010868c90dedca4582a8c',
'virtual_address': '16384',
'virtual_size': '298036'},
{'entropy': 2.566006189827256,
'md5': '825779c60d0f485d5c210a2a408ee624',
'name': '.reloc',
'raw_size': '1536',
'sha1': '64fd9dd6cfe548a9b2e2fbc45941f8d593604ebb',
'sha256': '3eca94132a88cfa6283f697d596986502277f56ff134f94bb795e5d5bd58690f',
'virtual_address': '315392',
'virtual_size': '1184'}),
'terminal_server_aware': True,
'uses_aslr': True,
'uses_cfg': False,
'uses_dep': True,
'uses_seh': True,
'verify_checksum': False,
'warnings': ("Byte 0xff makes up 18.9221% of the file's contents. "
'This may indicate truncation / malformation.',
'Suspicious flags set for section 5. Both '
'IMAGE_SCN_MEM_WRITE and IMAGE_SCN_MEM_EXECUTE are '
'set. This might indicate a packed executable.'),
'wdm_driver': False},
'polyunite': {'labels': ('virus', 'downloader', 'prepender'),
'malware_family': 'Otwycal',
'operating_system': ('Windows',)},
'scan': {'countries': ('US',),
'detections': {'benign': 2, 'malicious': 12, 'total': 14},
'filename': ('2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',),
'first_scan': {'Alibaba': {'assertion': 'malicious',
'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
'ClamAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
'Concinnity': {'assertion': 'benign',
'metadata': {'malware_family': ''}},
'Crowdstrike Falcon ML': {'assertion': 'unknown',
'metadata': {}},
'Cyberstanc_scrutiny': {'assertion': 'malicious',
'metadata': {}},
'DrWeb': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
'Electron': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Filseclab': {'assertion': 'malicious',
'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
'Ikarus': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.Outbreak'}},
'Lionic': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
'NanoAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
'Proton': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Qihoo 360': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
'RedDrip APT Scanner - RAS': {'assertion': 'benign',
'metadata': {}},
'SecureAge': {'assertion': 'malicious',
'metadata': {'malware_family': 'Malicious'}},
'SentinelOne Static ML': {'assertion': 'unknown',
'metadata': {'malware_family': ''}},
'artifact_instance_id': '8797560413793627',
'assertions': {'Alibaba': {'assertion': 'malicious',
'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
'ClamAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
'Concinnity': {'assertion': 'benign',
'metadata': {'malware_family': ''}},
'Crowdstrike Falcon ML': {'assertion': 'unknown',
'metadata': {}},
'Cyberstanc_scrutiny': {'assertion': 'malicious',
'metadata': {}},
'DrWeb': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
'Electron': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Filseclab': {'assertion': 'malicious',
'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
'Ikarus': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.Outbreak'}},
'Lionic': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
'NanoAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
'Proton': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Qihoo 360': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
'RedDrip APT Scanner - RAS': {'assertion': 'benign',
'metadata': {}},
'SecureAge': {'assertion': 'malicious',
'metadata': {'malware_family': 'Malicious'}},
'SentinelOne Static ML': {'assertion': 'unknown',
'metadata': {'malware_family': ''}}},
'created': '2022-08-18T17:57:47.740301+00:00',
'detections': {'benign': 2,
'malicious': 12,
'total': 14},
'filename': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',
'polyscore': 0.9999992152897648,
'votes': {}},
'first_seen': '2022-08-18T17:57:47.740301+00:00',
'last_seen': '2022-08-18T17:57:47.740301+00:00',
'latest_scan': {'Alibaba': {'assertion': 'malicious',
'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
'ClamAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
'Concinnity': {'assertion': 'benign',
'metadata': {'malware_family': ''}},
'Crowdstrike Falcon ML': {'assertion': 'unknown',
'metadata': {}},
'Cyberstanc_scrutiny': {'assertion': 'malicious',
'metadata': {}},
'DrWeb': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
'Electron': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Filseclab': {'assertion': 'malicious',
'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
'Ikarus': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.Outbreak'}},
'Lionic': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
'NanoAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
'Proton': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Qihoo 360': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
'RedDrip APT Scanner - RAS': {'assertion': 'benign',
'metadata': {}},
'SecureAge': {'assertion': 'malicious',
'metadata': {'malware_family': 'Malicious'}},
'SentinelOne Static ML': {'assertion': 'unknown',
'metadata': {'malware_family': ''}},
'artifact_instance_id': '8797560413793627',
'assertions': {'Alibaba': {'assertion': 'malicious',
'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
'ClamAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
'Concinnity': {'assertion': 'benign',
'metadata': {'malware_family': ''}},
'Crowdstrike Falcon ML': {'assertion': 'unknown',
'metadata': {}},
'Cyberstanc_scrutiny': {'assertion': 'malicious',
'metadata': {}},
'DrWeb': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
'Electron': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Filseclab': {'assertion': 'malicious',
'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
'Ikarus': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win32.Outbreak'}},
'Lionic': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
'NanoAV': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
'Proton': {'assertion': 'malicious',
'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
'Qihoo 360': {'assertion': 'malicious',
'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
'RedDrip APT Scanner - RAS': {'assertion': 'benign',
'metadata': {}},
'SecureAge': {'assertion': 'malicious',
'metadata': {'malware_family': 'Malicious'}},
'SentinelOne Static ML': {'assertion': 'unknown',
'metadata': {'malware_family': ''}}},
'created': '2022-08-18T17:57:47.740301+00:00',
'detections': {'benign': 2,
'malicious': 12,
'total': 14},
'filename': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',
'polyscore': 0.9999992152897648,
'votes': {}},
'mimetype': {'extended': 'PE32 executable (GUI) Intel 80386, for MS '
'Windows',
'mime': 'application/x-dosexec'}},
'updated': {'exiftool': '2022-08-18T17:57:50.693418',
'hash': '2022-08-18T17:57:49.862943',
'lief': '2022-08-18T17:57:50.015425',
'pefile': '2022-08-18T17:57:50.485439',
'polyunite': '2022-08-18T17:58:24.717808'}}
file:bytes=sha256:2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
.created = 2024/11/19 21:26:03.610
:_polyswarm:polyscore = 0.9999992152897648
:md5 = 3a7d7c06ce418eb97dc0e336d2eb70f7
:name = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
:sha1 = 05babd85001462f51c009ff5802a3f53a72f35d5
:sha256 = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
#rep.polyswarm.mal.otwycal
Use of meta:source nodes
Synapse-PolySwarm uses a meta:source node and -(seen)> light
weight edges to track nodes observed from the PolySwarm API.
> meta:source=1ef4510e8cb56ccf439960bd15e247c5
meta:source=1ef4510e8cb56ccf439960bd15e247c5
.created = 2024/11/19 21:26:03.601
:name = polyswarm api