User Guide

Synapse-PolySwarm User Guide

Synapse-PolySwarm adds new Storm commands to allow you to query the PolySwarm API using your existing API key.

Getting Started

Check with your Admin to enable permissions and find out if you need a personal API key.

Examples

Setting your personal API key

To set-up a personal use API key:

> polyswarm.setup.apikey --self myapikey
Setting PolySwarm API key for the current user.

Run a custom search of the PolySwarm metadata

The polyswarm.metadata.search command can be used to execute a search of PolySwarm metadata and ingest resulting file:bytes nodes including associated it:av:filehit nodes to annotate AV scan results. The query is specified using Elastic Search syntax.

> polyswarm.metadata.search --size 2 "scan.latest_scan.ClamAV.assertion:malicious AND scan.detections.malicious:>1"
file:bytes=sha256:2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
        .created = 2024/03/28 14:50:29.660
        :_polyswarm:polyscore = 0.9999992152897648
        :md5 = 3a7d7c06ce418eb97dc0e336d2eb70f7
        :name = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
        :sha1 = 05babd85001462f51c009ff5802a3f53a72f35d5
        :sha256 = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
        #rep.polyswarm.mal.otwycal
file:bytes=sha256:57affabeeb30e313ad942abefa203de63c35a2d43528d43288979512181b2faf
        .created = 2024/03/28 14:50:30.518
        :_polyswarm:polyscore = 0.999997386328349
        :md5 = e4783c08d2b78b70554cd7486b9edb6a
        :name = 57affabeeb30e313ad942abefa203de63c35a2d43528d43288979512181b2faf
        :sha1 = cd8c27ea53782fbed547939d9ad49d9032d7c00d
        :sha256 = 57affabeeb30e313ad942abefa203de63c35a2d43528d43288979512181b2faf
        #rep.polyswarm.mal.otwycal

The query is recorded using an it:exec:query node which is linked to the resulting file:bytes nodes via a -(found)> light-weight edge.

> it:exec:query
it:exec:query=923669aafe9e059a6879116f5c015d7c
        .created = 2024/03/28 14:50:29.611
        :api:url = https://api.polyswarm.network/v3/search/metadata/query
        :language = polyswarm-metadata
        :text = scan.latest_scan.ClamAV.assertion:malicious AND scan.detections.malicious:>1
        :time = 2024/03/28 14:50:29.540

You may also use the --debug option to print the returned JSON blob to review the available fields which you can use in a query.

> polyswarm.metadata.search --debug --size 1 "scan.latest_scan.ClamAV.assertion:malicious AND scan.detections.malicious:>1"
{'artifact': {'created': '2022-08-18T17:57:47.740301+00:00',
              'id': '15549339119999329',
              'md5': '3a7d7c06ce418eb97dc0e336d2eb70f7',
              'sha1': '05babd85001462f51c009ff5802a3f53a72f35d5',
              'sha256': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280'},
 'exiftool': {'characterset': 'Windows, Latin1',
              'codesize': 19968,
              'companyname': 'Apache Software Foundation',
              'entrypoint': '0x4e000',
              'filedescription': 'OpenOffice Writer',
              'fileflags': '(none)',
              'fileflagsmask': '0x003f',
              'fileos': 'Windows NT 32-bit',
              'filesize': '316 KiB',
              'filesubtype': 0,
              'filetype': 'Win32 EXE',
              'filetypeextension': 'exe',
              'fileversion': '4.00.9800',
              'fileversionnumber': '4.0.9800.500',
              'imageversion': 0.0,
              'initializeddatasize': 302592,
              'internalname': 'swriter',
              'languagecode': 'German',
              'linkerversion': 9.0,
              'machinetype': 'Intel 386 or later, and compatibles',
              'mimetype': 'application/octet-stream',
              'objectfiletype': 'Executable application',
              'originalfilename': 'swriter.exe',
              'osversion': 5.0,
              'petype': 'PE32',
              'productversion': '4.00.9800',
              'productversionnumber': '4.0.9800.500',
              'subsystem': 'Windows GUI',
              'subsystemversion': 5.0,
              'timestamp': '2019:09:03 20:06:46+00:00',
              'uninitializeddatasize': 0},
 'hash': {'authentihash': '71ae4c1ab3e1a6b49e3e33e71517149a237757cb12fd97e58dc0207e7f15ad9a',
          'md5': '3a7d7c06ce418eb97dc0e336d2eb70f7',
          'sha1': '05babd85001462f51c009ff5802a3f53a72f35d5',
          'sha256': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',
          'sha3_256': '64274dcdb0ad9ed7afb6768117607c7eb2d435a95c9508aab1e2e1a3fdfe080a',
          'sha3_512': 'b38a902cd28ecbf25be702c416a352be1c728ff6e59a04f49d8d7c74e8e9f0e61b2631115b003b69f1505005987bd5efa8b800b5d2f9082dae79cbaf85a6501e',
          'sha512': '5d0de1bf8c1ae3a69856204593852061c748436bde3a55efd3292de936ae0e6cc6591b39726cdb6ebc640a49c16aac2724c29387959a69a08e7f8ce9fa2ef5a0',
          'ssdeep': '1536:uUZqkTZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZLYT0jcGZrr:ufO4S/B5LN/iFtIIN',
          'tlsh': '856422d14118ee13c9d1c57e04f625239ad2bc668199b04d2e68b3bb7c3f2dd8e9ed21'},
 'lief': {'entrypoint': 4513792,
          'exported_functions': (),
          'has_nx': True,
          'imported_functions': ('CommandLineToArgvW',
                                 '?terminate@@YAXXZ',
                                 '_unlock',
                                 '__dllonexit',
                                 '_crt_debugger_hook',
                                 '_onexit',
                                 '_except_handler4_common',
                                 '_invoke_watson',
                                 '_controlfp_s',
                                 '__set_app_type',
                                 '_encode_pointer',
                                 '__p__fmode',
                                 '__p__commode',
                                 '_adjust_fdiv',
                                 '__setusermatherr',
                                 '_configthreadlocale',
                                 '_initterm_e',
                                 '_initterm',
                                 '_wcmdln',
                                 'exit',
                                 '_XcptFilter',
                                 '_exit',
                                 '_cexit',
                                 '__wgetmainargs',
                                 '_amsg_exit',
                                 'memset',
                                 '_wsplitpath',
                                 '_wmakepath',
                                 '_lock',
                                 '_decode_pointer',
                                 'GetSystemTimeAsFileTime',
                                 'GetTickCount',
                                 'QueryPerformanceCounter',
                                 'IsDebuggerPresent',
                                 'SetUnhandledExceptionFilter',
                                 'UnhandledExceptionFilter',
                                 'GetCurrentProcess',
                                 'TerminateProcess',
                                 'InterlockedCompareExchange',
                                 'Sleep',
                                 'InterlockedExchange',
                                 'GetStartupInfoW',
                                 'GetCommandLineW',
                                 'GetModuleFileNameW',
                                 'CreateProcessW',
                                 'WaitForSingleObject',
                                 'CloseHandle',
                                 'GetLastError',
                                 'FormatMessageW',
                                 'LocalFree',
                                 'GetCurrentProcessId',
                                 'GetCurrentThreadId',
                                 'MessageBoxW'),
          'is_pie': True,
          'libraries': ('SHELL32.dll',
                        'MSVCR90.dll',
                        'KERNEL32.dll',
                        'USER32.dll'),
          'virtual_size': 335872},
 'modified': '2022-08-18T17:58:24.717808',
 'pefile': {'app_container': False,
            'compile_date': '2019-09-03 20:06:46',
            'exports': (),
            'force_integrity': False,
            'force_no_isolation': False,
            'has_debug_info': True,
            'has_export_table': False,
            'has_import_table': True,
            'high_entropy_aslr': False,
            'imphash': 'cf436b2d8382be2acb3225554d5da2ff',
            'imported_functions': ('CommandLineToArgvW',
                                   '?terminate@@YAXXZ',
                                   '_unlock',
                                   '__dllonexit',
                                   '_crt_debugger_hook',
                                   '_onexit',
                                   '_except_handler4_common',
                                   '_invoke_watson',
                                   '_controlfp_s',
                                   '__set_app_type',
                                   '_encode_pointer',
                                   '__p__fmode',
                                   '__p__commode',
                                   '_adjust_fdiv',
                                   '__setusermatherr',
                                   '_configthreadlocale',
                                   '_initterm_e',
                                   '_initterm',
                                   '_wcmdln',
                                   'exit',
                                   '_XcptFilter',
                                   '_exit',
                                   '_cexit',
                                   '__wgetmainargs',
                                   '_amsg_exit',
                                   'memset',
                                   '_wsplitpath',
                                   '_wmakepath',
                                   '_lock',
                                   '_decode_pointer',
                                   'GetSystemTimeAsFileTime',
                                   'GetTickCount',
                                   'QueryPerformanceCounter',
                                   'IsDebuggerPresent',
                                   'SetUnhandledExceptionFilter',
                                   'UnhandledExceptionFilter',
                                   'GetCurrentProcess',
                                   'TerminateProcess',
                                   'InterlockedCompareExchange',
                                   'Sleep',
                                   'InterlockedExchange',
                                   'GetStartupInfoW',
                                   'GetCommandLineW',
                                   'GetModuleFileNameW',
                                   'CreateProcessW',
                                   'WaitForSingleObject',
                                   'CloseHandle',
                                   'GetLastError',
                                   'FormatMessageW',
                                   'LocalFree',
                                   'GetCurrentProcessId',
                                   'GetCurrentThreadId',
                                   'MessageBoxW'),
            'is_dll': False,
            'is_driver': False,
            'is_exe': True,
            'is_probably_packed': False,
            'libraries': ('SHELL32.dll',
                          'MSVCR90.dll',
                          'KERNEL32.dll',
                          'USER32.dll'),
            'no_bind': False,
            'pdb': ('C:\\Source\\openoffice\\main\\desktop\\wntmsci12.pro\\bin\\swriter.pdb',),
            'pdb_guids': ('{48e79735-f89d-4044-b7db5b0ba5ab820e}',),
            'resources': ({'entropy': 2.8620125261651017,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': 'bae11528e82987ecaf30896a1bd4cc35',
                           'mimetype': 'application/octet-stream',
                           'offset': '17268',
                           'sha1': '434648ed74119a1abeb7bfbd06f82be2604810ca',
                           'sha256': '1cbc3d246cd0c2551e59e38ebc06a8afa237f48be7796891b607cd9600fbb76d',
                           'size': '1640',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 3.2353814111800454,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': '577bd8e5e7b875a600c736264e73f473',
                           'mimetype': 'application/octet-stream',
                           'offset': '18908',
                           'sha1': '47da9be6215e0ab8a4a8f5cfa3074e72e96dfb6d',
                           'sha256': '57987b54fd1797eb9ced88b6e6a8d3e90b65000c327f7606fc75fc932381fab5',
                           'size': '744',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 3.281099688151822,
                           'extended_mimetype': 'GLS_BINARY_LSB_FIRST',
                           'language': 'LANG_ENGLISH',
                           'md5': 'f3c08905a58315885f3493daa9fc8c57',
                           'mimetype': 'application/octet-stream',
                           'offset': '19652',
                           'sha1': '71985335a5eca309312db30c1600443d7a465d8f',
                           'sha256': '9cb7a67d0d946e72e1f63e98670642964553b6d5392645f1a11c4d1d9ad7f339',
                           'size': '296',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 6.542641119226872,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': '8661e9b4d9df7ee1a6bb6ba0dc7872ab',
                           'mimetype': 'application/octet-stream',
                           'offset': '19948',
                           'sha1': '0c4ff96c51a95a527c6e93e407a4729f28833b47',
                           'sha256': '7806496ad28c2eab013d6286a2c5aadac3777b14e6e8991d27250f66e0998664',
                           'size': '3752',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 6.537505568998333,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': '59448a2788be2a36f915a70de6e652e9',
                           'mimetype': 'application/octet-stream',
                           'offset': '23700',
                           'sha1': 'd8796ecc8ff93255f9fdeab57df15351c134367f',
                           'sha256': '5af58ca63920f2199f9c736a0e64495446f9533115b6edf0a2db9f2ba1a45d54',
                           'size': '2216',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 4.685875828832479,
                           'extended_mimetype': 'GLS_BINARY_LSB_FIRST',
                           'language': 'LANG_ENGLISH',
                           'md5': '544974682ad33c61db7da567f9a5e658',
                           'mimetype': 'application/octet-stream',
                           'offset': '25916',
                           'sha1': '6e3760a2e2393e63ca95106354b3bd78d0d7d9e0',
                           'sha256': '8dd13aefef2516cd19dec9531a59b6480da86be5f2a13df646edad9b6430bb6f',
                           'size': '1384',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 5.718169121417516,
                           'extended_mimetype': 'dBase III DBT, version number '
                                                '0, next free block index 40',
                           'language': 'LANG_ENGLISH',
                           'md5': 'fa6987dc69b58ead0fb5011c24e2dc02',
                           'mimetype': 'application/octet-stream',
                           'offset': '27300',
                           'sha1': 'b1fe56a2d345536bfb5958c45c640ebaa44a642b',
                           'sha256': 'c786ad9e8a8ba2a66eb3df9e7c7a3c939175e04956e8a04c1a41c59fed62c0bf',
                           'size': '270376',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 6.177281609901054,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': '91b76456d6b0b07176862df18a4b3c9d',
                           'mimetype': 'application/octet-stream',
                           'offset': '297676',
                           'sha1': 'cb2ad10937f1a61fb06bfe649f5a52a14946937e',
                           'sha256': '061ceb5213fa5cb669a4a219789d25ced9fbec2d5387ec5a1cbb19056a9ad768',
                           'size': '9640',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 6.242882688123039,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': 'f508cb5739834e4ad8fbc93af887f864',
                           'mimetype': 'application/octet-stream',
                           'offset': '307316',
                           'sha1': '8bf8077890435544c6e5a19823d56b2031f0a023',
                           'sha256': '06830f08ff19daa676ee086195cd779a4debb9202a34609e0fa3615982f8c7cb',
                           'size': '4264',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 6.239446066895165,
                           'extended_mimetype': 'GLS_BINARY_LSB_FIRST',
                           'language': 'LANG_ENGLISH',
                           'md5': 'a38244e8b0f6aba387abc0f582073604',
                           'mimetype': 'application/octet-stream',
                           'offset': '311580',
                           'sha1': '195109aadde3c2746013ccf51026b7808a30edf7',
                           'sha256': '04015f5d0b607727f7b1a0650d214802d079f061a7a77ad08903f5c51420211d',
                           'size': '1128',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_ICON'},
                          {'entropy': 2.0998438973656643,
                           'extended_mimetype': 'ASCII text, with no line '
                                                'terminators',
                           'language': 'LANG_ENGLISH',
                           'md5': '400949f703d618537213d34e65fd4194',
                           'mimetype': 'text/plain',
                           'offset': '312708',
                           'sha1': '19f485b17174eeb28ebfcb863d875dbedd145384',
                           'sha256': '628a5e9816a06413e63e030f3b3e22bb01fa5cd1145cd75de8eaa8b19946a46f',
                           'size': '26',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_RCDATA'},
                          {'entropy': 3.3393538721672007,
                           'extended_mimetype': 'SysEx File -',
                           'language': 'LANG_ENGLISH',
                           'md5': 'fccd769330892c2cd918da9992a9b898',
                           'mimetype': 'application/octet-stream',
                           'offset': '312736',
                           'sha1': 'a5d8eb46850b8c931368b0aa946471336ac31650',
                           'sha256': '223531f0f7bc75cf37fee20a9b430735aadd1af8d52cd1f54ef68a4c4ff51522',
                           'size': '20',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_RCDATA'},
                          {'entropy': 2.8816230302579715,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': 'f31e83f3983ae6f10ef166a7a686c680',
                           'mimetype': 'application/octet-stream',
                           'offset': '312756',
                           'sha1': '54a844e25e8e2d64e6433dddffd8aeabf71fee22',
                           'sha256': 'aebb98855fa8fc3adb0efcf4888a7354e50ed0e47688f6b6ad5e18a1db6399b7',
                           'size': '146',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_GROUP_ICON'},
                          {'entropy': 3.1155457175256616,
                           'extended_mimetype': 'data',
                           'language': 'LANG_ENGLISH',
                           'md5': 'b8908beb1f9b4eac7690b6447e856d83',
                           'mimetype': 'application/octet-stream',
                           'offset': '312904',
                           'sha1': 'a577d0bef0876ac9581ada6f5c5cc44112054c27',
                           'sha256': '46ec84efe9d905259a62b3683ef2d2b84cce84f308b35673c7ac990105656d55',
                           'size': '916',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_VERSION'},
                          {'entropy': 5.020695082894528,
                           'extended_mimetype': 'ASCII text, with CRLF line '
                                                'terminators',
                           'language': 'LANG_ENGLISH',
                           'md5': '5a32206e4bb9d06170ae00fa980db49b',
                           'mimetype': 'text/plain',
                           'offset': '313820',
                           'sha1': '126a45f48625322ba11eb0acf1ade9115ad6802b',
                           'sha256': '9f2fc067639866642bb1a73fb43006d233e569d25566b16dedec472fe5d3c5c3',
                           'size': '598',
                           'sublanguage': 'SUBLANG_ENGLISH_US',
                           'type': 'RT_MANIFEST'}),
            'resources_by_language': {'LANG_ENGLISH': 15},
            'resources_by_type': {'RT_GROUP_ICON': 1,
                                  'RT_ICON': 10,
                                  'RT_MANIFEST': 1,
                                  'RT_RCDATA': 2,
                                  'RT_VERSION': 1},
            'rich_header_hash_sha256': '1a6311d6d250da7693252a2f5d260605d4ba5af3f0536ec096e302c890ef9303',
            'sections': ({'entropy': 5.704049037262922,
                          'md5': '2cf0f922cda9cd58f9699c72aa837632',
                          'name': '.text',
                          'raw_size': '3584',
                          'sha1': '6bd8eafe894137745e6be19f3f2ff3aaf15cc684',
                          'sha256': '329edbe484e578c2beb047d82b2cbced38a591546761a26c0861c2490211fb80',
                          'virtual_address': '4096',
                          'virtual_size': '3146'},
                         {'entropy': 4.8144941287351415,
                          'md5': 'e3be7162b7aee073c8340a3f3a98ddb5',
                          'name': '.rdata',
                          'raw_size': '2048',
                          'sha1': 'ee8f2291da3fbd52ebab4f29a651cc8aa2b8a0ef',
                          'sha256': '2f8355d4de002e4b3b02395cec2466b6f87e3ea86b5ed2e2a51eb111561f6b31',
                          'virtual_address': '8192',
                          'virtual_size': '1930'},
                         {'entropy': 0.49065711983219923,
                          'md5': '83de01d7b98f85507b8a8d245d8b2d78',
                          'name': '.data',
                          'raw_size': '512',
                          'sha1': 'eb62fa94b0f85587cb27cfe683360f364c142175',
                          'sha256': '137c320a6728e19fc0844249352902eec45a09372a2cd90c95cf12c7b1e9fa5a',
                          'virtual_address': '12288',
                          'virtual_size': '928'},
                         {'entropy': 5.8165484760888795,
                          'md5': '9ad352f347aa938acecc286c25d7a80f',
                          'name': '.rsrc',
                          'raw_size': '298496',
                          'sha1': '812f872188894c242aa66680813ba67fa1bbb2e5',
                          'sha256': 'cb95af75e402f204e1a024d5a9bfdcb37b1d7c64977010868c90dedca4582a8c',
                          'virtual_address': '16384',
                          'virtual_size': '298036'},
                         {'entropy': 2.566006189827256,
                          'md5': '825779c60d0f485d5c210a2a408ee624',
                          'name': '.reloc',
                          'raw_size': '1536',
                          'sha1': '64fd9dd6cfe548a9b2e2fbc45941f8d593604ebb',
                          'sha256': '3eca94132a88cfa6283f697d596986502277f56ff134f94bb795e5d5bd58690f',
                          'virtual_address': '315392',
                          'virtual_size': '1184'}),
            'terminal_server_aware': True,
            'uses_aslr': True,
            'uses_cfg': False,
            'uses_dep': True,
            'uses_seh': True,
            'verify_checksum': False,
            'warnings': ("Byte 0xff makes up 18.9221% of the file's contents. "
                         'This may indicate truncation / malformation.',
                         'Suspicious flags set for section 5. Both '
                         'IMAGE_SCN_MEM_WRITE and IMAGE_SCN_MEM_EXECUTE are '
                         'set. This might indicate a packed executable.'),
            'wdm_driver': False},
 'polyunite': {'labels': ('virus', 'downloader', 'prepender'),
               'malware_family': 'Otwycal',
               'operating_system': ('Windows',)},
 'scan': {'countries': ('US',),
          'detections': {'benign': 2, 'malicious': 12, 'total': 14},
          'filename': ('2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',),
          'first_scan': {'Alibaba': {'assertion': 'malicious',
                                     'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
                         'ClamAV': {'assertion': 'malicious',
                                    'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
                         'Concinnity': {'assertion': 'benign',
                                        'metadata': {'malware_family': ''}},
                         'Crowdstrike Falcon ML': {'assertion': 'unknown',
                                                   'metadata': {}},
                         'Cyberstanc_scrutiny': {'assertion': 'malicious',
                                                 'metadata': {}},
                         'DrWeb': {'assertion': 'malicious',
                                   'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
                         'Electron': {'assertion': 'malicious',
                                      'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                         'Filseclab': {'assertion': 'malicious',
                                       'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
                         'Ikarus': {'assertion': 'malicious',
                                    'metadata': {'malware_family': 'Win32.Outbreak'}},
                         'Lionic': {'assertion': 'malicious',
                                    'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
                         'NanoAV': {'assertion': 'malicious',
                                    'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
                         'Proton': {'assertion': 'malicious',
                                    'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                         'Qihoo 360': {'assertion': 'malicious',
                                       'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
                         'RedDrip APT Scanner - RAS': {'assertion': 'benign',
                                                       'metadata': {}},
                         'SecureAge': {'assertion': 'malicious',
                                       'metadata': {'malware_family': 'Malicious'}},
                         'SentinelOne Static ML': {'assertion': 'unknown',
                                                   'metadata': {'malware_family': ''}},
                         'artifact_instance_id': '8797560413793627',
                         'assertions': {'Alibaba': {'assertion': 'malicious',
                                                    'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
                                        'ClamAV': {'assertion': 'malicious',
                                                   'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
                                        'Concinnity': {'assertion': 'benign',
                                                       'metadata': {'malware_family': ''}},
                                        'Crowdstrike Falcon ML': {'assertion': 'unknown',
                                                                  'metadata': {}},
                                        'Cyberstanc_scrutiny': {'assertion': 'malicious',
                                                                'metadata': {}},
                                        'DrWeb': {'assertion': 'malicious',
                                                  'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
                                        'Electron': {'assertion': 'malicious',
                                                     'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                                        'Filseclab': {'assertion': 'malicious',
                                                      'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
                                        'Ikarus': {'assertion': 'malicious',
                                                   'metadata': {'malware_family': 'Win32.Outbreak'}},
                                        'Lionic': {'assertion': 'malicious',
                                                   'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
                                        'NanoAV': {'assertion': 'malicious',
                                                   'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
                                        'Proton': {'assertion': 'malicious',
                                                   'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                                        'Qihoo 360': {'assertion': 'malicious',
                                                      'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
                                        'RedDrip APT Scanner - RAS': {'assertion': 'benign',
                                                                      'metadata': {}},
                                        'SecureAge': {'assertion': 'malicious',
                                                      'metadata': {'malware_family': 'Malicious'}},
                                        'SentinelOne Static ML': {'assertion': 'unknown',
                                                                  'metadata': {'malware_family': ''}}},
                         'created': '2022-08-18T17:57:47.740301+00:00',
                         'detections': {'benign': 2,
                                        'malicious': 12,
                                        'total': 14},
                         'filename': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',
                         'polyscore': 0.9999992152897648,
                         'votes': {}},
          'first_seen': '2022-08-18T17:57:47.740301+00:00',
          'last_seen': '2022-08-18T17:57:47.740301+00:00',
          'latest_scan': {'Alibaba': {'assertion': 'malicious',
                                      'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
                          'ClamAV': {'assertion': 'malicious',
                                     'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
                          'Concinnity': {'assertion': 'benign',
                                         'metadata': {'malware_family': ''}},
                          'Crowdstrike Falcon ML': {'assertion': 'unknown',
                                                    'metadata': {}},
                          'Cyberstanc_scrutiny': {'assertion': 'malicious',
                                                  'metadata': {}},
                          'DrWeb': {'assertion': 'malicious',
                                    'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
                          'Electron': {'assertion': 'malicious',
                                       'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                          'Filseclab': {'assertion': 'malicious',
                                        'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
                          'Ikarus': {'assertion': 'malicious',
                                     'metadata': {'malware_family': 'Win32.Outbreak'}},
                          'Lionic': {'assertion': 'malicious',
                                     'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
                          'NanoAV': {'assertion': 'malicious',
                                     'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
                          'Proton': {'assertion': 'malicious',
                                     'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                          'Qihoo 360': {'assertion': 'malicious',
                                        'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
                          'RedDrip APT Scanner - RAS': {'assertion': 'benign',
                                                        'metadata': {}},
                          'SecureAge': {'assertion': 'malicious',
                                        'metadata': {'malware_family': 'Malicious'}},
                          'SentinelOne Static ML': {'assertion': 'unknown',
                                                    'metadata': {'malware_family': ''}},
                          'artifact_instance_id': '8797560413793627',
                          'assertions': {'Alibaba': {'assertion': 'malicious',
                                                     'metadata': {'malware_family': 'Gene.Win.Harmlet.21567-2479'}},
                                         'ClamAV': {'assertion': 'malicious',
                                                    'metadata': {'malware_family': 'Win.Virus.Wapomi-138'}},
                                         'Concinnity': {'assertion': 'benign',
                                                        'metadata': {'malware_family': ''}},
                                         'Crowdstrike Falcon ML': {'assertion': 'unknown',
                                                                   'metadata': {}},
                                         'Cyberstanc_scrutiny': {'assertion': 'malicious',
                                                                 'metadata': {}},
                                         'DrWeb': {'assertion': 'malicious',
                                                   'metadata': {'malware_family': 'Win32.HLLP.Protil.1'}},
                                         'Electron': {'assertion': 'malicious',
                                                      'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                                         'Filseclab': {'assertion': 'malicious',
                                                       'metadata': {'malware_family': 'Suspicious:Virus.880000008365EC0083.mg'}},
                                         'Ikarus': {'assertion': 'malicious',
                                                    'metadata': {'malware_family': 'Win32.Outbreak'}},
                                         'Lionic': {'assertion': 'malicious',
                                                    'metadata': {'malware_family': 'Virus.Win32.Otwycal.n!c'}},
                                         'NanoAV': {'assertion': 'malicious',
                                                    'metadata': {'malware_family': 'Virus.Win32.Otwycal.dszex'}},
                                         'Proton': {'assertion': 'malicious',
                                                    'metadata': {'malware_family': 'Win.Virus.Wapomi'}},
                                         'Qihoo 360': {'assertion': 'malicious',
                                                       'metadata': {'malware_family': 'Virus.Win32.Downloader.AB'}},
                                         'RedDrip APT Scanner - RAS': {'assertion': 'benign',
                                                                       'metadata': {}},
                                         'SecureAge': {'assertion': 'malicious',
                                                       'metadata': {'malware_family': 'Malicious'}},
                                         'SentinelOne Static ML': {'assertion': 'unknown',
                                                                   'metadata': {'malware_family': ''}}},
                          'created': '2022-08-18T17:57:47.740301+00:00',
                          'detections': {'benign': 2,
                                         'malicious': 12,
                                         'total': 14},
                          'filename': '2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280',
                          'polyscore': 0.9999992152897648,
                          'votes': {}},
          'mimetype': {'extended': 'PE32 executable (GUI) Intel 80386, for MS '
                                   'Windows',
                       'mime': 'application/x-dosexec'}},
 'updated': {'exiftool': '2022-08-18T17:57:50.693418',
             'hash': '2022-08-18T17:57:49.862943',
             'lief': '2022-08-18T17:57:50.015425',
             'pefile': '2022-08-18T17:57:50.485439',
             'polyunite': '2022-08-18T17:58:24.717808'}}
file:bytes=sha256:2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
        .created = 2024/03/28 14:50:29.660
        :_polyswarm:polyscore = 0.9999992152897648
        :md5 = 3a7d7c06ce418eb97dc0e336d2eb70f7
        :name = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
        :sha1 = 05babd85001462f51c009ff5802a3f53a72f35d5
        :sha256 = 2987abcfa4232363b1b7e1280761c0da51e714dc4635a57daef218372cc1c280
        #rep.polyswarm.mal.otwycal

Use of meta:source nodes

Synapse-PolySwarm uses a meta:source node and -(seen)> light weight edges to track nodes observed from the PolySwarm API.

> meta:source=1ef4510e8cb56ccf439960bd15e247c5
meta:source=1ef4510e8cb56ccf439960bd15e247c5
        .created = 2024/03/28 14:50:29.651
        :name = polyswarm api