Documentation Home Maltego Training Maltego Blog Contact Us
Welcome
Login
Open navigation

PolySwarm

Modified on: Wed, 15 Feb, 2023 at 10:33 AM

Overview

The PolySwarm integration for Maltego allows users to pivot and right-click on any file hash, domain, or IP address to gain insights into the malware behind it. Users may pivot on enrichments to discover related intelligence for a given malware campaign. Users may also subscribe to a feed of the freshest malware seen by PolySwarm for detection/blocking. PolySwarm provides users with the option to upload, scan and sandbox any malware sample on demand.

  • Simple right-click insights into any malware file hash or malware infrastructure
  • Feeds of brand-new and first-seen malware variants for automated detection and blocking
  • High-speed analysis of new suspicious file samples through sandboxing and specialized niche analysis engines
  • Create a centralized knowledge repository to maintain investigative intelligence.


The Polyswarm Hub item includes the following types of Transforms:

  • Scam Transforms
  • Hash Transforms
  • Metadata Transforms (Available with data subscriptions)


To learn more about these Transform types, check out our FAQ.

You can also read more about PolySwarm Transforms for Maltego here.

 

Pricing & Access

Community Hub

Maltego Community Edition users have the following purchase options:


  • CLICK-AND-RUN (CE)

Simply install and start using the Hub item with a data allowance of 50 Transform runs per month.


Commercial Hub

Maltego One license users have the following purchase options:

  • CLICK-AND-RUN

Simply install and start using the Hub item with the following data allowances:

  • Maltego Pro: 250 Transform runs per month.
  • Maltego Enterprise: 500 Transform runs per day.
  • DATA SUBSCRIPTIONS

Purchase a flexible and affordable data subscription on our web-shop, starting from €900 for 100 metadata Transform runs per month per user.

  • BRING YOUR OWN KEY

Plug in your own API key and start using the Hub item on Maltego.

Polyswarm Transforms

Perform Scan [Polyswarm]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse
maltego.jinxpy_polyswarm.global.global#polyswarm_scan_timeoutScan Timeout (Max/Default: 100 sec)int100TrueTrueFalse

Transform Meta Info

InformationValue
Display NamePerform Scan [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Output Entitiesmaltego.polyswarm.PolyswarmScan

Variants

Transform NameShort DescriptionInput Entities
maltego.jinxpy_polyswarm.perform_scan_for_domainPerforms a scan for the given domain and returns the result from PolySwarm.maltego.Domain
maltego.jinxpy_polyswarm.perform_scan_for_urlPerforms a scan for the given URL and returns the result from PolySwarm.maltego.URL
maltego.jinxpy_polyswarm.perform_scan_for_ipv4Performs a scan for the given IPv4 Address and returns the result from PolySwarm.maltego.IPv4Address
maltego.jinxpy_polyswarm.perform_scan_for_ipv6Performs a scan for the given IPv6 Address and returns the result from PolySwarm..maltego.IPv6Address

Lookup by Hash [Polyswarm]

Description

Seeks the scan for the given Hash and returns the result from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameLookup by Hash [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.lookup_scan_by_hash
Short DescriptionSeeks the scan for the given Hash and returns the result from PolySwarm.
Input Entitiesmaltego.Hash
Output Entitiesmaltego.polyswarm.PolyswarmScan

To Dropped Scan [Polyswarm]

Description

Returns dropped scan result for given scan from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Dropped Scan [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_dropped_scan
Short DescriptionReturns dropped scan result for given scan from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.PolyswarmScan

Annotate Polyswarm Scan [Polyswarm]

Description

Retrieves properties of a given scan from Polyswarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameAnnotate Polyswarm Scan [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_annotate
Short DescriptionRetrieves properties of a given scan from Polyswarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.PolyswarmScan

Find Contacted Domains [Polyswarm]

Description

Returns contacted domains from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind Contacted Domains [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_contacted_domains
Short DescriptionReturns contacted domains from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.Domain

Find Contacted IP Addresses [Polyswarm]

Description

Returns contacted IP Addresses from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind Contacted IP Addresses [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_contacted_ip
Short DescriptionReturns contacted IP Addresses from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address

Find Contacted URLs [Polyswarm]

Description

Returns contacted URLs from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind Contacted URLs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_contacted_url
Short DescriptionReturns contacted URLs from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.URL

Find IOC URLs [Polyswarm]

Description

Returns IOC URLs from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind IOC URLs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ioc_url
Short DescriptionReturns IOC URLs from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.URL

Find IOC IP Addresses [Polyswarm]

Description

Returns IOC IP Addresses from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind IOC IP Addresses [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ioc_ip
Short DescriptionReturns IOC IP Addresses from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.IPv4Address

Find IOC TTPs [Polyswarm]

Description

Returns IOC TTPs from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind IOC TTPs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ioc_ttp
Short DescriptionReturns IOC TTPs from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.AttackTechniqueID

To Hashes [Polyswarm]

Description

Returns the associated file hashes from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Hashes [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_hashes
Short DescriptionReturns the associated file hashes from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.Hash

To Names [Polyswarm]

Description

Returns the associated artifact name from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Names [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_names
Short DescriptionReturns the associated artifact name from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.Phrase, maltego.polyswarm.PolyswarmScan

To Signatures [Polyswarm]

Description

Returns the signatures associated with the given PolySwarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Signatures [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_signatures
Short DescriptionReturns the signatures associated with the given PolySwarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.ThreatSignature

To Tags [Polyswarm]

Description

Returns the tags associated with the given PolySwarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Tags [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_tags
Short DescriptionReturns the tags associated with the given PolySwarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.Tag, maltego.polyswarm.PolyswarmScan

To TTPs [Polyswarm]

Description

Returns the associated TTPs of the given Polyswarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo TTPs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ttps
Short DescriptionReturns the associated TTPs of the given Polyswarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.AttackTechniqueID

To Crypto Addresses [Polyswarm]

Description

Returns the associated crypto addresses of the given PolySwarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Crypto Addresses [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_crypto
Short DescriptionReturns the associated crypto addresses of the given PolySwarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.CryptocurrencyAddress

Search in Previous Scan’s Metadata [Polyswarm]

Description

Returns PolySwarm scan results associated with the given metadata.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse
maltego.jinxpy_polyswarm.global.global#polyswarm_search_queryMetadata Query (ex: strings.urls)stringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameSearch in Previous Scan’s Metadata [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Short DescriptionReturns PolySwarm scan results associated with the given metadata.
Output Entitiesmaltego.polyswarm.PolyswarmScan

Variants

Transform NameInput Entities
maltego.jinxpy_polyswarm.ipv4_to_scanmaltego.IPv4Address
maltego.jinxpy_polyswarm.ipv6_to_scanmaltego.IPv6Address
maltego.jinxpy_polyswarm.domain_to_scanmaltego.Domain
maltego.jinxpy_polyswarm.url_to_scanmaltego.URL
maltego.jinxpy_polyswarm.tag_to_scanmaltego.polyswarm.Tag
maltego.jinxpy_polyswarm.crypto_to_scanmaltego.CryptocurrencyAddress
maltego.jinxpy_polyswarm.jarm_to_scanmaltego.polyswarm.JARMFingerprint

Search by IOC in Previous Scan’s Metadata [Polyswarm]

Description

Returns PolySwarm scan results associated with the given IOC.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameSearch by IOC in Previous Scan’s Metadata [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Short DescriptionReturns PolySwarm scan results associated with the given IOC.
Output Entitiesmaltego.polyswarm.PolyswarmScan

Variants

Transform NameInput Entities
maltego.jinxpy_polyswarm.ioc_ipv4_to_scanmaltego.IPv4Address
maltego.jinxpy_polyswarm.ioc_ttp_to_scanmaltego.AttackTechniqueID
maltego.jinxpy_polyswarm.ioc_domain_to_scanmaltego.Domain


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2021 by Maltego Technologies.