Documentation Home Maltego Academy Maltego Blog Contact Us
Welcome
Login
Open navigation

PolySwarm

Modified on: Wed, 28 Aug, 2024 at 6:33 PM

Overview

The PolySwarm integration for Maltego allows users to pivot and right-click on any file hash, domain, or IP address to gain insights into the malware behind it. Users may pivot on enrichments to discover related intelligence for a given malware campaign. Users may also subscribe to a feed of the freshest malware seen by PolySwarm for detection/blocking. PolySwarm provides users with the option to upload, scan and sandbox any malware sample on demand.

  • Simple right-click insights into any malware file hash or malware infrastructure
  • Feeds of brand-new and first-seen malware variants for automated detection and blocking
  • High-speed analysis of new suspicious file samples through sandboxing and specialized niche analysis engines
  • Create a centralized knowledge repository to maintain investigative intelligence.


The Polyswarm Hub item includes the following types of Transforms:

  • Scam Transforms
  • Hash Transforms
  • Metadata Transforms (Available with data subscriptions)


To learn more about these Transform types, check out our FAQ.

You can also read more about PolySwarm Transforms for Maltego here.


Polyswarm Transforms

Perform Scan [Polyswarm]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse
maltego.jinxpy_polyswarm.global.global#polyswarm_scan_timeoutScan Timeout (Max/Default: 100 sec)int100TrueTrueFalse

Transform Meta Info

InformationValue
Display NamePerform Scan [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Output Entitiesmaltego.polyswarm.PolyswarmScan

Variants

Transform NameShort DescriptionInput Entities
maltego.jinxpy_polyswarm.perform_scan_for_domainPerforms a scan for the given domain and returns the result from PolySwarm.maltego.Domain
maltego.jinxpy_polyswarm.perform_scan_for_urlPerforms a scan for the given URL and returns the result from PolySwarm.maltego.URL
maltego.jinxpy_polyswarm.perform_scan_for_ipv4Performs a scan for the given IPv4 Address and returns the result from PolySwarm.maltego.IPv4Address
maltego.jinxpy_polyswarm.perform_scan_for_ipv6Performs a scan for the given IPv6 Address and returns the result from PolySwarm..maltego.IPv6Address

Lookup by Hash [Polyswarm]

Description

Seeks the scan for the given Hash and returns the result from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameLookup by Hash [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.lookup_scan_by_hash
Short DescriptionSeeks the scan for the given Hash and returns the result from PolySwarm.
Input Entitiesmaltego.Hash
Output Entitiesmaltego.polyswarm.PolyswarmScan

To Dropped Scan [Polyswarm]

Description

Returns dropped scan result for given scan from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Dropped Scan [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_dropped_scan
Short DescriptionReturns dropped scan result for given scan from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.PolyswarmScan

Annotate Polyswarm Scan [Polyswarm]

Description

Retrieves properties of a given scan from Polyswarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameAnnotate Polyswarm Scan [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_annotate
Short DescriptionRetrieves properties of a given scan from Polyswarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.PolyswarmScan

Find Contacted Domains [Polyswarm]

Description

Returns contacted domains from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind Contacted Domains [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_contacted_domains
Short DescriptionReturns contacted domains from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.Domain

Find Contacted IP Addresses [Polyswarm]

Description

Returns contacted IP Addresses from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind Contacted IP Addresses [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_contacted_ip
Short DescriptionReturns contacted IP Addresses from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address

Find Contacted URLs [Polyswarm]

Description

Returns contacted URLs from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind Contacted URLs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_contacted_url
Short DescriptionReturns contacted URLs from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.URL

Find IOC URLs [Polyswarm]

Description

Returns IOC URLs from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind IOC URLs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ioc_url
Short DescriptionReturns IOC URLs from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.URL

Find IOC IP Addresses [Polyswarm]

Description

Returns IOC IP Addresses from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind IOC IP Addresses [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ioc_ip
Short DescriptionReturns IOC IP Addresses from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.IPv4Address

Find IOC TTPs [Polyswarm]

Description

Returns IOC TTPs from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameFind IOC TTPs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ioc_ttp
Short DescriptionReturns IOC TTPs from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.AttackTechniqueID

To Hashes [Polyswarm]

Description

Returns the associated file hashes from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Hashes [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_hashes
Short DescriptionReturns the associated file hashes from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.Hash

To Names [Polyswarm]

Description

Returns the associated artifact name from PolySwarm.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Names [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_names
Short DescriptionReturns the associated artifact name from PolySwarm.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.Phrase, maltego.polyswarm.PolyswarmScan

To Signatures [Polyswarm]

Description

Returns the signatures associated with the given PolySwarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Signatures [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_signatures
Short DescriptionReturns the signatures associated with the given PolySwarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.ThreatSignature

To Tags [Polyswarm]

Description

Returns the tags associated with the given PolySwarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Tags [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_tags
Short DescriptionReturns the tags associated with the given PolySwarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.polyswarm.Tag, maltego.polyswarm.PolyswarmScan

To TTPs [Polyswarm]

Description

Returns the associated TTPs of the given Polyswarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo TTPs [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_ttps
Short DescriptionReturns the associated TTPs of the given Polyswarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.AttackTechniqueID

To Crypto Addresses [Polyswarm]

Description

Returns the associated crypto addresses of the given PolySwarm scan.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Crypto Addresses [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Transform Namemaltego.jinxpy_polyswarm.scan_to_crypto
Short DescriptionReturns the associated crypto addresses of the given PolySwarm scan.
Input Entitiesmaltego.polyswarm.PolyswarmScan
Output Entitiesmaltego.CryptocurrencyAddress

Search in Previous Scan’s Metadata [Polyswarm]

Description

Returns PolySwarm scan results associated with the given metadata.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse
maltego.jinxpy_polyswarm.global.global#polyswarm_search_queryMetadata Query (ex: strings.urls)stringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameSearch in Previous Scan’s Metadata [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Short DescriptionReturns PolySwarm scan results associated with the given metadata.
Output Entitiesmaltego.polyswarm.PolyswarmScan

Variants

Transform NameInput Entities
maltego.jinxpy_polyswarm.ipv4_to_scanmaltego.IPv4Address
maltego.jinxpy_polyswarm.ipv6_to_scanmaltego.IPv6Address
maltego.jinxpy_polyswarm.domain_to_scanmaltego.Domain
maltego.jinxpy_polyswarm.url_to_scanmaltego.URL
maltego.jinxpy_polyswarm.tag_to_scanmaltego.polyswarm.Tag
maltego.jinxpy_polyswarm.crypto_to_scanmaltego.CryptocurrencyAddress
maltego.jinxpy_polyswarm.jarm_to_scanmaltego.polyswarm.JARMFingerprint

Search by IOC in Previous Scan’s Metadata [Polyswarm]

Description

Returns PolySwarm scan results associated with the given IOC.


Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_polyswarm.global.global#polyswarm_api_keyPolySwarm API KeystringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameSearch by IOC in Previous Scan’s Metadata [Polyswarm]
Owner 
AuthorMaltego Technologies
Data SourcePolyswarm
Short DescriptionReturns PolySwarm scan results associated with the given IOC.
Output Entitiesmaltego.polyswarm.PolyswarmScan

Variants

Transform NameInput Entities
maltego.jinxpy_polyswarm.ioc_ipv4_to_scanmaltego.IPv4Address
maltego.jinxpy_polyswarm.ioc_ttp_to_scanmaltego.AttackTechniqueID
maltego.jinxpy_polyswarm.ioc_domain_to_scanmaltego.Domain


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2024 by Maltego Technologies.