The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Upcoming changes to engine wrapping on PolySwarm

Feb 22, 2021 4:14:11 PM / by Nick Davis COO posted in Explained, Engine


Hello engine developers,

We are putting the finishing touches on our new backend systems that are used to manage engines/arbiters and handle bounties. Our goal is to release these changes into production in early-mid March.

One of the major changes we are doing is to greatly simplify how engines are built, tested and run. And we are changing how they communicate with PolySwarm to be more in line with current industry standards for remote distributed services.

Part of that is a change to use a Webhook system to send bounties to engines. This means that engines will need a web service on a publicly available IP address/port for the webhook to communicate. The Webhook message will contain all of the information the engine needs to process a bounty, download the artifact, and return the result.

Another major change is that we are removing the ETH wallet from the engine itself and into a PolySwarm-hosted wallet management system. We have received many complaints about the difficulty and problems with managing a wallet inside an engine, so we are separating them.

We are adding administrative functionality to user accounts on to configure and manage engines, wallets, and webhooks. We will provide an example working web service with an example working engine along with our documentation.

For each engine, you will be able to define an engine configuration in a user or team account. The following are some example configuration settings:
- engine name, description, owner's website, tags
- artifact type(s) supported
- mimetype(s) supported
- max file size supported
- webhook

For each account, you will be able to add an ETH wallet, it will provide basic transfer functionality:
- transfer NCT/ETH into the wallet
- withdraw NCT/ETH from the wallet

For each account, you will be able to add one or more webhooks, which can then be used by engines/arbiters. It will provide the standard webhook functionality:
- create, test, delete the webhook

We will use engine configurations to determine which engines are sent a webhook call for each bounty.

We will continue to use fake ETH/NCT (rinkeby) for the first month or two after this work is released, so we can do testing to make sure everything is working reliably.

For those of you with existing engines that are connected to the marketplace, **this will be a breaking change**. We will provide instructions for how to update your engine to work with the new system. We are trying to make it as simple as possible.

For those who want to start a new engine, or even convert your engine to the new simpler engine framework, we will provide documentation and instructions to do that.

For any engines hosted by PolySwarm, we will update them to continue operating using the parameters they are currently configured with.

Read More

Inlyse joins the PolySwarm threat intelligence marketplace

Feb 8, 2021 11:12:59 AM / by PolySwarm Team posted in Partner, Engine


“We are proud to be partnering with Polyswarm, and being part of their launchpad for new technologies and innovative threat detection methods” stated Julian Ziegler, Co CEO of Inlyse.

Read More

Cyberstanc joins the PolySwarm threat intelligence marketplace

Oct 29, 2020 11:21:40 AM / by PolySwarm Team posted in Partner, Engine


"Cyberstanc is thrilled to collaborate with Polyswarm's initiative of creating a fully crowd sourced malware detection platform.” said Cyberstanc Founder and CEO Rohit Bankoti. “We strive to address latest challenges with constant innovations and hope to deliver benchmark cybersecurity posture for the community"

Read More

Initial Technical Analysis of EventBot Versions -

May 20, 2020 1:30:09 PM / by Javier Botella posted in Research



PolySwarm’s threat research team has discovered new, previously unpublished versions of the EventBot malware family.

Read More

Introducing PolyScore™, the most advanced threat scoring algorithm for malware

May 18, 2020 12:27:03 PM / by PolySwarm Team posted in Product


PolySwarm announced today the release of PolyScore™, a threat scoring algorithm that provides the probability a given file contains malware in a single, authoritative number.   

Read More

TeamT5's ThreatVision APT detection engine joins PolySwarm's marketplace

May 6, 2020 11:11:30 AM / by PolySwarm Team posted in Product, Partner


"We are excited to join PolySwarm, and to contribute to the network with our specialized APT intelligence in the Asia Pacific region" says TeamT5 CEO, TT Tsai. "We as a team, will bring the experience of our clients to the next level.


Read More

Join PolySwarm and Pacific Hackers Meetup for a digital event

Apr 14, 2020 2:30:51 PM / by PolySwarm Team posted in Interview, Speaking, events, Research


We may not be able to connect in person right now, but we can still meet up...digitally of course! PolySwarm CTO Paul Makowski will be the featured guest of Pacific Hackers Meetup on Saturday, April 18, 2 p.m. PT - 4 p.m. PT. We're talking research-driven threat intel; the latest in malware detection techniques; PolySwarm's growing malware research community, polyX, and how you can get in on tha action; COVID-19 malware trends and more. So grab your computer, a beverage and spice up your Saturday with an interactive security discussion.  

Read More

PolySwarm now integrated with leading SOAR platform ThreatConnect

Apr 13, 2020 10:30:04 AM / by PolySwarm Team posted in PolySwarm, Product, Partner


Enterprises, OEMs, MSSPs can now access PolySwarm's novel file reputation and threat detection services via leading SOAR platform ThreatConnect, Inc.

ThreatConnect users can access PolySwarm--a crowdsourced threat detection tool, that enables better detection against new and emerging malware--for file reputation and threat intelligence. Cyber analysts using ThreatConnect's Security Operations Platform can download and operate the solution from a single pane of glass.

Read More