The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Upcoming changes to engine wrapping on PolySwarm

Feb 22, 2021 4:14:11 PM / by Nick Davis COO posted in Explained, Engine

0 Comments

Hello engine developers,

We are putting the finishing touches on our new backend systems that are used to manage engines/arbiters and handle bounties. Our goal is to release these changes into production in early-mid March.

One of the major changes we are doing is to greatly simplify how engines are built, tested and run. And we are changing how they communicate with PolySwarm to be more in line with current industry standards for remote distributed services.

Part of that is a change to use a Webhook system to send bounties to engines. This means that engines will need a web service on a publicly available IP address/port for the webhook to communicate. The Webhook message will contain all of the information the engine needs to process a bounty, download the artifact, and return the result.

Another major change is that we are removing the ETH wallet from the engine itself and into a PolySwarm-hosted wallet management system. We have received many complaints about the difficulty and problems with managing a wallet inside an engine, so we are separating them.

We are adding administrative functionality to user accounts on https://polyswarm.network to configure and manage engines, wallets, and webhooks. We will provide an example working web service with an example working engine along with our documentation.

For each engine, you will be able to define an engine configuration in a user or team account. The following are some example configuration settings:
- engine name, description, owner's website, tags
- artifact type(s) supported
- mimetype(s) supported
- max file size supported
- webhook

For each account, you will be able to add an ETH wallet, it will provide basic transfer functionality:
- transfer NCT/ETH into the wallet
- withdraw NCT/ETH from the wallet

For each account, you will be able to add one or more webhooks, which can then be used by engines/arbiters. It will provide the standard webhook functionality:
- create, test, delete the webhook

We will use engine configurations to determine which engines are sent a webhook call for each bounty.

We will continue to use fake ETH/NCT (rinkeby) for the first month or two after this work is released, so we can do testing to make sure everything is working reliably.


For those of you with existing engines that are connected to the marketplace, **this will be a breaking change**. We will provide instructions for how to update your engine to work with the new system. We are trying to make it as simple as possible.

For those who want to start a new engine, or even convert your engine to the new simpler engine framework, we will provide documentation and instructions to do that.

For any engines hosted by PolySwarm, we will update them to continue operating using the parameters they are currently configured with.

Read More

Video: How to use PolySwarm's free command line interface to get intel on malware

Jan 23, 2020 11:18:09 AM / by PolySwarm Tech Team posted in Explained, Product

0 Comments

 

Read More

Latest samples of ZeroCleare, Iranian state-sponsored malware, available on PolySwarm

Jan 9, 2020 11:09:01 AM / by PolySwarm Tech Team posted in Insider, Explained, PolySwarm, Threat Hunting, Research

0 Comments

Today, PolySwarm, a threat intelligence platform used to detect new and emerging malware, releases information about a new variant of ZeroCleare (a destructive malware attributed to Iran). PolySwarm Community (free) and Enterprise users were able access to the full content of this sample before it appeared on VirusTotal.

Read More

Ginp banking Trojan actively targeting banks: here's what you need to know, plus free malware samples

Nov 22, 2019 9:11:52 AM / by PolySwarm Tech Team posted in Explained, PolySwarm, Research

0 Comments

Ginp is a banking Trojan that is actively being used to impersonate targeted banking apps. The malware brings up a screen on the victims phone and displays a window that mimics the real banking app. First, one is prompted to login with their credentials. The second screen steals the victim's credit card details.  

Read More

Get better threat intelligence with Metadata Searching in PolySwarm

Sep 10, 2019 9:07:38 AM / by PolySwarm Team posted in Explained, PolySwarm, Product

0 Comments

 

Read More

Latest phishing scam uses sneaky Google Calendar invite to bait potential victims with promise of iPhone

Sep 5, 2019 9:04:38 AM / by PolySwarm Team posted in Explained, PolySwarm, Product, Research

0 Comments

Do you ever see a mysterious calendar invite appear on your Google Calendar? If the answer is yes, there’s a good chance you are the victim of a calendar invite phishing scam. 

Read More

URL Scanning now available in PolySwarm

Aug 29, 2019 10:07:20 AM / by PolySwarm Team posted in Explained, PolySwarm, Product, Threat Bounty

0 Comments

The PolySwarm marketplace launched earlier this year, giving users the ability to gain intelligence on files from a competitive network of crowdsourced scanning engines from around the world. Now, PolySwarm users also have access to real-time information on suspect URLs, domains, and IPs.

Read More

Keynote from PolySwarm CTO at DEF CON: Blockchain-Security Symbiosis

Aug 20, 2019 1:20:04 PM / by PolySwarm Team posted in Explained, PolySwarm, Blockchain, Threat Bounty, Speaking, events

0 Comments

Cybersecurity and blockchain technology share a symbiotic relationship. On one hand, blockchain ecosystems that aren’t secure, aren’t useful. On the other hand, blockchain technology unlocks new options for securing systems, infrastructure and more.
 
PolySwarm Co-Founder and CTO Paul Makowski was invited to give the Day 2 Keynote talk at DEF CON Blockchain Village (2019) in Las Vegas. DEF CON (which follows on the heels of Black Hat) is one of the most well-known hacker conferences in the world, bringing together security researchers, cybersecurity experts, and other infosec people from around the world. Makowski presented
a thought-provoking talk examining blockchain and security from both sides of the coin: a look back at advances (and missteps) in securing blockchains and a look forward to security applications of blockchain technology. Watch the full presentation here: 
Read More