This article describes the Intelligence Card Extension for Polyswarm.
Polyswarm is a source of high fidelity, high confidence details and reputation of files analyzed by a wide collection of technical sources.
Unlike other sources of file reputation and file analysis data, Polyswarm.io is a market place for analysis against suspicious artifacts in real-time threat intelligence from a crowdsourced network of security experts and antivirus companies.
The Polyswarm.network is highly differentiated as it is the first decentralized marketplace where security experts build anti-malware engines that compete for the highest confidence in detections. Over 40 unique sources are continuously scored, ranked, and compete with others in the network.
Extending Hash Intelligence Cards
Through the partnership established between Recorded Future and Polyswarm in 2020, all Recorded Future clients have access to the following information on Hash Intelligence Cards:
- File Reputation
- Number of Detections from Anti-Virus Scanners
- Malware Family by Scanning engine
- Other hashes for the file (e.g., SHA1, SHA256, SHA512, MD5)
How does it work?
When an analyst enters a hash value into the the Recorded Future search bar, the results from a score seen initially in the platform to the results seen in the Polyswarm intelligence extension card may be different.
The extension appears near the top of the intelligence card and is called "Hash Data Powered by POLYSWARM":
The extension card is a real-time lookup and view into file details and reputation. The values and reputation may be different from what is seen in the recorded future initial search results.
A time delay of 24 hours is expected for it to be realized and fully populated into platform as an entity.