Emerging Threats

The Emerging Threats table provides customers with an actionable curated list of artifacts that PolySwarm has confirmed are emerging threats. This single table provides a summary of several groupings of malware; grouped by malware family or world events.

• Clicking the "View scan results" button, will show the latest scan results in PolySwarm for that artifact.
• "First Seen in PolySwarm" indicates that the artifact was submitted into PolySwarm before other platforms.
• The PolyScore is PolySwarm's threat scoring algorithm that provides the probability a given file contains malware, in a single authoritative number. On this table, that number is represented by a bar to indicate low, medium, and high.
• Each artifact has one or more tags to help the user quickly discern its function.
• Users can click the copy icon to grab a copy of the SHA256 hash of the artifact.

Why do we sometimes show a low PolyScore on an artifact that we say is malicious?

PolyScore weighs convictions from engines differently, based on factors such as malware family name and the engine's track record on similar files. Files with high PolyScores are ready for automated action. But sometimes, engines that detect important emerging threats do not increase the PolyScore very much, even though the file actually is malicious. That is why the process behind PolyScore learns: so we can identify competent engines that see emerging malware first and give them a louder voice against future threats. In the meantime, we still think it's important to show low PolyScores, because it means a file warrants review. And, if the file is included in the Emerging Threats table, yes, we believe it's malware.