PolySwarmPolySwarmPolySwarmPolySwarm
Go to PolySwarm
Home

PolySwarm STIX / TAXII API

Structured Information Exchange (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) are community-supported specifications analysts use to automate sharing of threat intelligence.

PolySwarm supports these emerging standards in our TAXII v2.1-compliant services serving STIX v2.1-formatted threat intelligence feeds. Users can augment their threat intelligence with the array of software tools supporting the most recent STIX & TAXII standards while still receiving PolySwarm-exclusive intelligence like canonicalized malware family and PolyScore.

Getting Started

To use our STIX/TAXII API, first complete these steps:

  1. Create your PolySwarm account.
  2. Contact the PolySwarm Sales Team (sales@polyswarm.io) to enable your TAXII access subscription.
  3. Install the OASIS-supported taxii2client.
  4. Read the Authentication section to understand how to setup your TAXII client.
  5. Read the Pagination section to understand how to page through a collection.

TAXII Server

PolySwarm's TAXII services are accessed via standard HTTP API endpoints defined in the TAXII v2.1 standard, most often using a TAXII client library such as taxii2client.

Authentication

PolySwarm performs HTTP authentication using your PolySwarm account's Email and API KEY as your user and password:

import taxii2client.v21

TAXII_SERVER = taxii2client.v21.Server(
    'https://api.polyswarm.network/v2/stix/taxii2/',
    user='${YOUR POLYSWARM LOGIN}',
    password='${YOUR API KEY}'
)

API Roots

TAXII servers host a hierarchy of API Roots: distinct TAXII instances accessed via different URLs, each providing its own collections of threat intelligence.

You can work with your PolySwarm sales representative to enable access to each API Root and collection you want to access.

Default API Root

Users of taxii2client can access their default API root through the server's default attribute:

DEFAULT_API_ROOT = TAXII_SERVER.default

Collections

You can work with your PolySwarm sales representative to add credentials to your PolySwarm subscription for each collection that you want to access.

What is a collection

PolySwarm's TAXII services are organized around collections: logical repositories of threat intelligence organized by type and purpose.

Objects in a collection may also appear in others, enabling pivots between faster feeds of compact objects and detailed representations in specialized collections.

PolySwarm's currently available collections are designed to allow new collections to be added without disrupting existing consumers. Collections are assigned a unique identifier (UUID) which identifies that collection when performing queries against PolySwarm's TAXII server.

Listing available collections

Customers with a PolySwarm account can programmatically obtain a list of the titles, short descriptions, UUIDs and an indication of whether the current user is allowed to read and write from an API root & collection:

def print_all_collections(server):
    from textwrap import indent
    from functools import partial

    def build_printer(prefix='', sep=''):
        nsep = sep
        def driver(*args, **kwargs):
            nonlocal nsep
            print(indent(' '.join(args), prefix=prefix + nsep), **kwargs)
            nsep = ' ' * len(nsep)
        return driver

    p = build_printer()
    p(f'Title: "{server.title}"')
    p(f'Contact: "{server.contact}"')
    p(f'Description: "{server.description}"')
    p('Roots:')

    for root in server.api_roots:
        p = build_printer('  ', sep='- ')
        p(f'Title: "{root.title}"')
        p(f'Description: "{root.description}"')
        p(f'URL: "{root.url}"')
        p('Collections:')

        for collection in root.collections:
            p = build_printer('    ', sep='- ')
            p(f'Title: "{collection.title}"')
            p(f'Objects URL: "{collection.objects_url}"')
            if collection.description:
                p(f'Description: "{collection.description}"')
            p(f'Can Read: {collection.can_read}')
            p(f'Can Write: {collection.can_write}')

print_all_collections(TAXII_SERVER)
Title: "Polyswarm TAXII Service"
Contact: "sales@polyswarm.io"
Description: "This TAXII Server contains a listing of Polyswarm's feed data"
Roots:
  - Title: "PolySwarm Trust Group"
    Description: "Guest researcher feeds"
    URL: "https://api.polyswarm.network/v2/stix/trustgroup/"
    Collections:
    - Title: "14-Day Feed"
      Objects URL: "https://api.polyswarm.network/v2/stix/trustgroup/collections/3f153afb-5bf5-5cca-bfe9-ee854d92658d/objects/"
      Can Read: True
      Can Write: False
  - Title: "Ransomware"
    Description: "Emerging Ransomware"
    URL: "https://api.polyswarm.network/v2/stix/ransomware/"
    Collections:
    - Title: "Identified ransomware-family feed"
      Objects URL: "https://api.polyswarm.network/v2/stix/ransomware/collections/7b6bbecc-95cf-5317-a900-5bb7008eae93/objects/"
      Can Read: True
      Can Write: False
  - Title: "Freemium"
    Description: "Polyswarm Basic TAXII"
    URL: "https://api.polyswarm.network/v2/stix/freemium/"
    Collections:
    - Title: "Freemium collection"
      Objects URL: "https://api.polyswarm.network/v2/stix/freemium/collections/019630e9-0cdb-5d7d-b8c1-120c793093ad/objects/"
      Can Read: True
      Can Write: False

Pagination

TAXII supports pagination of very large result sets in collections. Collections return a "feed" of STIX-formatted data sorted in ascending order by the date they were added to the collection:

def read_taxii_feed(collection, **kwargs):
    while True:
        page = collection.get_objects(**kwargs)

        if page:
            yield page['objects']

            if page['more'] is True:
                kwargs['next'] = page['next']
                continue

        break

iterator = read_taxii_feed(DEFAULT_API_ROOT.collections[0])
print(next(iterator))
[{'id': 'bundle--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
  'objects': [{'aliases': ['Trojan.DownLoad3.28161',
                           'Trojan.Generic.dayyf',
                           'win/malicious',
                           'TrojanDownloader:Win32/Waski.aaca15b4',
                           'Trojan.Win32.Crypt',
                           'Trojan.ADC939420BE48D7E'],
               'created': '2021-09-01T19:22:45.157824Z',
               'external_references': [{'source_name': 'polyswarm-report',
                                        'url': 'https://polyswarm.network/scan/results/file/2b898acee79ef91d036ceaf043953f234a36be79cfc92ec9f98f0c54a547144d'}],
               'first_seen': '2021-09-01T19:22:45.157824Z',
               'id': 'malware--de44e0eb-0e97-4fa4-80ab-e689fd18a656',
               'is_family': True,
               'last_seen': '2021-09-01T19:22:45.157824Z',
               'malware_types': ['trojan', 'downloader'],
               'modified': '2021-09-15T19:22:44.625891Z',
               'name': 'Trojan.Win32.Crypt',
               'spec_version': '2.1',
               'type': 'malware'},
              {'atime': '2021-09-01T19:22:50.000000Z',
               'ctime': '2021-09-01T19:22:50.000000Z',
               'hashes': {'MD5': 'fef489eed1314bcd5d545e7f65889ed8',
                          'SHA-1': 'ddab1051e713b9ce191382cc34820a6a6117ae7f',
                          'SHA-256': '2b898acee79ef91d036ceaf043953f234a36be79cfc92ec9f98f0c54a547144d',
                          'SHA-512': '760e9924f8b1c8f20420f2bde9abc09881b7e38062bb3275d4c50cd8856eb0a3b108746c1289d79c8cb751e0a6b01e979e43d2dc7c527e8f288b1d6864aa265b',
                          'SSDEEP': '768:/whRkKCCR3IAm9MOlq8bdA/bmerdkDwRGXn/+mmCfyrr7/YMy:s5Hm9dl4/tuDz/+mjfum',
                          'TLSH': '4413ae3c6ee95672d3bbdab6c6f655c6f931b42379029c0d40da03850c13f16eda1a2e'},
               'id': 'file--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'mtime': '2021-09-01T19:22:50.000000Z',
               'name': '2b898acee79ef91d036ceaf043953f234a36be79cfc92ec9f98f0c54a547144d',
               'spec_version': '2.1',
               'type': 'file'},
              {'aliases': ['Trojan.DownLoad3.28161',
                           'win/malicious',
                           'TrojanDownloader:Win32/Waski.aaca15b4',
                           'Trojan.ADC939420BE48D7E',
                           'Trojan.Generic.dayyf',
                           'Trojan.Win32.Crypt'],
               'confidence': 99,
               'created': '2021-09-01T19:22:45.157824Z',
               'first_seen': '2021-09-01T19:22:45.157824Z',
               'id': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'is_family': False,
               'last_seen': '2021-09-01T19:22:45.157824Z',
               'modified': '2021-09-15T19:22:44.627754Z',
               'name': 'Trojan.Win32.Crypt',
               'sample_refs': ['file--dd45c61c-ddbf-4fbb-80db-cb89fd18a656'],
               'spec_version': '2.1',
               'type': 'malware'},
              {'created': '2021-09-15T19:22:44.627966Z',
               'id': 'relationship--5870ee12-8276-4110-bf58-42df4297025c',
               'modified': '2021-09-15T19:22:44.627966Z',
               'relationship_type': 'variant-of',
               'source_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--de44e0eb-0e97-4fa4-80ab-e689fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc45ca9a-beff-4fd6-8087-5689fd18a656',
               'modified': '2021-09-15T19:22:44.628133Z',
               'product': 'jiangmin',
               'result': 'malicious',
               'result_name': 'Trojan.Generic.dayyf',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.628265Z',
               'id': 'relationship--376a66a3-9be9-4e55-be0f-d981e06bf156',
               'modified': '2021-09-15T19:22:44.628265Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45ca9a-beff-4fd6-8087-5689fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '69971A0908A7EC9BE1CDAA21B8EFE918, '
                                              '2020-Nov-23 22:42:22',
               'analysis_engine_version': '7.00.49.09080',
               'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc44f2e4-46e1-4fb2-80e5-7889fd18a656',
               'modified': '2021-09-15T19:22:44.628403Z',
               'product': 'drweb',
               'result': 'malicious',
               'result_name': 'Trojan.DownLoad3.28161',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.628524Z',
               'id': 'relationship--4ae93d16-fa30-41db-8e17-37713f6771d7',
               'modified': '2021-09-15T19:22:44.628524Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44f2e4-46e1-4fb2-80e5-7889fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'analysis_engine_version': '2',
               'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc45bf19-ce09-4fa7-801e-3f89fd18a656',
               'modified': '2021-09-15T19:22:44.628658Z',
               'product': 'crowdstrike-falcon-ml',
               'result': 'malicious',
               'result_name': 'win/malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.628776Z',
               'id': 'relationship--db9ee711-2a3a-451a-9fe3-70b6ae5322b9',
               'modified': '2021-09-15T19:22:44.628776Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45bf19-ce09-4fa7-801e-3f89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc447f63-6ab3-4fc3-807f-7889fd18a656',
               'modified': '2021-09-15T19:22:44.628910Z',
               'product': 'filseclab',
               'result': 'malicious',
               'result_name': 'Trojan.ADC939420BE48D7E',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.629048Z',
               'id': 'relationship--aa86d817-54a7-479b-977e-85cdc653f0be',
               'modified': '2021-09-15T19:22:44.629048Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc447f63-6ab3-4fc3-807f-7889fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '48872546c2e9031cb99dc29783b079288f18c6f8-Release.x64',
               'analysis_engine_version': '4.7.0.10',
               'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc45ee09-d9c1-4f3f-80c0-5e89fd18a656',
               'modified': '2021-09-15T19:22:44.629191Z',
               'product': 'sentinelone-static-ml',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.629314Z',
               'id': 'relationship--827b5c4d-e12d-454d-8ced-e361041d2695',
               'modified': '2021-09-15T19:22:44.629314Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45ee09-d9c1-4f3f-80c0-5e89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '6.100',
               'analysis_engine_version': '5.5.1',
               'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc44db30-d404-4fcb-80ce-6289fd18a656',
               'modified': '2021-09-15T19:22:44.629455Z',
               'product': 'secureage',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.629575Z',
               'id': 'relationship--fc2e7e5f-8e92-427f-a792-2bbc60cd5cfb',
               'modified': '2021-09-15T19:22:44.629575Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44db30-d404-4fcb-80ce-6289fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc44172e-d6a0-4f38-80ba-0189fd18a656',
               'modified': '2021-09-15T19:22:44.629717Z',
               'product': 'lionic',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.629835Z',
               'id': 'relationship--b64b2696-f536-4dc6-afeb-2461ec4749cd',
               'modified': '2021-09-15T19:22:44.629835Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44172e-d6a0-4f38-80ba-0189fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '01.09.2021 18:16:19 (104093)',
               'analysis_engine_version': '5.6.2.0',
               'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc44609a-145c-4f5d-80a1-e189fd18a656',
               'modified': '2021-09-15T19:22:44.629969Z',
               'product': 'ikarus',
               'result': 'malicious',
               'result_name': 'Trojan.Win32.Crypt',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.630087Z',
               'id': 'relationship--9e559a2e-d185-49fb-ab26-eb747e99de3c',
               'modified': '2021-09-15T19:22:44.630087Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44609a-145c-4f5d-80a1-e189fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '2019-10-02 10:25',
               'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc45b73b-fc99-4f74-8075-8789fd18a656',
               'modified': '2021-09-15T19:22:44.630221Z',
               'product': 'qihoo-360',
               'result': 'benign',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.630336Z',
               'id': 'relationship--95f18068-1342-4021-b3fd-49e3a021b9d0',
               'modified': '2021-09-15T19:22:44.630336Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45b73b-fc99-4f74-8075-8789fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.157824Z',
               'id': 'malware-analysis--dc458035-822d-4f07-80d4-0a89fd18a656',
               'modified': '2021-09-15T19:22:44.630466Z',
               'product': 'alibaba',
               'result': 'malicious',
               'result_name': 'TrojanDownloader:Win32/Waski.aaca15b4',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.630582Z',
               'id': 'relationship--3a7abb12-86fe-4940-8800-e63b2e483c98',
               'modified': '2021-09-15T19:22:44.630582Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc458035-822d-4f07-80d4-0a89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45c61c-ddbf-4fbb-80db-cb89fd18a656',
               'type': 'relationship'}],
  'type': 'bundle'},
 {'id': 'bundle--dd45aeee-3a07-4f09-80dd-de89fd18a656',
  'objects': [{'aliases': ['Trojan.Win64.CoinMiner',
                           'Trojan.BtcMine.3367',
                           'Trojan.MSIL.qzrf',
                           'Dropper.Agent!8.2F',
                           'Win.Coinminer.Generic-7151250-0',
                           'Trojan.Win32.Trick.fmmuks'],
               'created': '2021-09-01T19:22:45.178976Z',
               'external_references': [{'source_name': 'polyswarm-report',
                                        'url': 'https://polyswarm.network/scan/results/file/84631ab11016280ca401d9775f0938ab31e451d228581944ee4eee3c2d538dc3'}],
               'first_seen': '2021-09-01T19:22:45.178976Z',
               'id': 'malware--de44e0eb-0e97-4fa4-80ab-f189fd18a656',
               'is_family': True,
               'last_seen': '2021-09-01T19:22:45.178976Z',
               'malware_types': ['trojan', 'resource-exploitation', 'dropper'],
               'modified': '2021-09-15T19:22:44.633865Z',
               'name': 'Trojan.Win64.CoinMiner',
               'spec_version': '2.1',
               'type': 'malware'},
              {'atime': '2021-09-01T19:22:47.000000Z',
               'ctime': '2021-09-01T19:22:48.000000Z',
               'hashes': {'MD5': '6e2757fa246b5bbdac38722930ec2794',
                          'SHA-1': '608604a72d867383a20c1f2f08ba1be61dc31b8b',
                          'SHA-256': '84631ab11016280ca401d9775f0938ab31e451d228581944ee4eee3c2d538dc3',
                          'SHA-512': '3e70dc8d82c4cba93fe79e3ab10931a5dbb4a67243a9e9b1843135223c3680ef462aa3232b4fe855b85bc8f2cb65fbc0e4d75084abde914a70cf71a10496aca2',
                          'SSDEEP': '49152:FGUzr9GOWh50kC1/dVFdNaeUE3LqW1T/f5iBA9R86DHVVzP7ffQmSumSDr4k:FG6r9GOWPClFdNaeUE3LqW1T/f5iBA9H',
                          'TLSH': 'abb57cbd728502b1d1eec476ca178d0ff7b17a524334a1eb156443ae2e236d98639f32'},
               'id': 'file--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'mtime': '2021-09-01T19:22:48.000000Z',
               'name': '84631ab11016280ca401d9775f0938ab31e451d228581944ee4eee3c2d538dc3',
               'spec_version': '2.1',
               'type': 'file'},
              {'aliases': ['Trojan.Win64.CoinMiner',
                           'Dropper.Agent!8.2F',
                           'Trojan.Win32.Trick.fmmuks',
                           'Trojan.MSIL.qzrf',
                           'Trojan.BtcMine.3367',
                           'Win.Coinminer.Generic-7151250-0'],
               'confidence': 99,
               'created': '2021-09-01T19:22:45.178976Z',
               'first_seen': '2021-09-01T19:22:45.178976Z',
               'id': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'is_family': False,
               'last_seen': '2021-09-01T19:22:45.178976Z',
               'modified': '2021-09-15T19:22:44.635847Z',
               'name': 'Trojan.Win64.CoinMiner',
               'sample_refs': ['file--dd45aeee-3a07-4f09-80dd-de89fd18a656'],
               'spec_version': '2.1',
               'type': 'malware'},
              {'created': '2021-09-15T19:22:44.636028Z',
               'id': 'relationship--2ddd2731-d977-4d21-9f42-456a390a9641',
               'modified': '2021-09-15T19:22:44.636028Z',
               'relationship_type': 'variant-of',
               'source_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--de44e0eb-0e97-4fa4-80ab-f189fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc45ff41-2a95-4f62-8069-d189fd18a656',
               'modified': '2021-09-15T19:22:44.636182Z',
               'product': 'alibaba',
               'result': 'benign',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.636307Z',
               'id': 'relationship--dfc0f440-5c7f-4a29-92ff-1a6545dd6d48',
               'modified': '2021-09-15T19:22:44.636307Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45ff41-2a95-4f62-8069-d189fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '69971A0908A7EC9BE1CDAA21B8EFE918, '
                                              '2020-Nov-23 22:42:22',
               'analysis_engine_version': '7.00.49.09080',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc445ec3-809e-4f9a-8052-1089fd18a656',
               'modified': '2021-09-15T19:22:44.636443Z',
               'product': 'drweb',
               'result': 'malicious',
               'result_name': 'Trojan.BtcMine.3367',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.636561Z',
               'id': 'relationship--e32c8ee3-1d9b-4eba-87f4-6bbb61741469',
               'modified': '2021-09-15T19:22:44.636561Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc445ec3-809e-4f9a-8052-1089fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '48872546c2e9031cb99dc29783b079288f18c6f8-Release.x64',
               'analysis_engine_version': '4.7.0.10',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc44186b-960c-4f21-8012-5589fd18a656',
               'modified': '2021-09-15T19:22:44.636694Z',
               'product': 'sentinelone-static-ml',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.636812Z',
               'id': 'relationship--308f92fb-ecdc-40a8-9245-b40c601ff795',
               'modified': '2021-09-15T19:22:44.636812Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44186b-960c-4f21-8012-5589fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_engine_version': '2',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc44dd7a-4c15-4f86-8034-1b89fd18a656',
               'modified': '2021-09-15T19:22:44.636948Z',
               'product': 'crowdstrike-falcon-ml',
               'result': 'benign',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.637101Z',
               'id': 'relationship--9148f1a1-b66c-4bde-b0f6-819ad558607a',
               'modified': '2021-09-15T19:22:44.637101Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44dd7a-4c15-4f86-8034-1b89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_engine_version': 'ClamAV 0.102.4/26281/Wed Sep  1 '
                                          '08:21:58 2021',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc44f633-e3e2-4f0c-802b-9989fd18a656',
               'modified': '2021-09-15T19:22:44.637241Z',
               'product': 'clamav',
               'result': 'malicious',
               'result_name': 'Win.Coinminer.Generic-7151250-0',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.637359Z',
               'id': 'relationship--f48af396-db6d-44b8-9e71-57a713d6f47f',
               'modified': '2021-09-15T19:22:44.637359Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44f633-e3e2-4f0c-802b-9989fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '6.100',
               'analysis_engine_version': '5.5.1',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc445857-1da9-4f82-80f3-1989fd18a656',
               'modified': '2021-09-15T19:22:44.637492Z',
               'product': 'secureage',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.637610Z',
               'id': 'relationship--23dd6ac8-5b49-4353-b54e-392bc524126e',
               'modified': '2021-09-15T19:22:44.637610Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc445857-1da9-4f82-80f3-1989fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '0.14.35.19132',
               'analysis_engine_version': '1.0.134.90676',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc45a504-0f2e-4ff6-80d4-1989fd18a656',
               'modified': '2021-09-15T19:22:44.637743Z',
               'product': 'nanoav',
               'result': 'malicious',
               'result_name': 'Trojan.Win32.Trick.fmmuks',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.637861Z',
               'id': 'relationship--d12b3cab-fdf5-4bbe-b48b-9ce9ffa00e11',
               'modified': '2021-09-15T19:22:44.637861Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45a504-0f2e-4ff6-80d4-1989fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc440050-76f9-4f3c-8038-9e89fd18a656',
               'modified': '2021-09-15T19:22:44.637995Z',
               'product': 'rising',
               'result': 'malicious',
               'result_name': 'Dropper.Agent!8.2F',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.638121Z',
               'id': 'relationship--0a1c9971-36b9-482e-b117-39ecc03c5ed5',
               'modified': '2021-09-15T19:22:44.638121Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc440050-76f9-4f3c-8038-9e89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc45f7a9-3354-4f02-80ad-bc89fd18a656',
               'modified': '2021-09-15T19:22:44.638263Z',
               'product': 'filseclab',
               'result': 'benign',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.638383Z',
               'id': 'relationship--5f2cb4a5-94d2-49f0-abc5-dd2ea9795a07',
               'modified': '2021-09-15T19:22:44.638383Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc45f7a9-3354-4f02-80ad-bc89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '01.09.2021 18:16:19 (104093)',
               'analysis_engine_version': '5.6.2.0',
               'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc446861-42b0-4f55-804a-0389fd18a656',
               'modified': '2021-09-15T19:22:44.638518Z',
               'product': 'ikarus',
               'result': 'malicious',
               'result_name': 'Trojan.Win64.CoinMiner',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.638636Z',
               'id': 'relationship--c4056dc0-23e5-4b36-8d50-4cc1dafd9958',
               'modified': '2021-09-15T19:22:44.638636Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc446861-42b0-4f55-804a-0389fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc44bf82-a407-4fd6-800d-ab89fd18a656',
               'modified': '2021-09-15T19:22:44.638769Z',
               'product': 'lionic',
               'result': 'benign',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.639014Z',
               'id': 'relationship--0c2bccc2-ff2c-4b56-9088-e2b93e8abf91',
               'modified': '2021-09-15T19:22:44.639014Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44bf82-a407-4fd6-800d-ab89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.178976Z',
               'id': 'malware-analysis--dc44455e-f135-4f64-809d-8d89fd18a656',
               'modified': '2021-09-15T19:22:44.639160Z',
               'product': 'jiangmin',
               'result': 'malicious',
               'result_name': 'Trojan.MSIL.qzrf',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.639281Z',
               'id': 'relationship--855479ed-53f2-4368-95d3-92340d4a68fb',
               'modified': '2021-09-15T19:22:44.639281Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44455e-f135-4f64-809d-8d89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd45aeee-3a07-4f09-80dd-de89fd18a656',
               'type': 'relationship'}],
  'type': 'bundle'},
 {'id': 'bundle--dd44bb23-4668-4f3b-80c3-d589fd18a656',
  'objects': [{'aliases': ['Backdoor.6536F84D7F60AA9C',
                           'win/malicious',
                           'Malware:Win32/Dorpal.ali1000029',
                           'BackDoor.Golf.260',
                           'Backdoor.Generic.ztr',
                           'Trojan.Win32.Urelas',
                           'Backdoor.Plite!8.2D6',
                           'Win.Malware.Urelas-6840420-0'],
               'created': '2021-09-01T19:22:45.194687Z',
               'external_references': [{'source_name': 'polyswarm-report',
                                        'url': 'https://polyswarm.network/scan/results/file/ce50012446934e7ad42c209a12e377a9594930f788c659b32b5344bbc7ef5fb3'}],
               'first_seen': '2021-09-01T19:22:45.194687Z',
               'id': 'malware--de44e0eb-0e97-4fa4-80ab-e089fd18a656',
               'is_family': True,
               'last_seen': '2021-09-01T19:22:45.194687Z',
               'malware_types': ['backdoor', 'virus', 'trojan'],
               'modified': '2021-09-15T19:22:44.642432Z',
               'name': 'Urelas',
               'spec_version': '2.1',
               'type': 'malware'},
              {'atime': '2021-09-01T19:22:50.000000Z',
               'ctime': '2021-09-01T19:22:50.000000Z',
               'hashes': {'MD5': 'f5b78e02928c276f22be13313d37bcb4',
                          'SHA-1': 'e024f5d831e101d4d7748fe3d0792e72f4762ff0',
                          'SHA-256': 'ce50012446934e7ad42c209a12e377a9594930f788c659b32b5344bbc7ef5fb3',
                          'SHA-512': '66727aa1e7c24987b515ff42704b35a89d4ea5d3c62d32649f158218628344b30adfaa8a61967124592969f7301930588e472a618b5eed0b629c509d114e3b28',
                          'SSDEEP': '1536:s1baYkjUIKECOmxUNKwhB+GT/4I2fm3w9Rri+pXmf8t1dn4vcj0:sjIKn1xUswhsGTgI23RGUXmUDg',
                          'TLSH': '22d3cf4566010894f71c0b721a02fad0889dae7c65d6fa5ff1bc7d7ab932183a97309f'},
               'id': 'file--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'mtime': '2021-09-01T19:22:50.000000Z',
               'name': 'ce50012446934e7ad42c209a12e377a9594930f788c659b32b5344bbc7ef5fb3',
               'spec_version': '2.1',
               'type': 'file'},
              {'aliases': ['Backdoor.6536F84D7F60AA9C',
                           'win/malicious',
                           'Malware:Win32/Dorpal.ali1000029',
                           'BackDoor.Golf.260',
                           'Backdoor.Generic.ztr',
                           'Trojan.Win32.Urelas',
                           'Backdoor.Plite!8.2D6',
                           'Win.Malware.Urelas-6840420-0'],
               'confidence': 99,
               'created': '2021-09-01T19:22:45.194687Z',
               'first_seen': '2021-09-01T19:22:45.194687Z',
               'id': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'is_family': False,
               'last_seen': '2021-09-01T19:22:45.194687Z',
               'modified': '2021-09-15T19:22:44.644475Z',
               'name': 'Urelas',
               'sample_refs': ['file--dd44bb23-4668-4f3b-80c3-d589fd18a656'],
               'spec_version': '2.1',
               'type': 'malware'},
              {'created': '2021-09-15T19:22:44.644702Z',
               'id': 'relationship--d1f3b112-02c4-4ea8-b36d-56c871f3da91',
               'modified': '2021-09-15T19:22:44.644702Z',
               'relationship_type': 'variant-of',
               'source_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--de44e0eb-0e97-4fa4-80ab-e089fd18a656',
               'type': 'relationship'},
              {'analysis_engine_version': '2',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44ef20-ce6a-4f5a-8060-d389fd18a656',
               'modified': '2021-09-15T19:22:44.644858Z',
               'product': 'crowdstrike-falcon-ml',
               'result': 'malicious',
               'result_name': 'win/malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.644982Z',
               'id': 'relationship--d5a07ca3-fcbe-4722-92e8-16a6ac82da9e',
               'modified': '2021-09-15T19:22:44.644982Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44ef20-ce6a-4f5a-8060-d389fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44ff03-52a3-4f74-8059-1289fd18a656',
               'modified': '2021-09-15T19:22:44.645144Z',
               'product': 'jiangmin',
               'result': 'malicious',
               'result_name': 'Backdoor.Generic.ztr',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.645264Z',
               'id': 'relationship--4b08404d-64e3-44ae-99ab-8017944749ad',
               'modified': '2021-09-15T19:22:44.645264Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44ff03-52a3-4f74-8059-1289fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '6.100',
               'analysis_engine_version': '5.5.1',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44f830-1712-4fcc-80e6-1089fd18a656',
               'modified': '2021-09-15T19:22:44.645396Z',
               'product': 'secureage',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.645514Z',
               'id': 'relationship--937a07aa-bc4f-4039-94b7-34c586f42703',
               'modified': '2021-09-15T19:22:44.645514Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44f830-1712-4fcc-80e6-1089fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '69971A0908A7EC9BE1CDAA21B8EFE918, '
                                              '2020-Nov-23 22:42:22',
               'analysis_engine_version': '7.00.49.09080',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc443af4-a14c-4f37-8028-7b89fd18a656',
               'modified': '2021-09-15T19:22:44.645648Z',
               'product': 'drweb',
               'result': 'malicious',
               'result_name': 'BackDoor.Golf.260',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.645765Z',
               'id': 'relationship--09473b27-7c9e-4c41-bacb-b507e2a59900',
               'modified': '2021-09-15T19:22:44.645765Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc443af4-a14c-4f37-8028-7b89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44bea2-b17e-4fb6-80e1-2c89fd18a656',
               'modified': '2021-09-15T19:22:44.645898Z',
               'product': 'filseclab',
               'result': 'malicious',
               'result_name': 'Backdoor.6536F84D7F60AA9C',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.646016Z',
               'id': 'relationship--c9070ece-6c17-4af8-843b-8c9506acd11a',
               'modified': '2021-09-15T19:22:44.646016Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44bea2-b17e-4fb6-80e1-2c89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44cd9a-0c37-4f5e-808c-4189fd18a656',
               'modified': '2021-09-15T19:22:44.646147Z',
               'product': 'alibaba',
               'result': 'malicious',
               'result_name': 'Malware:Win32/Dorpal.ali1000029',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.646281Z',
               'id': 'relationship--fdf11db2-f58b-4b3e-b5ac-eafd5aae5fff',
               'modified': '2021-09-15T19:22:44.646281Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44cd9a-0c37-4f5e-808c-4189fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44ef5d-f3cf-4ff5-8048-6089fd18a656',
               'modified': '2021-09-15T19:22:44.646417Z',
               'product': 'lionic',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.646531Z',
               'id': 'relationship--4c9040a8-e18c-4e18-9719-bd1d0aea4b84',
               'modified': '2021-09-15T19:22:44.646531Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44ef5d-f3cf-4ff5-8048-6089fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '01.09.2021 18:16:19 (104093)',
               'analysis_engine_version': '5.6.2.0',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44f324-c769-4fb0-805e-4089fd18a656',
               'modified': '2021-09-15T19:22:44.646661Z',
               'product': 'ikarus',
               'result': 'malicious',
               'result_name': 'Trojan.Win32.Urelas',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.646777Z',
               'id': 'relationship--6c4ae8f4-6834-463f-bd8a-7f48897802c6',
               'modified': '2021-09-15T19:22:44.646777Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44f324-c769-4fb0-805e-4089fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '2019-10-02 10:25',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc4461c1-5f2a-4f35-80dd-e589fd18a656',
               'modified': '2021-09-15T19:22:44.646906Z',
               'product': 'qihoo-360',
               'result': 'benign',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.647020Z',
               'id': 'relationship--af73da52-3871-4627-89d9-dec1a1da70bb',
               'modified': '2021-09-15T19:22:44.647020Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc4461c1-5f2a-4f35-80dd-e589fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44b4fb-d3f9-4f32-80ef-6489fd18a656',
               'modified': '2021-09-15T19:22:44.647162Z',
               'product': 'rising',
               'result': 'malicious',
               'result_name': 'Backdoor.Plite!8.2D6',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.647277Z',
               'id': 'relationship--7d6c1a5b-b470-44cc-9518-deaedfe23236',
               'modified': '2021-09-15T19:22:44.647277Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44b4fb-d3f9-4f32-80ef-6489fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'analysis_definition_version': '48872546c2e9031cb99dc29783b079288f18c6f8-Release.x64',
               'analysis_engine_version': '4.7.0.10',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc44beb6-1678-4f7b-801f-2b89fd18a656',
               'modified': '2021-09-15T19:22:44.647410Z',
               'product': 'sentinelone-static-ml',
               'result': 'malicious',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.647525Z',
               'id': 'relationship--ee17c47a-9768-4f6f-8cf8-446a4a34d524',
               'modified': '2021-09-15T19:22:44.647525Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc44beb6-1678-4f7b-801f-2b89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'},
              {'analysis_engine_version': 'ClamAV 0.102.4/26090/Wed Feb 24 '
                                          '12:09:42 2021',
               'created': '2021-09-01T19:22:45.194687Z',
               'id': 'malware-analysis--dc446b6b-1a0d-4f7c-806c-4c89fd18a656',
               'modified': '2021-09-15T19:22:44.647653Z',
               'product': 'clamav',
               'result': 'malicious',
               'result_name': 'Win.Malware.Urelas-6840420-0',
               'spec_version': '2.1',
               'type': 'malware-analysis'},
              {'created': '2021-09-15T19:22:44.647769Z',
               'id': 'relationship--56e75fba-6af7-4cec-9482-dabcb866ea6d',
               'modified': '2021-09-15T19:22:44.647769Z',
               'relationship_type': 'av-analysis-of',
               'source_ref': 'malware-analysis--dc446b6b-1a0d-4f7c-806c-4c89fd18a656',
               'spec_version': '2.1',
               'target_ref': 'malware--dd44bb23-4668-4f3b-80c3-d589fd18a656',
               'type': 'relationship'}],
  'type': 'bundle'}]
Filter Parameters

A TAXII Client can request specific content from a TAXII Server by specifying a set of filters included in the URL query parameters of the request to the server.

Universal filter parameters

All of PolySwarm's collections support the following filter parameters:

URL Query Parameters Description Example
added_after A single "T-Syntax" RFC3339 time stamp that filters objects to only include those objects added after the specified time stamp. If no added_after URL query parameter is provided, the server will return the oldest objects matching the request first. For example, if a server has 100 objects (0-99), the server would start at record 0 looking for a match and work its way up from oldest to newest finding 50 (the default & maximum limit) of objects that matched the request. 2021-09-08T00:00:00Z
limit A single integer value that indicates the maximum number of objects that to receive in a single response. This must be a positive integer greater than 0 and less than 51. 25
next A single opaque string value that indicates the next record or set of records in the data set that the client is requesting. This value never expires and may be used to resume pagination at a later date (if you attempt to resume pagination of objects objects older than that collection's defined maximum object age, you will resume pagination from that collection's initial page. gAAAAAOSmbvF...oRY06o==

You can use supply any these parameters as keyword arguments to read_taxii_feed:

read_taxii_feed(collection, added_after='2021-09-08T00:00:00Z'):
match[<field>]

Non-freemium collections also provide a match[<field>] parameter to apply filtering on a specific <field>. The match parameter can be specified any number of times, where each match instance specifies an additional filter combined as logical "AND" predicates. Individual match query parameters may contain multiple values separated by a comma (,) which are treated as a logical "OR". For instance, ?match[type]=bundle,sighting specifies a filter for objects that are of type bundle OR sighting.

Field Description Example
id The identifier of the object(s) that are being requested bundle--dd45feca-cf0c-4f86-8026-f889
type The type of the object(s) that are being requested. Only the types listed in this parameter are permitted in the response. bundle,sighting

You can use supply any these parameters as keyword arguments to read_taxii_feed:

read_taxii_feed(collection, id='bundle--dd45feca-cf0c-4f86-8026-f889,bundle--dd445a57-7358-4ff4-8056-5d89'):

2021 © PolySwarm Pte. Ltd.