Group-IB TDS Polygon

THF Polygon is a Malware Detonation & Research platform designed for deep dynamic analysis and enhanced indicators extraction. THF Polygon analyzes submitted files and urls and extracts deep IOCs that appear when malicious code is triggered and executed. Polygon could be used either for application-level tasks (like smtp-based mail filtering) and analytical purposes (files/urls analysis for verdict, report and indicators).

Forensics & Malware Analysis · Polygon

Configuration parameters

  • server — Server URL (e.g., https://huntbox.group-ib.com) (required)
  • api_key — API Key (required)
  • report_language — Default reports language (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • integrationReliability — Source Reliability
  • feedExpirationPolicy
  • feedExpirationInterval

Commands (7)

  • file

    Check file reputation.

  • polygon-analysis-info

    Get THF Polygon analysis info.

  • polygon-export-pcap

    The command allows you to download a network activity dump in case the file/link is malicious.

  • polygon-export-report

    Export an archive with THF Polygon report to War Room.

  • polygon-export-video

    The command allows you to download a screen activity video in case the file/link is malicious.

  • polygon-upload-file

    Upload file for analysis.

  • polygon-upload-url

    Upload URL for analysis.