Uploading Malware

Last Updated: Nov 21, 2018 05:20PM EST
User; Organization Administrator to restrict document storage to Malware Vault


Malware can be uploaded to ThreatConnect® for the purpose of analysis. For security reasons, this task can be accomplished only by encrypting and zipping the malware and then creating it as a Document Group in ThreatConnect.


  1. Select a malware file and convert it to a password-protected, encrypted, and compressed (.zip) format.
  2. From the top navigation bar (Figure 1), place the cursor over CREATE (Figure 2) and then over the GROUP option.
  3. Click on the DOCUMENT object, and the Create Document screen will appear with the Details section selected (Figure 3).
    • Type: The Type drop-down menu can be used to select a different Group type if desired. Keep the selection as Document.
    • Owner: Select the Owner of the malware Document.
    • Summary: Use this section to provide a name for the Document. For Malware Vault Documents, the name should be the filename of the original malware sample, including the file extension, inside the password-protected .zip folder (e.g., bad.exe).
    • Upload Document: Use this section to upload the Document. Once the Document has been uploaded, the filename will appear underneath the orange malware warning, along with a checkbox labeled Add to Malware Vault (Figure 4). Click the box to check it.
    • Password: Enter the password needed to unencrypt the file.
      NOTE: “TCinfected” is the default, and preferred, password for any malicious files uploaded to the malware vault.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
  4. Click the NEXT button to go to the Associations section and then to the Attachments section. (See Create for further information.)
  5. Click the SAVE button.
  6. The Details screen for the Document will appear, with the Overview tab highlighted (Figure 5).

Malware Restrictions

Organization Administrators and higher can prevent users from accidentally uploading malware. To do so, hover the cursor over the Settings icon on the top navigation bar (Figure 1), choose ORG SETTINGS, and select the Communities/Sources tab. Then click on a community to view the Information screen for the Community (Figure 6).

Check the Restrict Document Storage to Malware Vault checkbox to ensure that all documents users upload will be placed automatically in the Malware Vault. This restriction is enforced in three locations: the Create Document screen (Figure 3 and Figure 4), when uploading a file to an existing Document on the Document’s Details screen, and API Document creation for Documents in Communities.

20036-06 EN Rev. E

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us

seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found