Uploading Malware

Last Updated: Sep 04, 2019 11:05AM EDT
User; Organization Administrator to restrict document storage to Malware Vault


Malware can be uploaded to ThreatConnect® for the purpose of analysis. For security reasons, this task can be accomplished only by encrypting and zipping the malware and then creating it as a Document Group in ThreatConnect.

Uploading a File to the Malware Vault

  1. Select a malware file and convert it to a password-protected, encrypted, and compressed (.zip) format.
  2. From the top navigation bar (Figure 1), place the cursor over Create and then over the Group option. Select the Document object, and the Create Document screen will be displayed with the Details section selected (Figure 2).
    • Type: The Type dropdown menu is used to select a different Group type. Keep the selection as Document.
    • Owner: Use the dropdown menu to select the Owner of the malware Document.
    • Summary: Enter a name for the Document. For Malware Vault Documents, the name should be the filename of the original malware sample, including the file extension, inside the password-protected .zip folder (e.g., bad.exe).
    • Upload Document: Use this section to upload the Document. Once the Document has been uploaded, the filename will appear underneath the orange malware warning, along with a checkbox labeled Add to Malware Vault, which should be selected so that the Document is added to the Malware Vault (Figure 3).
    • Password: Enter the password needed to unencrypt the file.
      NOTE: “TCinfected” is the default, and preferred, password for any malicious files uploaded to the malware vault.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
  3. Click the NEXT button to go to the Associations section and then to the Attachments section. (See Create for further information.)
  4. Click the SAVE button.
  5. The Details screen for the Document will be displayed with the Overview tab selected (Figure 4).

Malware Restrictions

Organization Administrators and higher can prevent users in Communities from accidentally uploading malware. To do so, hover the cursor over the Settings icon on the top navigation bar (Figure 1), choose Org Settings, and select the Communities/Sources tab. Then click on a Community to view its Information screen (Figure 5).

Ensure that the Restrict Document Storage to Malware Vault checkbox is selected so that all documents that Community contributors upload will be placed automatically in the Malware Vault. This restriction is enforced in three locations: the Create Document screen (Figure 2 and Figure 3), when uploading a file to an existing Document on the Document’s Details screen, and API Document creation for Documents in Communities.

NOTE: Community Editors and Community Directors will not be affected by the restriction.

20036-07 EN Rev. A

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us

seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found