Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

ThreatConnect and MalwareBazaar: Open-Source Malware Analysis

ThreatConnect and MalwareBazaar have partnered to deliver a new Playbook app for joint customers. MalwareBazaar is a project from with the goal of sharing malware samples with the infosec community, AV vendors, and threat intelligence providers. This Playbook app will allow you to automatically detonate, analyze, and submit files in MalwareBazaar from ThreatConnect to understand if they are malicious and return any contextualized telemetry. This all leads to more informed decision-making and more efficient remediation of malicious files through automation.

ThreatConnect and MalwareBazaar: Open-Source Malware Analysis

The following capabilities are available:

Automated Malware Sandboxing

  • As part of a security process, you can automatically send malware to MalwareBazaar. Once sandboxed and depending on the Malware too, you can get outputs in the form of C2 communications, file hashes, registry keys, MITRE ATT&CK tags, YARA signatures, and more. You can then use these outputs to inform detection and remediation processes in the rest of your security stack.


  • As part of an investigation, you may come across a familiar file hash and want to see if you’ve seen it and sandboxed it before. You can use ThreatConnect to query MalwareBazaar and retrieve this information as part of an enrichment process during a case or investigation.

The following actions are available within the Playbook App:

  • Submit File
  • Get File Enrichment
  • Advanced Request

Together, ThreatConnect and MalwareBazaar help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on how to install and use this Playbook app. If you’re not yet a customer and are interested in ThreatConnect and this integration, please contact us at

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at