ThreatConnect and MalwareBazaar: Open-Source Malware Analysis

ThreatConnect and MalwareBazaar have partnered to deliver a new Playbook app for joint customers. MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors, and threat intelligence providers. This Playbook app will allow you to automatically detonate, analyze, and submit files in MalwareBazaar from ThreatConnect to understand if they are malicious and return any contextualized telemetry. This all leads to more informed decision-making and more efficient remediation of malicious files through automation.

ThreatConnect and MalwareBazaar: Open-Source Malware Analysis

The following capabilities are available:

Automated Malware Sandboxing

  • As part of a security process, you can automatically send malware to MalwareBazaar. Once sandboxed and depending on the Malware too, you can get outputs in the form of C2 communications, file hashes, registry keys, MITRE ATT&CK tags, YARA signatures, and more. You can then use these outputs to inform detection and remediation processes in the rest of your security stack.

Enrichment

  • As part of an investigation, you may come across a familiar file hash and want to see if you’ve seen it and sandboxed it before. You can use ThreatConnect to query MalwareBazaar and retrieve this information as part of an enrichment process during a case or investigation.

The following actions are available within the Playbook App:

  • Submit File
  • Get File Enrichment
  • Advanced Request

Together, ThreatConnect and MalwareBazaar help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on how to install and use this Playbook app. If you’re not yet a customer and are interested in ThreatConnect and this integration, please contact us at sales@threatconnect.com.

Jeff Quist
About the Author
Jeff Quist

Jeff Quist, Product Marketing Manager at ThreatConnect, has 9 years of experience in Sales, Marketing, Product Management, and Product Marketing, mainly in technology and financial services. His professional experience and empathy for customers and partners help him to develop engaging marketing content and empower sales teams. Jeff lives in New York City and in his free time, he enjoys sketching, reading sci-fi novels, and supporting the Boston Bruins.