Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

ThreatConnect and VirusTotal: Enable YARA Hunting and Better Malware Analysis

ThreatConnect and VirusTotal have improved our collaboration with a new Playbook App! This app will allow you to send malware to a sandbox to be further examined and retrieve the results from VirusTotal.  Leveraging this App, you will be able to perform Phishing Email Triage, Endpoint Investigation, and Malware Hunting. This all leads to more informed decision making and more efficient remediation through automation. 

VirusTotal Playbook Template – Submit File

The VirusTotal Playbook App will enable you to: 

  • Use ThreatConnect’s Playbooks, coupled with VirusTotal Intelligence’s hunting capability, to create and deploy YARA rulesets for more accurate detection of previously unknown malicious files. File hashes can easily be changed, but leveraging YARA analysts can perform searches based on the file behavior leading to less chance for false positives.
  • Build a composite of knowledge for malware variants by overlaying VirusTotal’s analysis results on top of open-source or premium intelligence information.
  • Mine for potential IOCs in the form of C2 nodes, Registry Keys, etc. to gain a more holistic understanding of the potential threat by discovering how and where the malware operates.
  • Leverage VirusTotal to detonate potentially malicious files as part of an investigation such as phishing email triage, or performing further host-based analysis and remediation.
  • Make EDR and SIEM workflows smarter and more efficient by triaging potentially malicious files early on instead of wasting precious time hunting for false positives.

The following actions are available with this Playbook App:

  • Submit File
  • Get File Results
  • Parse File Results

Together, ThreatConnect and VirusTotal help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the VirusTotal App. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at