--- title: "Uploading Malware | ThreatConnect" slug: "uploading-malware" description: "This article describes how to upload a file to the Malware Vault in ThreatConnect and create a Document Group for the file. It also demonstrates how Organization Administrators can restrict uploads to the Malware Vault for Communities." tags: ["Importing Data", "Analytical Tools"] updated: 2024-07-17T20:27:24Z published: 2024-07-17T20:27:24Z canonical: "knowledge.threatconnect.com/uploading-malware" --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # Uploading Malware ## Overview Malware can be uploaded to ThreatConnect® for the purpose of analysis. For security reasons, this task can be accomplished only by encrypting and zipping the malware and then creating it as a **Document** Group in ThreatConnect. ImportantDo not use the Malware Group to upload malware to the Malware Vault. Instead, use the Document Group to upload malware to the Malware Vault, and then, if desired, create a Malware Group and [associate](https://knowledge.threatconnect.com/docs/associations) it to the Document Group that was uploaded to the Malware Vault. ## Before You Start | Minimum Role(s) | - Organization role of Standard User (for uploading a file to the Malware Vault) - Organization role of Organization Administrator (for restricting document storage to the Malware Vault) | | --- | --- | | Prerequisites | None | ## Uploading a File to the Malware Vault 1. Select a malware file and convert it to a password-protected, encrypted, and compressed (**.zip**) format. 2. On the top navigation bar, hover over **Create** and select **Document**in the **Group**column. The **Create Document**screen will be displayed with the **Details**section selected (Figure 1). ![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/uploading-malware-image-qpev0hlg.png) - **Type**: The **Type** dropdown menu is used to select a different Group type. Keep the selection as **Document**. - **Owner**: Select the [owner](https://knowledge.threatconnect.com/docs/ownership-in-threatconnect) of the Document Group. - **Summary**: Enter a name for the Document Group. For Malware Vault Document Groups, the name should be the filename of the original malware sample, including the file extension, inside the password-protected **.zip** folder (e.g., **bad.exe**). - **Upload Document**: Use this section to upload the malware file. Once the malware file has been uploaded, the filename will be displayed below the orange malware warning, along with a checkbox labeled **Add to Malware Vault**. Selected this checkbox to add the file to the Malware Vault (Figure 2). ![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/uploading-malware-image-h0lkzptd.png) - **Password**: Enter the password needed to unencrypt the file.Note“TCinfected” is the default, and preferred, password for any malicious files uploaded to the Malware Vault. - **Description**: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc. - **Apply Description to Associations**: Select this checkbox to apply the **Description** to the associated Indicators provided in the **Associations**section. - **Tags**: Enter [Tags](https://knowledge.threatconnect.com/docs/applying-tags) for the Group. - **Apply Tags to Associations**: Select this checkbox to apply the Tags to the associated Indicators provided in the **Associations**section. - If desired, add associated Indicators and attachments to the Document Group. See the [“Creating a Group” section of *Create*](https://knowledge.threatconnect.com/docs/create#creating-a-group) for further instruction. - Click the **SAVE** button. 3. The **Overview**tab of the [**Details** screen](https://knowledge.threatconnect.com/docs/the-details-screen)for the Document Group will be displayed (Figure 3). ![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/uploading-malware-image-2vvyntju.png) ## Malware Restrictions Organization Administrators can prevent users in Communities from accidentally uploading malware. 1. On the top navigation bar, hover the cursor over **Settings**![A picture containing text, clipart, light Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/uploading-malware-image-u6iju4kt.png)and select **Org Settings**. The **Organization Settings**screen will be displayed. 2. Select the **Communities/Sources**tab. The **Communities/Sources**screen will be displayed. 3. Select a Community to display its **Information**screen (Figure 4). ![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/uploading-malware-image-wf0laihn.png) 4. Ensure that the **Restrict Document Storage To Malware Vault**checkbox is selected so that all documents that Community contributors upload will be placed automatically in the Malware Vault. This restriction is enforced in three locations: the **Create Document** screen (Figure 1 and Figure 2), when uploading a file to an existing Document Group on its **Details**screen, and API Document creation for Documents in Communities.NoteCommunity Editors and Community Directors will not be affected by the restriction. --- *ThreatConnect® is a registered trademark of ThreatConnect, Inc.* 20036-01 v.08.B