Cisco's Malicious Sample Submission Process
The team has an email address for Enterprise users to submit malware samples to for analysis.
This tool is intended to help users who have information about domains that should be blocked but are not currently, or information about specific malware samples that communicate with domains, IP addresses or URLs that you'd like us to be aware of.
Our Research team may not respond directly to a file submission, and submissions should not be used as a substitute for analysis of a given domain's block page status. For information about why a domain is blocked or a request to unblock it, please contact Cisco Support.
How to Submit A Malware Sample
Between your systems and our Research teams, there are several levels of malware protection. These layers can be both on your network, or at the carrier layer - your ISP's routers for instance. The files you send must be able to pass between you and Cisco without being detected as malware and stopped. In order to get samples to us effectively, create a password-protected zip file containing the suspicious file(s).
These two steps must be followed in order to submit a sample:
- Encrypt all samples intended for submission in an archive (or a 'zip file') with password "notinfected" (without the quotes). If you don't have a program to compress files and add the password to archive, try 7zip - it's free and open-source.
- Send your compressed, encrypted samples to firstname.lastname@example.org
You may also be asked by Support to submit a sample and have an existing case reference, enter it into the body of the email.