Malware Patrol for MISP


Malware Patrol offers an integration with MISP. There are two ways to integrate:

  1. Sync our instance with yours (one-way)
  2. Download MISP-formatted feeds.

The following data feeds are available:

Click here to access our detailed configuration guide about ingesting our MISP-formatted feeds.


Interested in a FREE evaluation or want to learn more about integrating Malware Patrol’s data into your MISP instance?


“The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.”

This reputable and powerful tool is used by thousands of organizations worldwide and has many helpful, active communities. The platform is feature-rich and boasts the following (and more) capabilities and options: 

  • “An efficient IoC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
  • Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
  • A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
  • Built-in sharing functionality to ease data sharing using different model of distributions.
  • export: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
  • import: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.
  • feed import: flexible tool to import and integrate MISP feed and any threatintel or OSINT feed from third parties. Many default feeds are included in standard MISP installation.
  • flexible API to integrate MISP with your own solutions.
  • adjustable taxonomy to classify and tag events following your own classification schemes or existing taxonomies.
  • intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events in MISP.
  • expansion modules in Python to expand MISP with your own services or activate already available misp-modules.”