The MISP threat intelligence platform’s powerful correlation and analysis capabilities enable the identification of relationships between various threat indicators, uncovering attack campaigns and providing a comprehensive view of the threat landscape.

By integrating Malware Patrol’s reputable indicators of compromise (IoCs), malware signatures, and contextual data about emerging threats into their MISP instances, organizations further enhance their ability to detect and respond to cyber attacks promptly.

The following data feeds are available:

  • Command & Control (C2) URLs
  • Cryptomining
  • DGA Domains
  • Malicious IPs
  • Malware URLs
  • DNS-over-HTTPS (DoH) Servers

There are two ways to integrate Malware Patrol’s data with your MISP:

  1. Sync our instance with yours (one-way)
  2. Download MISP-formatted feeds.

Click here to access our detailed MISP configuration guide.

About MISP

The MISP threat intelligence sharing platform is a free and open-source software used to gather, share, store and correlate indicators of compromise, threat intelligence, and more. This reputable and powerful tool is used by thousands of organizations worldwide and has many helpful, active communities. The platform is feature-rich and boasts the following (and more) capabilities and options:

  • “An efficient IoC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
  • Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
  • A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
  • Built-in sharing functionality to ease data sharing using different model of distributions.
  • Export: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
  • Import: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.
  • Feed import: flexible tool to import and integrate MISP feed and any threatintel or OSINT feed from third parties. Many default feeds are included in standard MISP installation.
  • Flexible API to integrate MISP with your own solutions.
  • Adjustable taxonomy to classify and tag events following your own classification schemes or existing taxonomies.
  • Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events in MISP.
  • Expansion modules in Python to expand MISP with your own services or activate already available misp-modules.”