MISP – Open Source Threat Intelligence and Sharing Platform (formerly known as Malware Information Sharing Platform) is developed as free software/open source by a group of developers from CIRCL and many other contributors.

CIRCL operates several MISP instances (for different types of constituents) in order to improve automated detection and responsiveness to targeted and cybersecurity attacks in Luxembourg and outside. MISP is a platform for sharing threat indicators, threat intelligence within private and public sectors. Private organisations, organisations, private researchers or CERTs can request access to their respective MISP community.

A platform for sharing, storing and correlating Indicators of Compromises of targeted attacks but also threat intelligence such as threat actor information, financial fraud information and many more.

MISP – Open Source Threat Intelligence and Sharing Platform allows organizations to share information such as threat intelligence, indicators, threat actor information or any kind of threat which can structured in MISP. MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and detection.

MISP information sharing communities – a trusted platform with multiple goals. The objective of the  MISP – Open Source Threat Intelligence and Sharing Platform is to:

• Facilitate the storage of technical and non-technical information about seen malware and attacks
• Create automatically relations between malware and their attributes
• Store data in a structured format (allowing automated use of the database to feed detection systems or forensic tools)
• Generate rules for Network Intrusion Detection System (NIDS) that can be imported on IDS systems (e.g. IP addresses, domain names, hashes of malicious files, pattern in memory)
• Share malware and threat attributes with other parties and trust-groups
• Improve malware detection and reversing to promote information exchange among organizations (e.g. avoiding duplicate works)
• Create a platform of trust – trusted information from trusted partners
• Store locally all information from other instances (ensuring confidentiality on queries)

How does MISP work?

Malware Information Sharing Platform is accessible from different interfaces like a web interface (for analysts or incident handlers) or via a ReST API (for systems pushing and pulling IOCs). The inherent goal of MISP is to be a robust platform that ensures a smooth operation from revealing, maturing and exploiting the threat information.

If you work for private organisations, organisations, CERTs, if you are a trusted security vendor or researcher, you can request access by contacting us. The registration and access requires the use of at least one PGP key per organization. The access is free-of-charge. The objective is to stimulate sharing practises among public and private actors. The access is mainly bound to distribution as described in the traffic light protocol.