MISP Project @MISPProject@mastodon.opencloud.lu
- MISP web site
- https://www.misp-project.org/
- BlueBird
- https://twitter.com/MISPProject
MISP - Threat Sharing. An Open Source software and standards to share, create and validate threatintel and intelligence.
#Infosec #Security #OpenSource
Joined Jan 2019
If you are a vendor in threat intelligence, don't hesitate to contribute your own module to MISP. It will help everyone and especially the integration with existing open or closed services.
Nice to see new sharing communities using MISP being created.
Hey, sure you can
You need to use the following parameters:
endpoint: /events/upload_stix
Accept: application/xml
Content-Type: application/json
Then you paste the content of your stix file as HTTP body of your query, and it should work
If you have any question, let me know
Yeah, to address this issue, now MISP has an additional field "threat actor classification" under which the "operation" value can be added.
Thank you for pointing this out. We welcome pull-request and changes.
FYI, MISP is no more called "Malware Information Sharing Platform" but MISP - Open Source Threat Intelligence Platform as the sharing is much more broad nowadays.
Thanks @rungrage. Latest thing we've done: extended the social media objects in @MISPProject so we can build better disinformation threat intelligence reports
Docker @MISPProject core-v2.4.125b is building
Fixes:
- Default to modern SSL, with secure option. Fixes other MISPs unable to connect
- Ensures submodules are updated as expected on updates
- Move SSL cert location <- NOTE THIS see #53
https://github.com/coolacid/docker-misp …
That's actually very cool, thank you @0x3c7 and @Secureworks for that! That motivated me to script (the import of @MISPProject threat-actor galaxy, 324 actors, including the targeted sector tags! On a clean @QuoLabTech instance, that looks busy :)
https://github.com/quolab/scripts
https://twitter.com/0x3c7/status/1263889007374729221 …pic.twitter.com/x33VS3HKLr
threat-actor-intelligence-server software has been updated and threat actor can now be queried by country. There is public API where you can query threat actor by name, country and uuid. #ThreatIntelligence
https://github.com/MISP/threat-actor-intelligence-server …pic.twitter.com/kNwlFTFZCB
With the new misp-opendata software, MISP datasets can be automatically extracted and published on @EU_opendata @OpenDataLU portals automatically. #threatintel #opendata
https://github.com/MISP/misp-opendata … This work is part of the @VARIoT_project and co-funded by @inea_eu #CEFtelecom #PODpic.twitter.com/qF3gcwupOO
One of our HEFESTIS Ltd members ended up with a list of 50 domains to research to see if any were malicious. I used the #MISP platform to get an answer for all 50 in a minute.
https://www.youtube.com/watch?v=QmJuh5k4DTk&list=PLqEq1PI7wfwxdi2E9lmtx3Cl7GT-UUf9D …
Yes - love the feature so much made the CMCF based on some advice from @Iglocska. MISP = Super helpful group of folks.
Would be great if other industry players make their IOCs as easily accessible as @ESETresearch #misp and #yara at
https://github.com/eset/malware-ioc/tree/master/turla …
A new version of the #MISP core format is out. It's used to exchange cybersecurity threat information (#CTI) as JSON objects between Open Source Threat Intelligence Sharing Platform instances (aka Malware Information Sharing Platform) and complements other CTI formats like #STIX.
https://twitter.com/MISPProject/status/1265624489360003072 …
We published an updated version of the MISP core format
https://www.misp-standard.org/
https://www.misp-standard.org/rfc/misp-standard-core.html … and SightingDB query format by @tricaud from @devo_Inc #threatintel #Interoperability #openstandardpic.twitter.com/9daMliEiLD
Any #DFIR friends intergrated @sleuthkit central repository and @MISPProject before? I could really do with your knowledge if you have!
Virtual coffee's provided!
The nifty feature of @MISPProject to extend event has now its own taxonomy to support the reason behind the extended events.
https://www.misp-project.org/taxonomies.html#_extended_event … Let us know what you think about it and don't hesitate to contribute. #threatintel
Thanks to @Ko97551819 for the contribution.pic.twitter.com/HSUco4l1g0
IOC available in the PDF (p23
https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf …)
Or directly on Github
https://github.com/eset/malware-ioc/tree/master/turla#turla-comrat-v4-indicators-of-compromise …
Bonus from @eset : @MISPProject event available as well <3
https://twitter.com/campuscodi/status/1265213838309416965 …pic.twitter.com/VDNaz6gqU6
- MISP web site
- https://www.misp-project.org/
- BlueBird
- https://twitter.com/MISPProject
MISP - Threat Sharing. An Open Source software and standards to share, create and validate threatintel and intelligence.
#Infosec #Security #OpenSource
Joined Jan 2019
