MISP v-v2.3.39 released - Malware Information Sharing Platform.

MISP v-v2.3.39 released – Malware Information Sharing Platform.

NOTICE FROM US : FOR IT SECURITY PROFFESIONAL ONLY! AND EDUCATION PURPOSE ONLY! DON’T BE EVIL!!! 

v2.3 brings important improvements in features, performance and usability:
+ STIX export
+ Easier editing of large data sets, thanks to AJAX
+ Impressive performance improvements in load time (and memory usage)
+ Templating system: create templates for your organisation for easier data entry, and optionally share the templates with other organisations on your MISP instance
+ Free-text import tool: just paste a list of indicators and let MISP figure out what it is
+ Attribute merge tool: update the list of all attributes of the same type by pasting a new list of values
+ Diagnostic and configuration tool
+ Improved synchronisation
+ API improvements
+ New Filtering for events / users with bookmarks

The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement. Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc…

A huge challenge in the Cyber Security domain is the information sharing inside and between organizations. This Malware Information Sharing Platform has as goal to facilitate:
– central IOC database: storing technical and non-technical information about malwares and attacks, … Data from external instances is also imported into your local instance
– correlation: automatically creating relations between malwares, events and attributes
– storing data in a structured format (allowing automated use of the database for various purposes)
– export: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
– import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, …
– data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP
– STIX support: export data in the STIX format (XML and json)
– Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others already worked on this malware.

MISP - Malware Information Sharing Platform

MISP – Malware Information Sharing Platform

Some people might think about CIF (Collective Intelligence Framework) and CRITs (Collaborative Research Into Threats), however those tools are different. Each one has its strenghts and weaknesses, but in the end MISP will rule the world of course.

Download :
MISP-2.3.39.tar.gz
MISP-2.3.39.zip 
Source : https://github.com/MISP
+This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
+Developers:
+ Christophe Vandeplas <christophe@vandeplas.com> (creator)
+ Andras Iklody <andras.iklody@gmail.com> (main developer)
+ Andrzej Dereszowski <deresz@gmail.com>
+
+Contributions from: (incomplete list, contact us to add your name)
+ CERT-EU http://cert.europa.eu/
+ CIRCL http://circl.lu
+
+Copyright Christophe Vandeplas
+Copyright Belgian Defence
+Copyright NATO / NCIRC

NOTICE FROM US : FOR IT SECURITY PROFFESIONAL ONLY! AND EDUCATION PURPOSE ONLY! DON’T BE EVIL!!!