Introducing PrecisionSec MISP Feeds

We’re happy to announce the release of our MISP feeds. The Malware Information Sharing Platform (MISP), developed by circl.lu, is a widely used open-source threat-sharing platform for storing, sharing and correlating Indicators of Compromise.

Based on conversations we were having with customers and the broader community, we identified a gap in quality curated feeds covering current active threats in MISP format. To address this we deployed our own MISP server that captures detailed intelligence on prevalent malware families, including Emotet and Trickbot, across dozens of families in total.

IOC Correlation

The platform lets analysts quickly correlate samples across campaigns. The screenshot below shows a set of tagged samples with significant correlating IOCs:

Quickly correlate Emotet IOCs and samples using PrecisionSec MISP feeds

Drilling into a single event surfaces correlations with other recent Emotet samples and campaigns:

Emotet malware sample correlation in MISP

Detailed behavioural information is included for each sample, covering payload delivery URLs, C2 IPs and malware hashes, enabling fast correlation across events:

Detailed Emotet malware sample analysis in MISP

What About the Default MISP Feeds?

Nothing is wrong with the default MISP feeds. There is high-quality intelligence in the feeds bundled with MISP. However, some users found the volume low and the family coverage limited. By publishing in native MISP format, our feeds take full advantage of MISP’s built-in threat-sharing and correlation features, delivering a stream of enriched indicators with detailed context focused on currently active threats.

Free Trial

PrecisionSec offers a free trial of all feeds. To get started, visit the MISP Feeds page or start a free trial.