Based on conversations we were having, we determined that there is a lack of quality curated threat feeds in MISP format covering current active threats. In order to address this need we have deployed our own MISP server which captures detailed intelligence on prevalent malware such as Emotet, Trickbot, in addition to dozens of other malware families.
Using the platform allows analysts to quickly correlate samples between different campaigns. For example, in the following screenshot you can see a number of tagged samples with significant correlating IOC’s amongst them:
Drilling down into one of the events we can quickly correlate with several other recent Emotet malware samples and campaigns:
Detailed behavioural information is provided for each individual sample, adding valuable context around the threat including Payload delivery URL’s and IP’s, c2 IP’s, and malware hashes. This enables fast correlation with other events based on the behavioural info:
What’s wrong with the default MISP feeds?
Nothing! There is some high quality intelligence being shared in the default feeds bundled with MISP. However, some users found that the data being shared was low volume, and there are only a few feeds offered as MISP feeds. By publishing in the MISP format, our feed takes full advantage of the built-in threat sharing that MISP offers. This enables delivery a stream of enriched indicators with detailed context focused, on currently active threats.
Free Trial of our MISP Feeds
This has been a very quick preview of what we have available in our MISP instance. precisionsec offers a 7-day Free Trial of all of our feeds. To sign up for a free trial, please visit the MISP Feeds page or contact info@precisionsec.com.
