“Decoding Political Violence with OSINT and Lessons from the Frontline”

Join deep dive: Wed, Dec 18, 16:00 CET
home Transform Hub data categories - Malware

ATT&CK - MISP

By MISP Project
Query MISP threat sharing instances and other MISP events, attributes, objects, tags, and galaxies.
ATT&CK - MISP integration in Maltego
Malware TTPs Incident Response Threat Hunting

MISP and MITRE ATT&CK Transforms for Maltego

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, and browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:

  • Querying a MISP instance for Events that include a given IOC
  • Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
  • Exploring further details from Galaxies and related Events
  • Categorizing available related information within the MITRE ATT&CK framework

The Maltego MISP integration also permits visualization of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.

Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page.

If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/

Typical Users of This Data

  • Threat Intel Teams
  • Security Analysts
  • SOCs and CERTs
  • Red Teams and Penetration Testers
  • Incident Response
  • Trust and Safety Teams

alt MISP and MITRE ATT&CK Transforms for Maltego

Contact


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

Terms and Conditions

Learn more about the Terms and Conditions of ATT&CK - MISP at: Terms and Conditions

About MISP Project

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or evencounter-terrorism information.

MISP is a community-driven project lead by the community of users.

For more info, visit https://www.misp-project.org/.

Pick the right product and get started.