Threat intelligence sharing with MISP and VMRay

Sharing is caring.

Nowhere is this more true than for defenders that need to be able to quickly and seamlessly share critical information about malware and the attackers behind them. In the jargon of our industry that means using TIPs (Threat Intelligence Platforms) to ingest, export and correlate IOCs (Indicators of Compromise) and the TTPs (Tactics, Techniques and Procedures) the bad guys use.
VMRay has had out-of-the-box integrations with commercial TIP vendors like ThreatConnect for quite some time. Recently our friends at the MISP project created a connector to enable automatic submission of a file from MISP into VMRay, then through our API ingest the results, in particular the IOCs uncovered as a result of the analysis.
If you’re a current user of Soltra Edge and looking for an alternative now that the project is discontinued, then the MISP project may be what you’re looking for.
Read an in-depth post on how to submit malware samples to VMRay via MISP.


References

https://www.vanimpe.eu/2016/11/21/submit-malware-samples-vmray-misp/
http://stixproject.github.io/documentation/concepts/ttp-vs-indicator/
http://www.misp-project.org/
http://www.bankinfosecurity.com/plug-pulled-on-soltra-edge-threat-info-sharing-platform-a-9547