A new Malware Information Sharing Platform by CIRCL - How to share efficiently and legally Indicators of Compromise (IOC) within a country.
CIRCL is proud to announce the launch of its Malware Information Sharing Platform (MISP), which will allow organisations to share information about any malware they encounter and gain awareness about existing malware. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions.
“We have realized that one of the main challenges the computer security community is facing is the sharing of information, both inside and between organizations. We strongly believe that the platform we have just built is a trusted, innovative and efficient tool, which can help anticipate and detect attacks, as well as reduce false positives. “We have realized that one of the main challenges the computer security community is facing is the sharing of information, both inside and between organizations. As you will see in the diagram that can be found here, the malware Information Sharing Platform is accessible from different interfaces like a web interface for analysts or incident handlers, or via a ReST API”, explains Alexandre Dulaunoy from CIRCL.
A trusted platform with multiple goals
The goal of the CIRCL Malware Information Sharing Platform is:
- Facilitate the storage of technical and non-technical information about seen malware and attacks;
- Create automatically relations between malware and their attributes;
- Store data in a structured format (allowing automated use of the database to feed detection systems or forensic tools);
- Generate rules for Network Intrusion Detection System (NIDS) that can be imported on IDS systems (i.e. IP addresses, domain names, hashes of malicious files, pattern in memory);
- Share malware attributes with other parties and trust-groups;
- Improve malware reversing information exchange among organizations (i.e. avoiding duplicate works);
- Create a platform of trust - trusted information from trusted partners;
- Store locally all information from other instances (ensuring confidentiality on queries).
For faster and more efficient detection
The exchange of information results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. “It also permits to avoid reversing a similar malware, as we know very fast if others already worked on this same malware. Data interpretation is critical for operators and systems, so we wanted to provide a platform fed by numerous contributors with detailed information about identified malware”, comments Sascha Rommelfangen, from CIRCL.
The platform is released as free software. All the technical details can be found here: http://www.circl.lu/services/misp-malware-information-sharing-platform/.
If you want to get access to the CIRCL MISP, please contact us.