Wrixte Malware Information Sharing Platform

Collect, Store, Distribute & Share

Wrixte MISP is a powerful software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. Wrixte MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently

Features Of Wrixte MISP Framework

Efficient IOC Database
An efficient IoC and indicators database allows you to store technical and non-technical data or information of malware samples, cyber incidents, intelligence and attackers.
Automatic Correlation Finding
Automatic correlation finding helps in relating attributes and indicators from malware, attacks campaigns or analysis. Correlation engine includes correlation between attributes and upgraded or more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation will be additionally enabled or event disabled per attribute.
Adjustable Taxonomy
Adjustable taxonomy classify and tag events along with your own classification schemes or existing taxonomies. The taxonomy may be native to your MISP however additionally shareable among MISP instances. MISP comes with a default set of well-known taxonomies and classification schemes to support customary classification as employed by ENISA, Europol, DHS, CSIRTs or several different organizations.
Expansion Module in Python
Expansion modules in Python let expand MISP with your existing services or else already available MISP-modules can be activated.
Intelligence Vocabularies
Wrixte MISP Framework consist of intelligence vocabularies called MISP galaxy and packaged with existing malware, threat actors, RAT, ransomware or MITRE ATT&CK which can be easily linked with MISP events.
Sighting Support
Wrixte MISP Framework provides sighting support to get observations from organizations concerned about shared indicators and attributes. Contribution of Sighting is done via MISP user-interface, API as MISP document or STIX sighting documents. Starting with MISP 2.4.66, Sighting had extended its support to false-negative sighting or expiration sighting.
Integrated Encryption and Signing of the Notification
Integrated encryption and signing of the notifications in wrixte MISP framework is provided via PGP and/or S/MIME depending of the user preferences.

Automation Is The Key

Isn't it wistful to have a lot of data and not use it because it's too much work? Thanks to wrixte MISP you can now store your IOCs in a well structured manner, allowing you to enjoy the correlation, automated exports for IDS, or SIEM, in STIX or Open IOC and synchronize to other MISPs. With wrixte MISP framework, the value of your data can be leveraged without much effort and also in an automated manner.


The fundamental goal of wrixte MISP is to be used in best and simplest way possible. This is why the driving force behind this tool is simplicity. Storing the information and especially using that stored information about threats and malware should not be difficult rather it should be simplest way possible. Wrixte MISP helps you in getting the maximum out of your data without any unmanageable complexity.