Sign In Get a Demo

Close

Close

Close
4.5 rating

Get Started with Maltego

Please share your contact information for a personalized session.

By clicking on "Submit", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Privacy Policy.

Thank you!
We will contact you soon.

In the meantime, check out our product overview
to learn more about the Maltego platform.

Schedule a personalized 30-minute demo to
see how we can meet your investigation needs.

home Transform Hub data categories - Malware

ATT&CK - MISP

By MISP Project
Query MISP threat sharing instances and other MISP events, attributes, objects, tags, and galaxies.
ATT&CK - MISP integration in Maltego
Malware TTPs Incident Response Threat Hunting

MISP and MITRE ATT&CK Transforms for Maltego

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, and browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:

  • Querying a MISP instance for Events that include a given IOC
  • Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
  • Exploring further details from Galaxies and related Events
  • Categorizing available related information within the MITRE ATT&CK framework

The Maltego MISP integration also permits visualization of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.

Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page.

If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/

Typical Users of This Data

  • Threat Intel Teams
  • Security Analysts
  • SOCs and CERTs
  • Red Teams and Penetration Testers
  • Incident Response
  • Trust and Safety Teams

alt MISP and MITRE ATT&CK Transforms for Maltego

Resources

Articles
Exploring ATT&CK and MISP data with Maltego
Articles
Using Maltego to Identify C2 Malware and Phishing Threats Targeting Your Organization
Articles
Investigate TA505 Threat Actor Group Using Maltego
Articles
Investigator Toolkit November 2022: Cheat Sheets for Faster and Spot-on Workflows
Videos
How to Investigate Phishing Campaigns Using Maltego in 5 Minutes
Others
MISP Maltego User Guide - GitHub

Close

Contact


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

Terms and Conditions

Learn more about the Terms and Conditions of ATT&CK - MISP at: Terms and Conditions

About MISP Project

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or evencounter-terrorism information.

MISP is a community-driven project lead by the community of users.

For more info, visit https://www.misp-project.org/.

Pick the right product and get started.
Choose your solution
Products & Pricing
Get Maltego
Data Sources
Company
Resources
© 2018-2025 by Maltego Technologies. ISO 27001:2022 Certified