Scripts to process big chunks of data from MISP and do in depth correlations on samples.
Python Shell
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
standalone Add standalone code to populate sqlite database Mar 17, 2016
.gitignore Initial commit Mar 13, 2016
LICENSE Update licence Mar 17, 2016 Initial commit Mar 13, 2016

The project was initiated by Marion Marschalek (G-data) and Raphaël Vinot (CIRCL) for a prensentation at Troopers called THE KINGS IN YOUR CASTLE - All the lame threats that own you but will never make you famous.

The idea is to use the data stored and classified in MISP in order to derivate trends and uncover correlations between events.


This repository contains scripts to process data from MISP and help analyse the outputs.


The scripts are sorted by usage, look at the readme files in the sub-directories.


  • Extract all the hashes from JSON dumps.


  • groupping: makes groups of hashes and dump correlations.
  • standalone: import all the indicators in a sqlite database