Scripts to process big chunks of data from MISP and do in depth correlations on samples.
Switch branches/tags
Nothing to show
Clone or download
Latest commit 401c063 Jul 2, 2016
Type Name Latest commit message Commit time
Failed to load latest commit information.
grouping Fix typo in last commit Jul 2, 2016
standalone Add standalone code to populate sqlite database Mar 17, 2016
.gitignore Initial commit Mar 13, 2016
LICENSE Update licence Mar 17, 2016 Update Mar 17, 2016 Initial commit Mar 13, 2016

The project was initiated by Marion Marschalek (G-data) and Raphaël Vinot (CIRCL) for a prensentation at Troopers called THE KINGS IN YOUR CASTLE - All the lame threats that own you but will never make you famous.

The idea is to use the data stored and classified in MISP in order to derivate trends and uncover correlations between events.


This repository contains scripts to process data from MISP and help analyse the outputs.


The scripts are sorted by usage, look at the readme files in the sub-directories.


  • Extract all the hashes from JSON dumps.


  • groupping: makes groups of hashes and dump correlations.
  • standalone: import all the indicators in a sqlite database