FIRST Malware Information Sharing Platform (MISP) instance


The FIRST Information Sharing SIG, supported by CIRCL, operates a Malware Information Sharing Platform (MISP) instance. MISP is a community-driven software project that enables sharing, storing and correlation of Indicators of Compromise of targeted attacks. The instance is open and automatically enabled for all FIRST members.

Our instance allows FIRST members to efficiently share and store technical and non-technical information about malware samples, attackers and incidents. It also enables members who have not yet gained experience leveraging threat intelligence to connect with a wider community of organizations that have, increasing their own capabilities. It enables them to become more familiar with standard information sharing standards and technologies such as STIX.

The FIRST MISP instance is connected with a wider community of incident response organizations and networks, enabling FIRST members to exchange information beyond the boundaries of the FIRST community.


How does it work?

FIRST members have access to the FIRST MISP instance using their membership certificate at

FIRST members interested in participating in the governance process and operations of the MISP instance are invited to join the FIRST Information Sharing SIG.

More information

More information on the MISP platform is available from Materials from a recent MISP training by CIRCL are available here.

As an open source project, the MISP source can be found in its GitHub repository.

FIRST is grateful to the Computer Incident Response Center Luxembourg for operating the MISP service for the Information Sharing SIG and FIRST members.