MISP · adulau · Dec 22, 2025 · Dec 18, 2025 · Dec 18, 2025 · Dec 18, 2025
diff --git a/documentation/logos/reversinglabs.png b/documentation/logos/reversinglabs.png
diff --git a/documentation/mkdocs/expansion.md b/documentation/mkdocs/expansion.md
@@ -2149,6 +2149,35 @@ Module to enrich attributes with threat intelligence from Recorded Future.
 
 -----
 
+#### [ReversingLabs Enrichment](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/reversinglabs_spectra_analyze.py)
+
+<img src=../logos/reversinglabs.png height=60>
+
+Module to enrich file hashes, domains, IPs and URLs with ReversingLabs Spectra Analyze threat intelligence.
+[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/reversinglabs_spectra_analyze.py)]
+
+- **features**:
+>This module enriches MISP attributes with threat intelligence from ReversingLabs Spectra Analyze. It supports file hashes (MD5, SHA1, SHA256), domains, hostnames, IP addresses, and URLs. The module returns detailed file analysis including classification, threat indicators, and related network infrastructure as MISP objects.
+
+- **config**:
+> - api_url
+> - api_token
+> - verify_ssl
+
+- **input**:
+>A MISP attribute of one of the following types: md5, sha1, sha256, domain, hostname, ip, ip-src, ip-dst, url.
+
+- **output**:
+>MISP objects including file objects, domain-ip mappings, DNS records, URL objects, and IP-port objects with detailed threat intelligence.
+
+- **references**:
+>https://github.com/reversinglabs/reversinglabs-misp
+
+- **requirements**:
+>A ReversingLabs Spectra Analyze API token.
+
+-----
+
 #### [Reverse DNS](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/reversedns.py)
 
 Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.

diff --git a/documentation/mkdocs/index.md b/documentation/mkdocs/index.md
@@ -92,6 +92,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [r7_akb](https://misp.github.io/misp-modules/expansion/#r7_akb) - Enrich CVEs via AttackerKB and return structured MISP events. Handles rate limits, regex CVE detection, and markdown cleanup.
 * [Real-time Blackhost Lists Lookup](https://misp.github.io/misp-modules/expansion/#real-time-blackhost-lists-lookup) - Module to check an IPv4 address against known RBLs.
 * [Recorded Future Enrich](https://misp.github.io/misp-modules/expansion/#recorded-future-enrich) - Module to enrich attributes with threat intelligence from Recorded Future.
+* [ReversingLabs Enrichment](https://misp.github.io/misp-modules/expansion/#reversinglabs-enrichment) - Module to enrich file hashes, domains, IPs and URLs with ReversingLabs Spectra Analyze threat intelligence.
 * [Reverse DNS](https://misp.github.io/misp-modules/expansion/#reverse-dns) - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.
 * [SecurityTrails Lookup](https://misp.github.io/misp-modules/expansion/#securitytrails-lookup) - An expansion modules for SecurityTrails.
 * [Shodan Lookup](https://misp.github.io/misp-modules/expansion/#shodan-lookup) - Module to query on Shodan.