Changelog

Synapse-Group-IB Changelog

v1.1.0 - 2025-06-25

Features and Enhancements

  • Added econ:pay:card.seen for compromised cards.

Bugfixes

  • Fixed an issue where an invalid domain on a compromised account could cause the ingest to fail.

v1.0.0 - 2025-05-16

Automatic Migrations

  • Deleted :nist:nvd:modified and migrated :nist:nvd:published to :timeline:published on risk:vuln nodes created by Synapse-Group-IB.

Features and Enhancements

  • Updated groupib.ti.compromised.accounts.search, groupib.ti.compromised.accounts.updated, groupib.ti.compromised.cards.search, groupib.ti.compromised.cards.updated, groupib.ti.iocs.search, groupib.ti.iocs.updated, groupib.ti.malware.configs.search, groupib.ti.malware.configs.updated, groupib.ti.threat.actors.search, groupib.ti.threat.actors.updated, groupib.ti.threat.reports.byid, groupib.ti.threat.reports.search, groupib.ti.threat.reports.updated, groupib.ti.vulns.search, and groupib.ti.vulns.updated to populate the it:exec:query:synuser property.

  • Updated risk:vuln ingest logic to no longer set :nist:nvd:modified or :nist:nvd:published, and instead set :timeline:published. Please use NIST NVD as the authoritative source for setting these properties on it:sec:cve.

v0.6.2 - 2025-01-17

NOTE: This release is a BETA preview and may be subject to change!

Bugfixes

  • Fixed an issue where invalid properties for event owner contacts would throw an error.

v0.6.1 - 2025-01-06

NOTE: This release is a BETA preview and may be subject to change!

Bugfixes

  • Fixed typos in command help messages.

v0.6.0 - 2024-06-28

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Replace deprecated risk:hasvuln usage with risk:vulnerable.

This release contains an automatic data migration that will run when the package is first upgraded. The migration creates risk:vulnerable nodes from the deprecated risk:hasvuln nodes.

Bugfixes

  • Fix an issue with API responses where the count of returned items used to be an integer but is now a dictionary.

v0.5.0 - 2024-06-05

NOTE: This release is considered Beta and may be subject to change.

Bugfixes

  • Safely skip invalid CPE strings.

v0.4.1 - 2024-05-20

NOTE: This release is considered Beta and may be subject to change.

Bugfixes

  • Fix an issue where large C2 configs would generate an error.

  • Fix an issue where newer API versions were generating invalid risk:threat nodes.

  • Fix an issue where groupib.ti.threat.actors.search was using risk:threat:name to enrich nodes instead of risk:threat:org:name

v0.4.0 - 2024-04-22

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Add commands for retrieving compromised account and bank card data.

Bugfixes

  • Fix an issue where enriching media:news nodes created during threat actor ingest would create new media:news nodes rather than updating the existing node.

v0.3.1 - 2024-02-20

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

v0.3.0 - 2023-11-22

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Add groupib.ti.threat.reports.byid command to retrieve a single report by ID.

  • Add a rep.groupib.ioc tag to nodes when ingesting indicators.

  • Convert threat report HTML to text before scraping to avoid incorrectly matching hashes contained in links.

  • Add groupib.ti.iocs.updated, groupib.ti.malware.configs.updated, groupib.ti.threat.actors.updated, groupib.ti.threat.reports.updated, and groupib.ti.vulns.updated commands which use the /updated versions of the endpoints with seqUpdate logic for iteration. These commands also have a --since-last option which can be used to pull new results since the last run of the command with a particular query.

v0.2.0 - 2023-07-05

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Parse additional C2 configuration values.

  • Adjust command names to be under the groupib.ti namespace.

  • Update required permission to power-ups.groupib.ti.user.

  • Add groupib.ti.iocs.search command.

  • Add groupib.ti.vulns.search command.

  • Add groupib.ti.threat.reports.search command.

Bugfixes

  • Fix an issue where the risk:tool:software:tag property was not set.

v0.1.0 - 2023-05-23

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Initial beta release of the Synapse-Group-IB Power-Up