Changelog

Synapse-MalwareBazaar Changelog

v3.0.0 - 2025-12-03

Automatic Migrations

  • Migrated and removed all inet:web:post nodes created by Synapse-MalwareBazaar as identified by <(seen)- edges from the Synapse-MalwareBazaar meta:source node. These nodes were migrated to inet:service:message nodes.

  • Migrated and removed all inet:web:acct nodes linked to Synapse-MalwareBazaar inet:web:post nodes.

  • Migrated all invalid inet:url nodes created by Synapse-MalwareBazaar where the repr of the node would appear as the last part of the URL path instead of the SHA256 value.

  • Migrated storage version tracking to use Storm package inits.

Features and Enhancements

  • Updated Power-Up to make inet:service:message nodes instead of deprecated inet:web:post nodes.

Bugfixes

  • Fixed a bug where inet:url nodes could be created where the repr of a node would appear as the last part of the path instead of the SHA256 value.

v2.0.2 - 2025-08-14

Bugfixes

  • Removed ability for a user to call the privsep module directly to put bytes in the Axon.

v2.0.1 - 2025-08-06

Bugfixes

  • Fixed an issue where the API key was not properly used when making an HTTP POST request.

v2.0.0 - 2025-05-30

Automatic Migrations

  • Removed the Synapse-MalwareBazaar custom tag prefix from $lib.globals, if set. This value is not able to be automatically migrated to a new config so users must add a config with the old tag prefix if one is desired (otherwise, it will default to rep.malwarebazaar). To check if the value is set, an admin may run $lib.print($lib.globals.get(malwarebazaar:tag:prefix)) before upgrading to this version. See the user guide for examples of creating a new configuration.

Features and Enhancements

  • Updated malwarebazaar.query to populate the it:exec:query:synuser property.

  • Updated configuration options to support MalwareBazaar requiring an API key. The following commands were added: - malwarebazaar.config.add - malwarebazaar.config.del - malwarebazaar.config.list - malwarebazaar.config.migrate - malwarebazaar.config.show - malwarebazaar.config.update

  • Updated admin and user documentation with information on new configuration commands.

  • Updated existing Synapse-MalwareBazaar commands to accept an optional --config <name> option for specifying which configuration to use per command.

  • Removed all --asof command options which have been deprecated since 2023-10-11.

  • Removed malwarebazaar.setup.tagprefix command in favor of new malwarebazaar.config.* commands.

v1.4.0 - 2024-05-20

Features and Enhancements

  • Add ability to malwarebazaar.query to query by yara rule name.

v1.3.0 - 2024-05-15

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

Bugfixes

  • Fix issue where documentation for malwarebazaar.query was cutoff in help output.

v1.2.0 - 2024-02-20

Features and Enhancements

  • Update modelling of archive files to use file:archive:entry nodes when using Synapse-Fileparser>=4.17.0. Otherwise file:subfile nodes will continue to be used.

  • Update deprecated $lib.dict() usage to JSON style syntax.

v1.1.0 - 2023-10-11

Features and Enhancements

  • Add warning about MalwareBazaar API limit (1000 results) when specifying --size greater than 1000.

  • Add malwarebazaar.certs to ingest the Code Signing Certificate Blocklist.

Deprecations

  • Caching has been removed from the malwarebazaar.enrich and malwarebazaar.query commands, so the --asof argument has been deprecated and will no longer have any effect.

This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove existing cached API response data from the jsonstor.

v1.0.0 - 2023-06-23

Features and Enhancements

  • Initial release of the Synapse-MalwareBazaar Power-Up