Changelog

Synapse-MalwareBazaar Changelog

v2.0.0 - 2025-05-30

Automatic Migrations

  • Removed the Synapse-MalwareBazaar custom tag prefix from $lib.globals, if set. This value is not able to be automatically migrated to a new config so users must add a config with the old tag prefix if one is desired (otherwise, it will default to rep.malwarebazaar). To check if the value is set, an admin may run $lib.print($lib.globals.get(malwarebazaar:tag:prefix)) before upgrading to this version. See the user guide for examples of creating a new configuration.

Features and Enhancements

  • Updated malwarebazaar.query to populate the it:exec:query:synuser property.

  • Updated configuration options to support MalwareBazaar requiring an API key. The following commands were added: - malwarebazaar.config.add - malwarebazaar.config.del - malwarebazaar.config.list - malwarebazaar.config.migrate - malwarebazaar.config.show - malwarebazaar.config.update

  • Updated admin and user documentation with information on new configuration commands.

  • Updated existing Synapse-MalwareBazaar commands to accept an optional --config <name> option for specifying which configuration to use per command.

  • Removed all --asof command options which have been deprecated since 2023-10-11.

  • Removed malwarebazaar.setup.tagprefix command in favor of new malwarebazaar.config.* commands.

v1.4.0 - 2024-05-20

Features and Enhancements

  • Add ability to malwarebazaar.query to query by yara rule name.

v1.3.0 - 2024-05-15

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

Bugfixes

  • Fix issue where documentation for malwarebazaar.query was cutoff in help output.

v1.2.0 - 2024-02-20

Features and Enhancements

  • Update modelling of archive files to use file:archive:entry nodes when using Synapse-Fileparser>=4.17.0. Otherwise file:subfile nodes will continue to be used.

  • Update deprecated $lib.dict() usage to JSON style syntax.

v1.1.0 - 2023-10-11

Features and Enhancements

  • Add warning about MalwareBazaar API limit (1000 results) when specifying --size greater than 1000.

  • Add malwarebazaar.certs to ingest the Code Signing Certificate Blocklist.

Deprecations

  • Caching has been removed from the malwarebazaar.enrich and malwarebazaar.query commands, so the --asof argument has been deprecated and will no longer have any effect.

This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove existing cached API response data from the jsonstor.

v1.0.0 - 2023-06-23

Features and Enhancements

  • Initial release of the Synapse-MalwareBazaar Power-Up