Changelog
Synapse-MalwareBazaar Changelog
v2.0.0 - 2025-05-30
Automatic Migrations
Removed the Synapse-MalwareBazaar custom tag prefix from
$lib.globals
, if set. This value is not able to be automatically migrated to a new config so users must add a config with the old tag prefix if one is desired (otherwise, it will default torep.malwarebazaar
). To check if the value is set, an admin may run$lib.print($lib.globals.get(malwarebazaar:tag:prefix))
before upgrading to this version. See the user guide for examples of creating a new configuration.
Features and Enhancements
Updated
malwarebazaar.query
to populate theit:exec:query:synuser
property.Updated configuration options to support MalwareBazaar requiring an API key. The following commands were added: -
malwarebazaar.config.add
-malwarebazaar.config.del
-malwarebazaar.config.list
-malwarebazaar.config.migrate
-malwarebazaar.config.show
-malwarebazaar.config.update
Updated admin and user documentation with information on new configuration commands.
Updated existing Synapse-MalwareBazaar commands to accept an optional
--config <name>
option for specifying which configuration to use per command.Removed all
--asof
command options which have been deprecated since 2023-10-11.Removed
malwarebazaar.setup.tagprefix
command in favor of newmalwarebazaar.config.*
commands.
v1.4.0 - 2024-05-20
Features and Enhancements
Add ability to
malwarebazaar.query
to query by yara rule name.
v1.3.0 - 2024-05-15
Features and Enhancements
Update
$lib.bytes
usage with$lib.axon
APIs.
Bugfixes
Fix issue where documentation for
malwarebazaar.query
was cutoff in help output.
v1.2.0 - 2024-02-20
Features and Enhancements
Update modelling of archive files to use
file:archive:entry
nodes when using Synapse-Fileparser>=4.17.0. Otherwisefile:subfile
nodes will continue to be used.Update deprecated
$lib.dict()
usage to JSON style syntax.
v1.1.0 - 2023-10-11
Features and Enhancements
Add warning about MalwareBazaar API limit (1000 results) when specifying
--size
greater than 1000.Add
malwarebazaar.certs
to ingest the Code Signing Certificate Blocklist.
Deprecations
Caching has been removed from the
malwarebazaar.enrich
andmalwarebazaar.query
commands, so the--asof
argument has been deprecated and will no longer have any effect.
This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove existing cached API response data from the jsonstor.
v1.0.0 - 2023-06-23
Features and Enhancements
Initial release of the
Synapse-MalwareBazaar
Power-Up