Release Date: March 12, 2026
Theme: Unified Search Architecture & Enhanced Investigation Workflows

🔍 The Improved Search Interface

We have completely redesigned the search experience to provide a more cohesive and powerful discovery tool.

• Unified Search Interface: No more jumping between fragmented search modules. All core search capabilities are now centralized into a single, user-friendly interface.
• Intelligent Sorting: You can now toggle results between Best Match (relevancy) and Most Recent (chronology) to better suit your analysis needs.
• Date Range Filtering: Quickly narrow down results with the new integrated date range picker.
• Advanced Search: While most queries are now unified, the Advanced Search remains available for specialized data types requiring granular control.

⚠️ IMPORTANT: Action Required for Meilisearch

Warning: To support the new unified search schema, Meilisearch indexes created with AIL versions before v6.7 will be automatically removed during the update.

Action: Users must rebuild their indexes after the update to re-populate them using the new architecture.

🛠️ Investigations & Tracking Improvements

• Status Tracking: Added viewed, done, and rejected (false positive) statuses for objects in both Retro Hunt and Tracker modules.
• Streamlined Workflows: * Create a Retro Hunt directly from a Tracker (available for YARA types).
  • Download investigation objects directly (with improved .gz extension handling).
• Refactored Dashboard: The object dashboard has been redesigned and now includes a dedicated Investigations section.
• Correlation Graph: Added “Show Direct Correlations (Level 0)” buttons; the engine now prioritizes loading direct correlations first for better visibility.

📡 Feeders & Crawlers

• Onion Lookup Security: Enhanced privacy by hiding titles from unsafe domains and stripping non-onion strings from results.
• Crawler Stability: Implemented a domhash extraction timeout to prevent performance issues on malformed HTML.
• Chat Feeders: Added the ability to remove chat objects and introduced more flexible iteration options for chat sources.

🐞 Key Bug Fixes

• Chat Correlation: Fixed an issue where Channel IDs interfered with Message IDs, resolving broken UI links.
• PDF Handling: Resolved translation bounding box overlaps and fixed a bug where the “View PDF” button wouldn’t appear when multiple PDFs shared a filename.
• System Stability: Fixed a Flask 500 error in the logger for unauthenticated users and corrected various extractor UUID issues.

For technical support or detailed migration steps regarding the Meilisearch rebuild, please refer to the official AIL documentation.

Join the AIL Team at Hackathon.lu!

Want to help shape the future of the project? The AIL core team will be at Hackathon.lu on April 14th & 15th, 2026 in Luxembourg.

Come hack with us, share your feedback on v6.7, and collaborate on the next generation of analysis tools. Whether you are a contributor or a power user, we’d love to see you there!

Funding 🇪🇺

AIL is developed and maintained with the support of the European Union as part of the HOPLITE European Project.
HOPLITE aims to strengthen the capacity of law enforcement authorities to gather, analyse, and share open-source and closed-source intelligence, integrating AI-driven analysis to enhance real-time threat detection and response workflows. The project builds on previous EU-funded initiatives and enhances key components such as AIL and MISP to deliver scalable, responsible, and actionable threat intelligence capabilities for cybersecurity and public safety across EU Member States.

• For more information about the project: https://hoplite-project.eu

Law enforcement agencies willing to discover and leverage the MISP/AIL-LEA platforms can apply on the misp-lea.org website.

Follow us

• Mastodon @[email protected]
• LinkedIn https://www.linkedin.com/company/ail-project

This version significantly expands AIL’s document-processing and data-collection capabilities by introducing a hardened PDF ingestion pipeline where all PDFs are converted to PDF/A and stripped of embedded metadata before ingestion to remove malicious content.

It also allows users to browse content locally with Lacus and send captured pages directly to AIL as crawler data, along with associated browser cookies and local storage imported as a cookiejar for reuse by the crawler, while continuing to improve reliability, scalability, and analyst workflows.

New PDF Parsing Capabilities

The example below is an automatic conversion of PDF document processed in AIL from a chat channel where the translation is done automatically and displayed as an overlay on the original text.

The PDF metadata are also now considered as new pivot data points (e.g. author name) in AIL to allow correlation among those selectors.

Highlights

Process PDF

PDF content is extracted and processed as markdown.

• Full PDF file support: processing, correlation, and content extraction to Markdown
• New PDF translation pipeline with:
  • Optional translation toggle
  • Improved translation quality and layout
  • Progress tracking
  • Automatic saving of translated PDFs
• Extended PDF metadata handling:
  • Author extraction and correlation
• Default PDF size limit set to 100 MB, with configurable limits

Crawler & Capture Improvements

• Improved crawler request handling with user-specific cookiejar local storage
• New capability to manually import crawler captures (a documentation will follow in the next days)
• Fixed crawler importer endpoints, validation, and API responses
• Improved domain dashboard caching and capture status handling
• Updated Tor Browser user agent

Tracker & Queues

• Improved performance of regex-based trackers
• New dedicated queue for tracker modules
• Improved handling of decoded tracker terms and non-string content
• Better file-name processing for trackers and modules
• Corrected correlation between file names and PDFs

Metadata, Correlation & Objects

• New optional custom metadata on AIL objects
• Improved file-name and PDF correlation logic
• Domains are now automatically tagged when screenshots or images are unsafe

Images & Screenshots Engine

• Improved LLM prompts
• Better domain description generation
• Fixed multiple issues where LLM responses did not fully respect requested formats

Chat & Monitoring

• Improved visibility of reply and forwarded_from metadata in message viewers
• Fixed missing forwarded metadata in chat views
• Enhanced chat monitoring requests:
  • Track new requests
  • Mark as done or rejected

Users & Administration

• New admin user view
• Ability to enable or disable user accounts
• Improved user settings management

Others

• Added Meilisearch installation instructions to HOWTO
• Added extensive crawler API tests covering authentication, validation, and error handling
• Optimized GitHub Actions workflows

🔧 Fixes & Maintenance

This release includes a large number of bug fixes across:

• Tracker navigation and object removal
• Cookiejar imports and ACL handling
• Feeder dashboards and API cleanup
• Language detection edge cases
• Domain explorer pagination (I2P)
• Multiple UI consistency issues

Dependency updates include:

• Addition of faup-rs and pymupdf
• Development dependency bumps (e.g. Vite)

Thanks to Our Contributors

A big thank you to everyone who contributed to AIL v6.6 through code, reviews, testing, and feedback.

Special thanks to: @cavedave, and @alexandercronin

Funding 🇪🇺

AIL is developed and maintained with the support of the European Union as part of the HOPLITE European Project.
HOPLITE aims to strengthen the capacity of law enforcement authorities to gather, analyse, and share open-source and closed-source intelligence, integrating AI-driven analysis to enhance real-time threat detection and response workflows. The project builds on previous EU-funded initiatives and enhances key components such as AIL and MISP to deliver scalable, responsible, and actionable threat intelligence capabilities for cybersecurity and public safety across EU Member States.

• For more information about the project: https://hoplite-project.eu

Law enforcement agencies willing to discover and leverage the MISP/AIL-LEA platforms can apply on the misp-lea.org website.

Follow us

• Mastodon @[email protected]
• LinkedIn https://www.linkedin.com/company/ail-project

AIL v6.5 introduces several major improvements to strengthen dark web monitoring and analysis workflows:

• I2P Crawling Support
  The crawler now supports I2P, extending coverage beyond Tor and traditional web sources.

• Enhanced Search with Description Indexing
  Search capabilities have been improved with description indexing, making it easier to discover and correlate relevant content across large datasets.

• Improved Image Analysis Workflows
  Image analysis has been optimized to provide more efficient processing, categorization, and contextual enrichment of visual material.

🚀 New Features

• Crawler
  • Added full I2P crawler support, including auto-discovery.
• Search Engine
  • Now supports searching descriptions of images, screenshots, and domains.
  • Added new description indexes for domains, images, and screenshots.
• Image Engine
  • Introduced a function to automatically describe all images for better indexing and search.
• System
  • Added support for kvrocks installed via deb package.
  • Flask will now skip SSL context if certificates or keys are missing, improving deployment flexibility.

Changes & Improvements

• Correlation Engine
  • Added functions to search for IDs in one-depth correlations, with support for returning intermediate objects.
• I2P Crawler
  • Improved domain filtering (e.g., unreachable, unknown, invalid destinations).
  • Enhanced crawler stats reporting.
• psl_faup
  • Added support for additional TLDs (like .b32.i2p).
  • Performance improvements for parsing.
• Settings
  • Dashboard now shows number of active organizations, logged users, and active users.
• Search Engine
  • Enhanced image description handling and UI display.
• Build System
  • Moved YARA installation from update_thirdparty.sh to installing_deps.sh for consistency.

🛠 Fixes

• Crawler / I2P
  • Fixed localhost redirection issues.
  • Corrected filtering of errored and invalid I2P pages.
  • Fixed crawler stats accuracy.
• Onion Module
  • Fixed domain recrawling and general module issues.
• Search Engine
  • Fixed indexing naming issues.
  • Corrected blueprint redirects and pagination.
  • Fixed broken links in image/object descriptions.
• UI & Dashboard
  • Fixed domain type selector in search by date range.
  • Improved crawler dashboard layout and fixed HTML tag issues.
• Tests & Docs
  • Fixed API/UI tests.
  • Corrected documentation for pystemon config directory.

Contributors

• Raphaël Vinot
• Thirion Aurélien

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Follow us

• Mastodon @[email protected]
• LinkedIn https://www.linkedin.com/company/ail-project

🚀 New Features & Changes

• Core Update
  • Introduced v6.4 update. [terrtia]
• Crawler
  • Added function to recrawl onion services by month or crawl all at once. [terrtia]
  • The crawler is now named Lacus. [Alexandre Dulaunoy]
• CVE Integration
  • Migrated CVE information UI to Vulnerability Lookup. [terrtia]

• Module Extractor
  • Improved email extraction. [terrtia]
• Mail Search
  • Increased cache for better performance. [terrtia]
  • Refactored mail search with improved options:
    • Domain + user fragment
    • User + optional domain fragment
    • Exact address
    • Domain fragment only
  • Improved overall search performance, added caching and pagination for domain search. [terrtia]

• ZMQ Importer
  • Display triggered filters. [terrtia]
  • Added filter content. [terrtia]
  • New option to filter by file start/end. [terrtia]
• Abstract Object
  • Improved ID iterator performance. [terrtia]
• Language
  • Added function to ping LibreTranslate. [terrtia]

🛠 Fixes

• TheHive
  • Adapted to unexpected breaking change. [terrtia]
• Crawler Recrawl
  • Fixed last parent issue. [terrtia]
• CVE
  • Fixed typo. [terrtia]
  • Corrected CVE Vulnerability Lookup UI URL. [terrtia]
• Module Extractor
  • Limited email extraction to prevent excessive data collection. [terrtia]
• ZMQ Importer
  • Fixed content filters. [terrtia]
• Language
  • Improved exception handling for unknown ISO1 language codes. [terrtia]
• Onion Lookup
  • Fixed parsing of invalid URLs (multiple improvements). [terrtia]

✨ Contributors

• terrtia
• Alexandre Dulaunoy

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Follow us

• Mastodon @[email protected]
• LinkedIn https://www.linkedin.com/company/ail-project

Key Feature: Passive SSH Integration for Onion Correlation

AIL now integrates with Passive SSH, allowing:

• SSH key correlation across IPs, domains, and onion services.
• A new SSH key object with sidebar display and linking.
• Passive SSH search and lookup within AIL.
• New IP object to correlate IPs and SSH keys.

This enables deanonymization of onion services through infrastructure fingerprinting based on shared SSH keys.

Notable Changes

Onion Module

• Reduced redundant duplicate checks.
• Only print task UUID when a new task is created.
• Fixed exceptions for invalid URLs and None domains.

QR Code Extraction

• Added support for color-inverted QR codes.

IP & Domain Handling

• New IP object with SSH key correlation.
• Print deanonymized hostnames.
• Replaced and removed FAUP with psl_faup.
• Improved domain parsing (including missing schemes).

Image Engine

• Added domain description functionality.
• Improved progress logging and display.

Language Handling

• Avoid sending unsupported languages to LibreTranslate.
• Added support for be (Belarusian).
• Improved language selection and translation handling in UI.

Tracker & Stats

• Added heatmap: matches by year.
• Option to avoid duplicate notifications.
• New function to get AIL-wide stats.

ZMQImporter

• Content filtering by feeder_name and pattern.
• Improved debug messages and output.

API

• Added endpoint: get onions grouped by month.

Fixes

• Removed all uses of FAUP and migrated to python psl_faup.
• Fixed:
  • Domain extraction and parsing bugs.
  • IP-to-SSH key correlation.
  • Sidebar rendering for IPs and SSH keys.
  • Retro hunt filters and metadata cleanup.
  • CE Detector retagging behavior.
  • Various UI issues (icons, sparkline removal, template bugs).
  • Updater version tagging and leftover debug output.

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Follow us

• Mastodon @[email protected]
• LinkedIn https://www.linkedin.com/company/ail-project

Among the highlights are a fully revamped search engine powered by MeiliSearch, improved language detection for short text, local AI-driven image descriptions, and a yara-hunting editor tool.

What’s New in AIL 6.2

• Integrated YARA Editor: AIL now includes a built-in CodeMirror editor with full YARA rule support. Analysts can write, edit, and manage YARA rules directly within AIL, complete with syntax highlighting for an improved editing experience. (Thanks to Sami Mokaddem for this contribution!)
• AI-Powered Screenshot Descriptions with Ollama: The images engine now leverages Ollama to generate descriptions for screenshots and images. This AI-powered capability helps you quickly understand the content of images without needing to view them directly, adding another layer of insight. Descriptions are also saved in the database.
• Expanded Search Horizons:
  • Chat Message Search: You can now search the content of chat messages using MeiliSearch, making it easier to find specific conversations or keywords.
  • Tor Content Search: The new search engine also supports full-text search of crawled Tor pages, helping you quickly locate relevant information across hidden services.
• Enhanced Data Ingestion & Processing:
  • Matrix Feeder: AIL now supports ingesting data from Matrix export via a new chat feeder.
  • Google Tracking Module: A new module and object have been added for tracking Google analytics ID.
• Streamlined User Management & Configuration:
  • Welcome Emails for New Users: New users can now automatically receive a welcome email upon account creation.
  • New User Configuration Engine: Users can now create and save MISP accounts and API keys directly within AIL, enabling seamless data export to MISP instances or generation of MISP JSON files.
• Richer Correlation Capabilities: Discover new connections with added correlations for chat-to-CVE, chat-to-cryptocurrencies, and domain-to-chat/message.
• New Mail Object: A new mail object has been introduced, improving search and correlations with chats, domains, and crawled data.
• Module Statistics: The settings module now includes statistics for your AIL modules.
• Language Statistics in Chat Viewer: Gain insights into language distribution within chats directly in the chat viewer.

Key Enhancements in This Release

Alongside the new features, AIL 6.2 brings a wave of improvements to existing functionalities:

• Performance Boosts:
  • Significant performance improvements for mail and Gtracker searches.
  • Language detection is now more performant.
• Improved Search and Dashboards:
  • The general search dashboard has been revamped for better usability and now includes a helpful search assistant.
• Advanced Language Processing:
  • Language detection accuracy has been increased by removing special characters before analysis and improving the old Lexilang detector. new language detector for short text
  • The language engine has been refactored, allowing retrieval of chat messages and user messages filtered by language.
• Deeper Data Analysis & Correlation:
  • The reprocess functionality now includes a TrackingId module.
  • Enhanced correlation cards for file names, mail, and Gtracker entries.
• User Experience & System Management Refinements:
  • The module queue now displays the number of FeederModuleImporters.
  • The “Create New Tracker” button has been conveniently moved to the top of the trackers page.
  • HOTP users can now easily print their next 50 tokens via a new button in user settings.
  • The number of messages per participant is now shown in the chat participants view.
• Mail & Chat Improvements:
  • Punycode encoding issues in mail have been addressed.
  • Message cards now display subchannels and protocol information for better contextual understanding.
• Image Engine Refinements:
  • Beyond the new Ollama integration, image descriptions are stored along with the model used to generate them.
• Domain Analysis:
  • A new button has been added in domain search to directly crawl unknown onion sites.

Important Fixes

As with every release, AIL 6.2 includes a multitude of bug fixes to improve stability and reliability. Some notable areas include:

• Improved translations for several languages (BG, EL, HI, JA, ZH, RU) and user chat message translation.
• The installation process has been made smoother, with fixes for dependencies and submodule initialization.
• MISP export errors and empty relation issues have been resolved.
• Fixes for mail search and mail content display.
• Several fixes related to language detection, manual language selection, and LibreTranslate ISO codes.
• Crawler dashboard and domain onion cache fixes.
• And many more under-the-hood tweaks for a better overall experience!

Documentation

• We’ve added documentation for the tracker functionality to help you get the most out of it.

A Big Thank You!

This release wouldn’t have been possible without our dedicated community and contributors. Special thanks to Sami Mokaddem, Thirion Aurélien, Aaron Kaplan, NMD03 for their extensive work and valuable contributions to this version.

We encourage you to update to AIL 6.2 to take advantage of these new features and improvements.

🔗 Download & Documentation: AIL Project GitHub

💡 Feedback & Contributions: As always, we welcome community feedback and contributions to make AIL even better!

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Follow us

• Mastodon @[email protected]
• LinkedIn https://www.linkedin.com/company/ail-project

At the FIRST CTI Conference 2025 in Berlin, we presented our recent work on practical pivoting strategies in threat intelligence, based on threat intelligence experiments with the AIL and MISP platforms.

The talk explores how less conventional indicators—such as cookie names, QR codes, HTTP headers (HHHash), DOM structure, and even reused Google Analytics IDs—can uncover surprising links between threat actor infrastructure and behavior.

We also shared observations from real-world crawling and analysis using AIL, including:

• How “weak” indicators can become valuable through composite correlation
• Unexpected reuse of metadata in Tor services and social networks
• Ways how AIL can support more creative pivoting workflows

Thanks to everyone who attended and shared feedback!

• Slides PDF Slide - The Art of Pivoting - How You Can Discover More from Adversaries with Existing Information

Funding

This work is co-funded by CIRCL and co-funded by the ECCC under the FETTA (Federated European Team for Threat Analysis) project aims to address this issue by creating a federated team that spans across borders, providing Cyber Threat Intelligence (CTI) products and tooling.

AIL introduced a pre-filtering mechanism to limit the risk of potential crawling of unsafe content. This feature is now enabled by default, allowing administrators to decide whether to enable or disable it according to their specific needs.

🍰 Highlights

• Enhanced Crawler Control: Added an option to control whether the crawler should proceed with crawling unclassified onion domains.
• New Unsafe Onion Filter: Introduced an additional filtering option to improve onion domain classification.
• Improved File and Chat Handling: File name searches are now case-insensitive, and chat files now support correlation processing.
• Retro Hunt Enhancements: Now displays the last seen date of matched objects.
• Performance and Stability Improvements: Optimized regex and YARA timeouts, removed SIGALRM usage to prevent Flask server termination, and various UI fixes.

New Features & Enhancements

Crawler Updates

• Added an option to control crawling of unclassified onion domains.
• Updated blocklist for better filtering.

File and Chat Processing

• Added a file name dashboard for improved file search and management.
• Improved case-insensitive file name searches.
• Chat explorer now displays file tags.
• Enhanced chat text processing with correlations.

Mail and Message Processing

• Removed DNS checks for UI extraction in the Mail Extractor module.
• Mail exporter now adds object URLs only if the email is an AIL user.
• Display file names and message content in search results.

Tracker and Rule Management

• Added a button to hide/show long rules in trackers.
• Collapse long rules for improved readability.

Retro Hunt Improvements

• Now displays last seen dates for matched objects.
• Fixed issues with retro hunt item restarts.

Performance & UI Improvements

• Signal timeout for global extraction and reduced regex/YARA timeout.
• Sidebar fixes and UI enhancements in organization views.

🛠️ Bug Fixes

• Fixed retro hunt item restarts.
• Corrected a typo in MailExporter.
• Resolved a scheduler role issue in documentation.
• Fixed template errors in user creation when providing an invalid password.
• Addressed a sidebar display issue in organization views.
• Fixed a weird encoding issue in string item content retrieval.
• Prevented file links from appearing if files are not downloaded.
• Fixed crawler task user_org issue in the API.
• Removed SIGALRM usage to prevent Flask server termination.

This release significantly enhances the usability, performance, and stability of AIL Project. We encourage users to update to v6.1 for the latest improvements.

🔗 Download & Documentation: AIL Project GitHub

💡 Feedback & Contributions: As always, we welcome community feedback and contributions to make AIL even better!

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Release Date: 2025-01-23

This release includes several new features, improvements, and bug fixes. We recommend users to upgrade to the latest version.

New Features and Improvements

• User Management:
  • User login is now case-insensitive.
  • User updates now include v6.0.1 specific changes.
• Chat Explorer:
  • Added the ability to show messages and open them in their respective chat/subchannel/thread.
  • Chat tags are now displayed.
  • Basic chat card improved, includes a chat participants button and improved button styling.
• Chat Viewer:
  • Added messages heatmap by year for user-account viewer.
  • Added heatmap messages and year selector for chat viewer.
  • Added chat messages by current year heatmap feature.
• Message Description:
  • Chat name and username are now included in the message description.
• Retro Hunt:
  • OCR retro hunt added.
• Crawling:
  • Improved queued error log.
  • Improved title extraction, resolving issues with signal.alarm and sleep.
• Cryptocurrency:
  • Added ripple address subtype and correlation.
• Taxonomies and Galaxy:
  • MISP taxonomies and galaxy have been bumped to the latest versions.
• Image Handling:
  • Implemented blurring of unsafe images with violence and pornography-illicit-or-illegal tags with a warning message.
• Domain Search:
  • Domain name sanitization added to search by name and displays domain.
• Updater:
  • Now uses tag subversion (e.g., v6.0.1).
• Tracker:
  • Filter result by object type.
• Flask:
  • Update Flask_config.py.
  • Set proxy using ProxyFix.
• Other:
  • README updated with a new dashboard image.

Bug Fixes

• AIL Updater:
  • Removed updates between tags.
  • Fixed upper tags list and is_fork issues.
• Domain Display:
  • Unblurred default image if domain is down.
• Module Extractor:
  • Invalid object meta logging added and fixed.
  • Fixed onion extraction and prevents onion extraction from crawled items.
• Retro Hunt:
  • Fixed object to resume functionality.
  • Fixed item iterator issues.
  • Force pause state before deleting a retro hunt.
  • Fixed retro hunt resume.
• Crawler:
  • Increased timeout for queued captures.
  • Fixed issues related to signal timeouts during title extraction.
  • Debugged signal timeout issues.
  • Addressed issues with crawler queued capture loop and debugged related errors.
  • Avoid crawler loop if a capture end up in an invalid state.
  • Fixed reload_crawlers_stats queues stats.
• Chat Messages:
  • Fixed subchannel nb_max issue for chat messages by year.
  • Fixed get years date range for chat forum.
• Chat Explorer:
  • Fixed protocols name list order.
• Exifs Module:
  • Handled Mp4 UnidentifiedImageError.
• Investigation:
  • Addressed issue with adding objects with spaces in their IDs to an investigation.

Other Changes

• Merged several pull requests:
  • Merged branch ‘master’ of github.com:ail-project/ail-framework.
  • Merged pull request #253 from eltociear/patch-1 (chg: [flask] update Flask_config.py).
  • Merged pull request #250 from FafnerKeyZee/patch-1 (Update Tracker.py).
  • Merged pull request #251 from FafnerKeyZee/patch-2 (Update abstract_chat_object.py). *Fixed an issue where stat was only performed on subchannels for a forum.
  • Merged pull request #249 from vncloudsco/master (Update Install silent and Dockerfile update).
  • Improved tracker level validation preventing a crash when the level field is None.
  • Updated Dockerfile and install scripts.

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

New Features and Enhancements

1. Updated Dashboard for Enhanced Usability

• Tag Monitoring: Detection are now displayed by tags, enabling quicker categorization and prioritization.
• Tracker Descriptions: A new feature that displays tracker descriptions directly on the dashboard.
• Crawler Stats & Object Tooltips: Gain a comprehensive view of crawler statistics and in-depth information about objects through intuitive tooltips.
• Enhanced Object Metrics: Real-time updates and insights into the number of objects per day, supported by a new WebSocket-enabled interface.
• EChart Feeder Graph: A sleek, interactive graph for visualizing data, along with a cleanup of outdated graph libraries.

2. Backend Improvements

• Module Management Overhaul: Removal of legacy modules and module loaders, paving the way for a leaner and more efficient system.
• PubSubLogger Upgrade: The old redis_logger has been retired for a more modern and reliable implementation.
• Queue Enhancements: The queue system now records module start times and process IDs for better process tracking.

3. New Object Type: Barcode

• AIL v6.0 introduces support for barcodes, allowing analysts to extract and analyze barcode objects efficiently.

4. Visual and UI Upgrades

• Migration to FontAwesome v6.6.0, ensuring compatibility with the latest icon set and a more polished visual interface.
• A dedicated date view for daily analysis, improving workflow for time-sensitive investigations.

🛠️ Fixes and Optimizations

• Dashboard Fixes:
  • Resolved formatting issues with day display.
  • Corrected feeder names for better clarity.
• Retro Hunts: Enhanced functionality by removing outdated objects and fixing tag addition errors.
• Object Item Display: Fixed URL visibility for item objects.
• Barcode Message Card: Addressed issues with the display of barcode-related messages.
• Sidebar Fixes: Improved layout and display for organizational information.

Why Upgrade to AIL v6.0?

This release is a leap forward for dark web analysts and cybersecurity professionals. With a more intuitive dashboard, enhanced tracking capabilities, and support for new object types, AIL v6.0 empowers users to handle complex investigations with greater speed and accuracy.

Get Started with AIL v6.0 Today!

To upgrade, after the update, the launch script can be called doing the update automatically. Detailed instructions and documentation are available in our official repository.

Let’s shape the future of open-source dark web analysis together. Stay tuned for more updates, and as always, your feedback is invaluable to us!