AIL Project v6.1 released with new features including unsafe filter for Tor crawling, many bugs fixed and Telegram attachment analysis

We are excited to announce the release of AIL Project v6.1, bringing significant improvements, new features, and important bug fixes. This update enhances the crawler's control mechanisms, improves file and chat processing capabilities, and refines various UI elements to provide a more efficient user experience.

AIL introduced a pre-filtering mechanism to limit the risk of potential crawling of unsafe content. This feature is now enabled by default, allowing administrators to decide whether to enable or disable it according to their specific needs.

🍰 Highlights

• Enhanced Crawler Control: Added an option to control whether the crawler should proceed with crawling unclassified onion domains.
• New Unsafe Onion Filter: Introduced an additional filtering option to improve onion domain classification.
• Improved File and Chat Handling: File name searches are now case-insensitive, and chat files now support correlation processing.
• Retro Hunt Enhancements: Now displays the last seen date of matched objects.
• Performance and Stability Improvements: Optimized regex and YARA timeouts, removed SIGALRM usage to prevent Flask server termination, and various UI fixes.

New Features & Enhancements

Crawler Updates

• Added an option to control crawling of unclassified onion domains.
• Updated blocklist for better filtering.

File and Chat Processing

• Added a file name dashboard for improved file search and management.
• Improved case-insensitive file name searches.
• Chat explorer now displays file tags.
• Enhanced chat text processing with correlations.

Mail and Message Processing

• Removed DNS checks for UI extraction in the Mail Extractor module.
• Mail exporter now adds object URLs only if the email is an AIL user.
• Display file names and message content in search results.

Tracker and Rule Management

• Added a button to hide/show long rules in trackers.
• Collapse long rules for improved readability.

Retro Hunt Improvements

• Now displays last seen dates for matched objects.
• Fixed issues with retro hunt item restarts.

Performance & UI Improvements

• Signal timeout for global extraction and reduced regex/YARA timeout.
• Sidebar fixes and UI enhancements in organization views.

🛠️ Bug Fixes

• Fixed retro hunt item restarts.
• Corrected a typo in MailExporter.
• Resolved a scheduler role issue in documentation.
• Fixed template errors in user creation when providing an invalid password.
• Addressed a sidebar display issue in organization views.
• Fixed a weird encoding issue in string item content retrieval.
• Prevented file links from appearing if files are not downloaded.
• Fixed crawler task user_org issue in the API.
• Removed SIGALRM usage to prevent Flask server termination.

This release significantly enhances the usability, performance, and stability of AIL Project. We encourage users to update to v6.1 for the latest improvements.

🔗 Download & Documentation: AIL Project GitHub

💡 Feedback & Contributions: As always, we welcome community feedback and contributions to make AIL even better!

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.