AIL Project version 5.6 released with many improvements in the OCR and correlation functions and many updates.

May 10, 2024 • Team CIRCL

Release Notes for AIL Project - Version 5.6 (2024-05-10)

What’s New in v5.6


  • TRON Cryptocurrency Detection & Correlation: Added detection and correlation features for TRON cryptocurrency. Thanks to @pventuzelo (from Fuzzinglabs for this contribution.
  • Tag Search Enhancements: Improved the search functionality for OCRs and images by tags and fixed issues with OCR and filtering invalid images.
  • Correlation Graph Updates: Added a separator for date first seen and last seen in the correlation graph. Also, fixed the display of OCR object tags.


  • Language Detector Stability: Fixed an issue where an exception occurred if the LibreTranslate URL was not specified.
  • OCR Error Handling: Implemented catching of cv2 errors in OCR processes.
  • PGPDump Installer Update: Updated the installer to handle new pgpdump version requirements, including launching autoreconf.
  • OCR File Handling: Enhanced error handling with a catch for OSError on MP4 files.
  • OCR Language Support: Fixed issues with supported languages in OCR and updated the filter for OCR supported languages.
  • Language Detector Improvement: Updated the language detector to return an empty list when no language is detected, enhancing the robustness of language detection.
  • OCR Tracker Fixes: Fixed the type of object accepted by the OCR tracker for better accuracy and performance.


  • New Introduction Presentation: A new introductory presentation is now available. It includes overview diagrams and can be accessed here.


Development of the AIL framework is co-funded by the European Union CEF program and CIRCL.

The Action will establish a Joint Threat Analysis Network, an open collaboration group of European computer security incident response teams (CSIRTs) with the focus on collecting, sharing and analysis of technical, operational and strategic threat intelligence. The purpose of this collaboration is to combine unique advantages of different teams to obtain comprehensive situational awareness and actionable information to effectively defend constituencies in each Member State, from critical infrastructure operators targeted by state-sponsored actors to individual citizens affected by cybercrime. The main part of the Action addresses gaps in the Cyber Threat Intelligence (CTI) tooling that is currently used by the national level CSIRTs in Europe. By strengthening individual tools and interconnecting them, the beneficiaries will achieve a new level of common situational awareness and they will benefit from shared knowledge and tooling.