AIL Framework v5.8 Released – New Features such as QR code extraction, improvements and fixes

Oct 3, 2024 • Team CIRCL

We announce the release of AIL Framework v5.8, packed with new features, improvements, and bug fixes to facilitate the usage. This release focuses on expanding functionality and improving efficiency in key areas such as QR code extraction, domain lookups, image handling, and more.

We would like to thank LEAs and police officers for their feedback during the ENISA / Europol EC3 Workshop.

QR code value extraction from images seen in AIL framework Correlation of QR code values in the AIL framework

What’s New in v5.8?

Enhanced Features:

  • QR Code Search by Tags: You can now search for QR codes using tags, making it easier to identify and track items based on tag data.
  • Domain Lookup API: A domain lookup function has been added to the API, streamlining investigations with a direct lookup feature.
  • Image Lazy Loading in Chats Explorer: To optimize performance, image lazy loading has been implemented, ensuring quicker and smoother browsing through chat logs.
  • Favicon Search by Date Range: Favicons can now be searched by date range, coupled with lazy loading, for an efficient exploration process.
  • Improved QR Code Extraction: The QR code extractor has been upgraded to provide better extraction from images and screenshots, with added correlation features.
  • New Text Wrapping Option in Item Display: You can now replace the canvas with image blur for improved visuals and use a new button to wrap text for clearer readability.
  • Username Search: We’ve introduced the ability to search by username, making it easier to locate users in your dataset.
  • Tags Search Improvement: If no result is found when searching by tags, the last associated date is now shown for better context.

User Interface Enhancements:

  • Hunter Sidebar Icon Alignment: Icons in the hunter sidebar are now aligned for a cleaner and more intuitive interface.
  • Improved Domain Screenshot Display: The canvas display for domain screenshots has been replaced by an image blur effect for a smoother visual experience.
  • Organization Selector Search in User Creation/Edit: Searching for organizations is now faster and more user-friendly with the new org selector search feature.

Key Fixes:

  • QR Code Extractor Improvements: Multiple issues related to the QR code extractor have been resolved, including fixing exceptions, handling empty content, filtering invalid images, and debugging image formats like JPEGs.
  • Bitcoin Bech32 Address Validator: A bug affecting the Bech32 address validator has been addressed, improving accuracy when validating Bitcoin addresses.
  • Improved Mail Module: Minor typos in the mail module have been fixed for better clarity.
  • Crawler Dashboard: A fix has been applied to the domains up/down links, ensuring accurate daily domain tracking.
  • Investigation Object Table: Long object IDs in the investigation table have been fixed to prevent display issues.
  • UI Fixes: Several visual improvements were made, including resolving overlapping table/image displays and updating crawler bar chart colors for up/down states.

Conclusion:

With the release of AIL Framework v5.8, we continue to build on our commitment to delivering a powerful and intuitive tool for your intelligence investigations. From improved search functionality to enhanced image handling and bug fixes, this release is designed to optimize your day-to-day investigations.

As always, feel free to provide feedback or report any issues to help us make AIL even better.

Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Stay Connected:

Thank you for your continued support. We look forward to your feedback!