# Release History
## 3.3.7, 3.4.3
Release date: 01 Nov 2024
**Changed:**
* Group-IB Reports now provides better mapping on the estimated times of the Report.
## 3.3.6, 3.4.2
Release date: 06 September 2024
**Changed:**
* Improved feed download deduplication by integrating sequence numbers
with stash implementation, enhancing efficiency and reducing redundancy.
## 3.3.5, 3.4.1
Release date: 18 July 2024
**Changed:**
* Filtering and validating corrupted references
* Minor mapping fix
## 3.2.6, 3.3.4, 3.0.10
Release date: 18 July 2024
**Changed:**
* Malware feed mapping fix
* Minor mapping change to report feed
## 3.2.5, 3.3.3,3.0.9
Release date: 6 July 2024
**Changed:**
* Removed threat_actor checkbox from reports feed
*Added:*
* Malware feed have checkbox to include or exclude csv files
* Report/Malware feed minor mapping changes
## 3.2.3, 3.3.2
Release date: 25 Jun 2024
*Added:*
* Group-IB Threat Actors feed
* Group-IB Reports Feed
* Group-IB OSI Vulnerability feed
* Group-IB Malware feed
*Fixed:*
* pagination when downloading incoming feeds data
* data mapping across Group-IB incoming feeds
## 2.14.11, 3.1.7, 3.2.1, 3.3.1
Release date: 20 March 2023
**Fixed:**
* General improvements with how we download data for Socks Proxy and Accounts Data feeds
* Issue with unexpected change in Fixed Attacks Phishing Kit data
## 3.0.7, 3.1.6, 3.2.1
Release date: 5 December 2023
**Added:**
* Now supports Group-IB Compromised Mule feed
* Now supports Malware and Location entities
**Fixed:**
* Use API routes prescribed by Group-IB to prevent occurrences of HTTP 404, 403, 502 errors
* Group-IB Human Intelligence Threat and Group-IB APT Threat feeds are now more reliable.
* Fix a validation issue
* Group-IB Malware C2 and Group-IB Compromised Accounts now correctly updates existing entities on each run.
* Group-IB Malware C2 and Group-IB Compromised Accounts now handles deduplication of entities correctly.
* General improvements with how we deduplicate entities.
## 3.0.6
Release date: 24 October 2023
**Added:**
* Now provides Group-IB Attacks DDoS Feed
## 2.14.9, 3.0.5, 3.1.4
Release date: 10 October 2023
**Changed:**
Multiple incoming feeds updated.
* Removed the following feeds.
Group-IB has discontinued the endpoints
these feeds require:
* Group-IB Phishing Brand Abuse
* `/api/v2/bp/phishing`
* Group-IB Brand Abuse Phishing Kit
* `/api/v2/bp/phishing_kit`
* Updated endpoints for the following feeds to address issue where feed cannot
find new packages to download, and improve data mapping:
* Group-IB Attacks Phishing
* Old: `/api/v2/attacks/phishing`
* Now: `/api/v2/attacks/phishing_group`
* Group-IB Compromised Data Accounts
* Old: `/api/v2/compromised/account`
* Now: `/api/v2/compromised/account_group`
* Group-IB Compromised Data Cards Feed
* Old: `/api/v2/compromised/card`
* Now: `/api/v2/compromised/masked_card`
## 2.14.8, 3.0.4, 3.1.3
Release date: 25 September 2023
**Changed:**
- This release updates the Group-IB Human Intelligence Threat and Group-IB APT Threat incoming feeds.
- For both feeds:
- `md5`, `sha256`, `sha512` hashes from Group-IB
are now included in description field of produced entities.
- `sha224` now ingested as `hash-sha224` observables.
- Now ingests contents of `malwares` field and:
- Creates TTP entities from `malware`
- TTP entities created from contents of `targetedCompany` now contain a targeted victim characteristic.
- Creates indicator entities containing YARA rules from `yara`.
- Creates indicator entities containing SNORT rules from `ioc`.
- Creates exploit target entities from contents of `cveList` and CVEs found in `threat_actors`.
- Creates threat actor entities from the contents of `threat_actors`.
- Resulting report entities have been updated:
- More tags.
- No longer prefixed with `Report: `
- Related indicator entities now:
- Can include first observed timestamp.
- Now includes SSL cert hashes in entity description.
- Updated Group-IB Human Intelligence Threat incoming feed. Now:
- Retrieves connected threat actor data from `/api/v2/hi/threat_actor/`.
- Fetches additional reports and exploit targets from `/api/v2/hi/threat/` and `/api/v2/osi/vulnerability/`.
- Enriches resulting reports with data from `/api/v2/malware/malware`.
- Updated Group-IB APT Threat incoming feed. Now:
- Retrieves connector threat actor data from `/api/v2/apt/threat_actor/`.
- Fetches additional reports and exploit targets from `/api/v2/apt/threat/` and `/api/v2/osi/vulnerability/`.
- Enriches resulting reports with data from `/api/v2/malware/malware`.
## 2.14.7, 3.0.3, 3.1.2
Release date: 31 August 2023
**Added:**
- Now supports ingesting SHA-224 hashes as observables.
- Now supports ingesting report intents from Group-IB.
- Threat actor entities are created with data fetched from the APT or the Human Intelligence endpoints
**Changed:**
- Group-IB Threat APT incoming feed now includes the following data in ingested reports:
- Detected file hashes.
- Report intents.
- Associated malware.
- makes an additional request to `/api/v2/apt/threat_actor/`
and ingest associated threat actors.
- Group-IB Human Intelligence Threat incoming feed now makes an additional request to
`/api/v2/hi/threat_actor/` to retrieve and ingest associated threat actors.
- Associated threat actors pulled in by Threat APT and Human Intelligence Threat incoming feeds.
- Now, only truthy `isAPT` values in Group-IB data are now ingested only as `isAPT` tags,
instead of ingesting variants like `isAPT - True` or `isAPT - False`.
- Ingested entity titles are no longer prefixed with "Report:" or "Threat Actor:".
- Ambiguous tags ingested from reliability values are now clearer, prefixed with 'Reliability'.
- Removed Group-IB API URL from reference sections.
- Now, Threat reports includes additional fields:
- Short descriptions
- Intents
- Following tags are added:
- Malware categories
- Item reliability
**Fixed:**
- Fixes issue where ingested MITRE ATT&CK IDs could have duplicates.
## 3.1.1, 3.0.2, 2.14.6
Release date: 11 Jul 2023
**Fixed:**
- Issue where Group-IB sectors were missing from tags in entities.
## 3.0.1, 2.15.2, 2.14.5
Release date: 07 June 2023
**Fixed:**
- Added timestamp to all entities
- Country extracts are included in Threat reports
- All targeted companies are added as TTP entities
- Image files are no longer created as extracts
## 3.0.0, 2.15.1, 2.14.4
Release date: 26 Apr 2023
**New Features**
* Improved pagination fields to update timestamps
**Fixed:**
* Updated base URL and enpoints
## 2.14.3, 2.13.3
Release date: 24 Feb 2023
**Fixed:**
- Issue where APT Threat feed would not ingest MITRE ATT&CK indicators.
## 2.14.2, 2.13.2
Release date: 24 Jan 2022
**Fixed:**
- Issue where the Group-IB Attack Phishing kit and Malware C2 feeds
would attempt to download and ingest the same package multiple times.
## 2.14.1, 2.13.1
Release date: 29 Nov 2022
**Fixed:**
- Issue where the Group-IB Suspicious IP Socks Proxy feed would fail
if the incoming data does not contain a reference to the Group-IB portal.
## Initial release
Release date: 11 August, 2020
**Features:**
* Now provides the Group-IB Compromised Data Accounts incoming feed.
* Now provides the Group-IB Compromised Data Cards Feed incoming feed.
* Now provides the Group-IB Human Intelligence Threat incoming feed.
* Now provides the Group-IB APT Threat incoming feed.
* Now provides the Group-IB Attacks Phishing incoming feed.
* Now provides the Group-IB Attack Phishing Kit incoming feed.
* Now provides the Group-IB Phishing Brand Abuse incoming feed.
* Now provides the Group-IB Brand Abuse Phishing Kit incoming feed.
* Now provides the Group-IB Suspicious IP Socks Proxy incoming feed.
* Now provides the Group-IB Malware C2 incoming feed.