AshES Cybersecurity

AshES CTI - Changelog

Last updated: May 8th, 2026

Version 1.4.1: Update Reliability & Stability Improvements

Highlights

  • Improved update-check compatibility with modern web hosting and security filtering

Version 1.4: Actor Intelligence, MITRE Context & Sigma Support

Highlights

  • Dedicated Actors view with structured threat actor intelligence
  • MITRE ATT&CK technique mapping per actor
  • Sigma rule ingestion and export support

Features

  • New Actors tab for browsing threat actor profiles
  • Displays actor details including aliases, origin, motivation, and activity timeline
  • Unified view of techniques, malware, and targeted sectors per actor
  • MITRE ATT&CK technique IDs displayed for each actor
  • Clickable technique entries for direct reference to MITRE ATT&CK
  • Structured actor intelligence layer integrated into the local database
  • Procedure-level context for actor techniques
  • Improved correlation between threat intelligence and detection workflows
  • Bundled offline reference datasets for actors, techniques, and malware families
  • Automatic import of reference data during initialization
  • Added support for ingestion and export of Sigma rules
  • Unified detection rule export workflow for YARA, Sigma, and SNORT
  • Added Federal Dark theme
  • Improved theme-aware UI coloring across actor and status views
  • Improved YARA rule extraction reliability

Version 1.3.1: Performance Refinement

Changes

  • Improved application startup performance for a smoother launch experience
  • Cleaner IOCs view with reduced low-signal noise

Version 1.3: IOC Visibility, Detection Support & UI Enhancements

Highlights

  • Dedicated IOCs view with enrichment and filtering
  • SNORT rule ingestion and export support
  • Customizable UI with themes and settings

Features

  • New IOCs tab for browsing extracted indicators
  • Displays IOC value, type, observed timestamp, and enrichment data
  • IOC enrichment fields include VirusTotal hits, first seen, and last enriched timestamp
  • Filtering support in the IOCs view (by IOC value and type)
  • Clickable IOCs open corresponding VirusTotal pages (hashes, IPs, domains)
  • Search support for keywords and IOCs in the Items view
  • Adjustable display counts for the IOCs view (50 / 100 / 250)
  • Added Settings menu for UI configuration and utility actions
  • Introduced 6 UI themes with persistent selection stored in the local SQLite database
  • Manual in-app update checking via Settings (opens download in browser)
  • SNORT rule ingestion and export

Version 1.2 : Intelligence Ingestion & Multilingual Support

Highlights

  • Expanded intelligence ingestion capabilities
  • Multilingual threat intelligence support
  • Improved indicator extraction from threat reports

Features

  • Chinese (CJK) UI rendering support for multilingual threat intelligence sources
  • STIX bundle ingestion via CLI
  • Bulk IOC import from CSV files
  • PDF intelligence ingestion with automated artifact extraction
  • Enhanced IOC extraction including domains and URLs
  • Automatic normalization of defanged indicators (e.g. hxxp → http, [.] → .)
  • Chinese-aware summarization improvements for multilingual reports
  • Enhanced summary readability using a custom text layouter
  • Minor UI typography improvements

Version 1.1

User Interface

  • Added UI buttons to display 50, 100, and 250 items from the DB.
  • Implemented Export YARA button in the UI.
  • Artifact table entries can be exported as:
    • Individual YARA rule files
    • A consolidated YARA bundle for SIEM ingestion

Ingestion & Processing

  • Implemented PDF file import as an additional Item Ingestion format (separate CLI command).

    • Notes: No breaking changes introduced. Existing databases remain compatible.

Version 1.0.0 : Release

Highlights

  • Stable production release
  • Improved ingestion reliability
  • Refined summarizer accuracy across multiple sources

Changes

  • Reduced false positive rate during TAXII ingest.
  • Improved Sophos summary output.
  • Added CISA and additional government intelligence feeds.
  • Added CLI option to manually enter new IOCs.
  • Minor UI improvements and stability fixes.

Version 1.0.0-beta : Closed Beta

Highlights

  • Initial closed beta release
  • Full UI + CLI support
  • Offline-focused workflow

Features

  • OSINT feed ingestion
  • Offline IOC enrichment
  • MITRE ATT&CK mapping
  • STIX/TAXII export
  • Windows-native UI
  • Lightweight, self-contained installation
  • No telemetry; fully offline workflows

For support or feature requests, contact support@ashes-cybersecurity.com.