Anyrun

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  What looks like a simple freelance bug fix turns out to be a full-blown malware infection. OtterCookie, a new tool from the Lazarus Group APT, hides behind clean code and fake job offers, then […]

The post OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals appeared first on ANY.RUN's Cybersecurity Blog.

Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity.  This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can […]

The post How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Malware doesn’t stick to one platform or play fair. One day it’s a Python stealer. The next, it’s an Android RAT or a Node.js backdoor quietly pinging its C2. Then it hits Linux, flooding your network with suspicious connections.  Modern threats are unpredictable. They move across systems and languages, often slipping past tools that weren’t […]

The post How to Analyze Node.js, Python, Android, and Linux Malware with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

A new phishing campaign is spreading the Remcos Remote Access Trojan (RAT) through DBatLoader. It employs User Account Control (UAC) bypass, obfuscated scripts, Living Off the Land Binaries (LOLBAS) abuse, and persistence mechanisms. Here’s an analysis of the infection chain, key techniques, and detection tips.  How the Attack Works   To see how the attack unfolds, […]

The post DBatLoader Delivers Remcos via .pif Files and UAC Bypass in New Phishing Campaign  appeared first on ANY.RUN's Cybersecurity Blog.

Security Operations Centers (SOCs) are under constant pressure to detect threats faster, respond more effectively, and reduce operational noise. Metrics like Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), False Positive Rate (FPR), and True Positive Rate (TPR) are more than just numbers — they define the health and impact of a business […]

The post How SOC Teams Improve Mean Time to Detect and Other KPIs with Threat Intelligence Feeds appeared first on ANY.RUN's Cybersecurity Blog.

While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts.  Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to […]

The post How Adversary Telegram Bots Help to Reveal Threats: Case Study  appeared first on ANY.RUN's Cybersecurity Blog.

Time really flies. Nine years ago, we set out with a simple goal: to make malware analysis faster, easier, and more accessible for analysts and security teams everywhere.  We started as a small group of researchers with a big idea. Today, ANY.RUN is trusted by over 15,000 companies and half a million professionals around the […]

The post We’re 9! Special Thanks (and Special Offers) Just for You appeared first on ANY.RUN's Cybersecurity Blog.

We are honored to announce that ANY.RUN became a gold winner at the annual Globee Business Awards 2025. The award aims to recognize and celebrate excellence in various industries worldwide, including cybersecurity.  Our solution, ANY.RUN’s TI Lookup, was named best in the Cyber Threat Intelligence category. We believe that threat intelligence is an essential aspect […]

The post ANY.RUN Becomes a Gold Winner in Threat Intelligence at Globee Awards 2025   appeared first on ANY.RUN's Cybersecurity Blog.

Security Operations Centers (SOCs) and Managed Security Service Providers (MSSPs) serve as the frontline defenders for organizations worldwide. The teams operate in high-pressure environments, analyzing security incidents, monitoring threats, and responding to attacks in real time. Continuous learning — especially through hands-on malware analysis training — is not just beneficial, but essential for their performance.  […]

The post How Malware Analysis Training Powers Up SOC and MSSP Teams appeared first on ANY.RUN's Cybersecurity Blog.

Attackers keep improving ways to avoid being caught, making it harder to detect and investigate their attacks. The Tycoon 2FA phishing kit is a clear example, as its creators regularly add new tricks to bypass detection systems.  In this study, we’ll take a closer look at how Tycoon 2FA’s anti-detection methods have changed over the […]

The post Evolution of Tycoon 2FA Defense Evasion Mechanisms: Analysis and Timeline appeared first on ANY.RUN's Cybersecurity Blog.

The financial sector is heavily targeted by cybercriminals. Banks, investment firms, and credit unions are prime victims of attacks aimed at stealing sensitive data or holding it hostage for massive ransoms. One emerging threat in this landscape is Nitrogen Ransomware, a malicious group discovered in September 2024.   It has since then been notoriously renowned for […]

The post Nitrogen Ransomware Exposed: How ANY.RUN Helps Uncover Threats to Finance  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  These days, it’s easy to come across new ransomware strains without much effort. But the ransomware threat landscape is far broader than it seems, especially when you dive into the commodity ransomware scene. This type of […]

The post Mamona: Technical Analysis of a New Ransomware Strain appeared first on ANY.RUN's Cybersecurity Blog.

April was another busy month for the ANY.RUN team! We continued improving our malware detection capabilities, expanded our behavior signatures, and sharpened threat intelligence, all to make your investigations faster, deeper, and even more precise.  From adding fresh Suricata rules and YARA signatures to detecting new malware behaviors, here’s what’s new at ANY.RUN this month.  Let’s […]

The post Release Notes: SDK Integration, Notifications, 1,000+ Detection Rules, and APT Reports  appeared first on ANY.RUN's Cybersecurity Blog.

The current article provides technical analysis of an emerging malware named Pentagon Stealer. The research has been prepared by the analyst team at ANY.RUN.  Key Takeaways  How We Discovered Pentagon Stealer  In early March of this year, when browsing Public submissions, the ANY.RUN team came across an interesting malware sample written in Golang.  View sandbox […]

The post Pentagon Stealer: Go and Python Malware with Crypto Theft Capabilities  appeared first on ANY.RUN's Cybersecurity Blog.

When data meets automation, two pillars of modern tech converge to create something smarter: Threat Intelligence Feeds. Real-time insights, machine-speed decisions, and a global perspective — all working together to outsmart threats before they become incidents.  ANY.RUN’s TI Feeds are structured, continuously updated streams of fresh threat data. They contain network-based IOCs — IP addresses, […]

The post How Threat Intelligence Feeds Help During Incident Response appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  There’s no shortage of ransomware these days. It’s everywhere, lurking in email attachments, hiding in cracked software, and making headlines almost daily. While some ransomware groups vanish or rebrand, new names step in to […]

The post PE32 Ransomware: A New Telegram-Based Threat on the Rise  appeared first on ANY.RUN's Cybersecurity Blog.

Making ANY.RUN’s products better for the benefit of businesses, organizations, and SOC teams is our top priority. To get maximum value out of our solutions, we provide them with API, a tool enabling users to integrate our services into their security infrastructure. And now, to make this process even smoother, we introduce a software development […]

The post Seamlessly Integrate ANY.RUN’s Services into Your Infrastructure via SDK appeared first on ANY.RUN's Cybersecurity Blog.

In cybersecurity, the three main types of indicators are a critical concept for threat detection and response. These main types are indicators of compromise, behavior, and attack (IOCs, IOBs, IOAs). Let’s elaborate on their essence, difference, and use.   Distinction in a Nutshell  Indicators of Compromise  IOCs are pieces of evidence that suggest that a system, […]

The post How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats appeared first on ANY.RUN's Cybersecurity Blog.

Get Q1 ’25 Report for Free Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q4 ’24 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent […]

The post Malware Trends Report, Q1 2025: Get Your Copy appeared first on ANY.RUN's Cybersecurity Blog.

Every piece of malware leaves traces behind. Sometimes it’s a string buried deep in the code. Other times it’s a mutex, a registry key, or a network pattern. The key is knowing what to look for.  That’s exactly what malware signatures are for. They describe these recurring elements, unique strings, behaviors, or structural patterns, that […]

The post Malware Signatures: How Cybersecurity Teams Use Them to Catch Threats  appeared first on ANY.RUN's Cybersecurity Blog.