Anyrun

Editor’s Note: This article was originally published on June 11, 2024, and updated on January 9, 2025. The ANY.RUN Threat Intelligence Feeds provide data on the known indicators of compromise: malicious IPs, URLs, domains, files, and ports.    The data is collected and pre-processed from public malware and phishing samples analyzed by our community of […]

The post Integrate ANY.RUN Threat Intelligence Feeds with Your Security Platform appeared first on ANY.RUN's Cybersecurity Blog.

As we wrap up 2024, let’s take a moment to reflect on what an incredible year it’s been for ANY.RUN. Together, we’ve achieved so much: breaking barriers, improving tools, and working side by side with you, our amazing community of cybersecurity heroes.  From big product launches to small tweaks that make a huge difference, everything […]

The post 2024 Wrapped: A Year of Growth, Innovation, and Community at ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Can you believe 2024 has come to an end? As we prepare to step into 2025, we’re excited to share key updates on the cybersecurity front from Q4. The last three months were anything but quiet—new threats emerged, familiar ones evolved, and cybercriminals kept raising the stakes.  At ANY.RUN, we’ve been monitoring these shifts every […]

The post Malware Trends Report: Q4, 2024  appeared first on ANY.RUN's Cybersecurity Blog.

As we wrap up 2024, we’re excited to share the final release notes of the year, and they’re packed with updates you’re going to love!  This December, we’ve shared some great news with our ANY.RUN community. From new wildcards and search operators in TI Lookup to the launch of our MISP instance and an upgraded […]

The post Release Notes: New Search Operators in TI Lookup, MISP Integration, Multi-admin Support  appeared first on ANY.RUN's Cybersecurity Blog.

The cybersecurity research team of ANY.RUN found and analyzed a bunch of emerging threats with the help of our mighty Interactive Sandbox and Threat Intelligence Lookup. We’ve been sharing their findings via X and in our blog. Here is a summary on the most interesting insights from December 2024. Phishing Campaigns targeting Microsoft’s Azure Blob […]

The post 5 Major Cyber Attacks in December 2024 appeared first on ANY.RUN's Cybersecurity Blog.

It’s December, and it’s high time to tell Santa how good girls and boys we’ve been at ANY.RUN. It’s time to reap acknowledgment from the industry, the community, and the customers. Here are the major tech awards we’ve received in 2024 as cybersecurity experts.   Cybersecurity Excellence Awards from Cybersecurity Insiders We nailed it in the […]

The post Well done, ANY.RUN: Our Top Cybersecurity Awards in 2024 appeared first on ANY.RUN's Cybersecurity Blog.

Recently, DFIR consultant & content creator/educator Steven from the YouTube channel MyDFIR released a new video showing how DFIR professionals can leverage the ANY.RUN Sandbox to efficiently analyze malware and extract actionable intelligence.   The video provides a step-by-step guide on investigating real-world threats, including how to quickly identify and analyze Indicators of Compromise (IOCs) and […]

The post How DFIR Analysts Use ANY.RUN Sandbox appeared first on ANY.RUN's Cybersecurity Blog.

As Windows 10 approaches its end-of-life (October 2025), organizations are facing the need to adjust their security infrastructure to be better aligned with Windows 11. A malware sandbox, an isolated environment for analyzing malicious files and URLs, is a key tool for this transition. Here are the benefits of deploying a Windows 11 sandbox and […]

The post How to Set up a Windows 11 Malware Sandbox appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s Threat Intelligence (TI) feeds provide an invaluable solution for organizations seeking to detect and mitigate the latest malware and phishing campaigns, attacks, and cybercriminal tactics. But what exactly is inside these feeds, and how can they help companies strengthen their cybersecurity? Let’s dive into the details. What Are ANY.RUN’s Threat Intelligence Feeds? ANY.RUN’s Threat […]

The post What’s Inside ANY.RUN’s Cyber Threat Intelligence Feeds? appeared first on ANY.RUN's Cybersecurity Blog.

As cybersecurity threats grow more sophisticated, collaboration becomes a cornerstone of effective defense strategies. This is where MISP, an open-source threat intelligence sharing platform, comes into play.   Recognizing its value, we are excited to announce the launch of our own MISP instance, enabling users to access and use indicators of compromise (IOCs) from ANY.RUN’s Threat Intelligence […]

The post Access and Use ANY.RUN’s TI Feeds via MISP appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mostafa ElSheimy, a malware reverse engineer and threat intelligence analyst. You can find Mostafa on X and LinkedIn.  In this malware analysis report, we will delve into Nova, a newly discovered fork of the Snake Keylogger family. This variant has been observed employing even more sophisticated tactics, signaling the continued […]

The post Analysis of Nova: A Snake Keylogger Fork appeared first on ANY.RUN's Cybersecurity Blog.

The manufacturing industry has long been a target of cybercriminals. While data encryption has been a prevalent tactic in recent years, threat actors are now increasingly focusing on stealing sensitive information and gaining control over critical infrastructure.   One of the latest campaigns on record involves the use of Lumma and Amadey malware.  Campaign Uses Fake […]

The post Manufacturing Companies Targeted with New Lumma and Amadey Campaign appeared first on ANY.RUN's Cybersecurity Blog.

Recently, our analyst team shared their research into a zero-day attack involving the use of corrupted malicious files to bypass static detection systems. Now, we present a technical analysis of this method and its mechanics.  In this article, we will:   Let’s get started.  Sandbox Analysis of a Corrupted File Attack To first see how such […]

The post Zero-day Attack Uses Corrupted Files to Bypass Detection: Technical Analysis appeared first on ANY.RUN's Cybersecurity Blog.

Finding information on specific cyber threats in a vast amount of data can be challenging. Threat Intelligence Lookup from ANY.RUN simplifies this task with wildcards and operators that provide you with the ability to create flexible and precise search queries. Let’s take a look at how you can use them to identify and collect intel […]

The post Search Operators and Wildcards for Cyber Threat Investigations appeared first on ANY.RUN's Cybersecurity Blog.

Welcome to ANY.RUN’s monthly updates, where we give you all the details on our latest features and enhancements.  November has been a month of innovation at ANY.RUN, with major upgrades. We’ve launched Smart Content Analysis as part of Automated Interactivity, updated the home screen of TI Lookup featuring an interactive MITRE ATT&CK matrix connected with […]

The post Release Notes: MITRE ATT&CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More appeared first on ANY.RUN's Cybersecurity Blog.

In this article, ANY.RUN‘s analyst team will explore a malicious loader known as PSLoramyra. This advanced malware leverages PowerShell, VBS, and BAT scripts to inject malicious payloads into a system, execute them directly in memory, and establish persistent access.   Classified as a fileless loader, PSLoramyra bypasses traditional detection methods by loading its primary payload entirely […]

The post PSLoramyra: Technical Analysis of Fileless Malware Loader appeared first on ANY.RUN's Cybersecurity Blog.

TI Lookup from ANY.RUN is a versatile tool for gathering up-to-date intelligence on the latest cyber threats. The best way to demonstrate its effectiveness is to hear from actual security professionals about how they use the service in their daily work.   This time, we asked Jane_0sint, an accomplished network traffic analyst and the first ANY.RUN […]

The post Investigating Phishing Threats with TI Lookup: Use Cases from an Expert appeared first on ANY.RUN's Cybersecurity Blog.

Black Friday 2024 at ANY.RUN is here! As always, we’ve prepared time-limited deals to not only help you save on our tools but also improve collaboration with your colleagues.  Here’s what we have in store for you this time.  Hunter Plan: Two Subscriptions for the Price of One  Hunter plan is designed for individual users, […]

The post Black Friday 2024 at ANY.RUN appeared first on ANY.RUN's Cybersecurity Blog.

We’re excited to announce the latest update to Threat Intelligence (TI) Lookup. The enhanced home screen now integrates all techniques and tactics of the MITRE ATT&CK matrix, along with relevant malware samples and signatures.  Let’s dive into how these updates can transform your workflow and help you tackle threats with greater confidence.  Redesigned Threat Intelligence […]

The post Explore MITRE ATT&CK Techniques in Real-World Samples with TI Lookup appeared first on ANY.RUN's Cybersecurity Blog.

Persistence mechanisms are techniques used by attackers to keep malware active, even after log-offs, reboots, or restarts. In other words, they’re techniques that make malware tougher to detect and even harder to remove once it’s on a system.  Let’s dive into a few of the common mechanisms attackers use to keep their malware persistent, quietly […]

The post 6 Common Persistence Mechanisms in Malware appeared first on ANY.RUN's Cybersecurity Blog.