Anyrun

ANY.RUN’s services processes data on current threats daily, including attacks affecting supply chains. In this case study, we analyze examples of DHL brand abuse. The company is a leading global logistic operator, and attackers exploit its recognition to send phishing emails, potentially targeting its partners.   We will demonstrate how ANY.RUN’s solutions can be used to […]

The post Beating Supply Chain Attacks: DHL Impersonation Case Study   appeared first on ANY.RUN's Cybersecurity Blog.

IBM QRadar SOAR is a go-to platform for incident response. To make things faster and easier for SOCs to use this powerful tool with ANY.RUN’s services, we built an official app. Now you can seamlessly launch different playbooks directly inside SOAR to streamline threat analysis, speed up investigations, and reduce Mean Time to Respond (MTTR) […]

The post Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Get Q2 2025 Report Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q1 2025 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent to your […]

The post Malware Trends Report, Q2 2025: Know the Key Risks to Your Business appeared first on ANY.RUN's Cybersecurity Blog.

Managed Security Service Providers (MSSPs) are tasked with protecting multiple clients simultaneously while maintaining cost efficiency, rapid response times, and customer trust. The key to success lies in early threat detection, which requires access to high-quality, actionable threat intelligence that can be immediately applied across diverse client environments.   Main MSSP Challenges MSSPs operate in a […]

The post How MSSPs Detect Incidents Early with Threat Intelligence Feeds from ANY.RUN   appeared first on ANY.RUN's Cybersecurity Blog.

Streamlining your SOC workflows with fresh intelligence is now easier than ever: ANY.RUN introduces free access to Threat Intelligence Lookup.  With it, you can enrich your threat investigations with data on attacks targeting 15,000 companies all over the world. All you need to do to strengthen your defense against them is to register, browse our […]

The post Free. Powerful. Actionable. Make Smarter Security Decisions with Live Attack Data   appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article was originally published on April 10, 2024, and updated on July 15, 2025. Modern cybersecurity teams face growing pressure: more threats, tighter SLAs, and less time to investigate. The difference between fast containment and a damaging breach often comes down to visibility, collaboration, and control.  ANY.RUN’s Enterprise plan is a complete […]

The post Enterprise Plan: Boost SOC Performance, Reduce Business Risks with ANY.RUN appeared first on ANY.RUN's Cybersecurity Blog.

Alert triage as one of the critical SOC and MSSP workflows implies evaluating, prioritizing, and categorizing security alerts to determine which threats require immediate attention and which can be safely dismissed or handled through automated processes.  Efficient alert triage, supported by robust threat intelligence, ensures that organizations stay ahead of adversaries while maintaining analyst productivity […]

The post How to Maintain Fast and Fatigue-Free Alert Triage with Threat Intelligence  appeared first on ANY.RUN's Cybersecurity Blog.

Many have probably heard of the modular malware for mobile devices called Triada. Even nine years after its first mention in 2016, it remains one of the most advanced Android trojans out there. Recently, our team at ANY.RUN came across an interesting sample of this malicious software. The sample in question was embedded in a […]

The post Technical Analysis of Ducex: Packer of Triada Android Malware  appeared first on ANY.RUN's Cybersecurity Blog.

We’ve packed June with updates designed to make your day-to-day analysis faster, clearer, and easier than before. Whether you’re just getting started or deep into reverse engineering every day, these improvements are here to save you time and help you catch more threats.  In this update:  Scroll down to see what’s new and how these […]

The post Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.

Security-First Culture (SFC) is an organization-wide commitment where security considerations influence decision-making at every level, from strategic planning to daily operational tasks.  It’s not just about having fancy tech or a dedicated IT team; it’s about making security a core part of how the company thinks and acts. A mindset where every decision, from coding […]

The post A Guide to Developing Security-First Culture Powered by Threat Intelligence  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  New ransomware strains continue to surface frequently, and many of them are loosely built on or repackaged from existing families. One such case involves a sample resembling DragonForce ransomware, yet bearing several […]

The post DEVMAN Ransomware: Analysis of New DragonForce Variant  appeared first on ANY.RUN's Cybersecurity Blog.

June 2025 saw several sophisticated and stealthy cyber attacks that relied heavily on obfuscated scripts, abuse of legitimate services, and multi-stage delivery techniques. Among the key threats observed by ANY.RUN’s analysts were malware campaigns using GitHub for payload hosting, JavaScript employing control-flow flattening to drop Remcos, and obfuscated BAT scripts delivering NetSupport RAT. Let’s see […]

The post Top 3 Cyber Attacks in June 2025: GitHub Abuse, Control Flow Flattening, and More  appeared first on ANY.RUN's Cybersecurity Blog.

When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry.  In this article, we’ll walk […]

The post How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox  appeared first on ANY.RUN's Cybersecurity Blog.

Threat analysis is a complex task that demands full attention, especially during active incidents, when every second counts. ANY.RUN’s Interactive Sandbox is designed to ease that pressure with an intuitive interface and fast threat detection.   Our new feature, Detonation Actions, takes this further by highlighting detonation steps during analysis. When a specific action is needed […]

The post Simplify Threat Analysis and Boost Detection Rate with Detonation Actions  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Clandestine, threat researcher and threat hunter. You can find Clandestine on X. Threat actors today are continuously developing sophisticated techniques to evade traditional detection methods. ANY.RUN’s Threat Intelligence Lookup offers advanced capabilities for threat data gathering and analysis. As a specialized search engine, it allows security analysts to query […]

The post Threat Hunting: Hands-on Tips for SOC Analysts and MSSPs  appeared first on ANY.RUN's Cybersecurity Blog.

It usually starts with something small: an app download, a strange text message, a tap on the wrong link. But when that device is also connected to company email, Slack, or cloud storage, it’s no longer just a personal problem.  Android malware has become a serious risk for businesses. Attackers know mobile devices are often […]

The post Why Businesses Are at Risk of Android Malware Attacks and How to Detect Them Early appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s Threat Intelligence Feeds (TI Feeds) provide security teams with exclusive intel on threats targeting 15,000 companies worldwide. With TAXII protocol, you can safely and easily reinforce your company’s proactive detection with TI Feeds.   Why Use TAXII for TI Feeds?  TAXII (Trusted Automated eXchange of Indicator Information) allows for swift and comfortable delivery of threat […]

The post Integrate Threat Intelligence Feeds via TAXII Protocol  appeared first on ANY.RUN's Cybersecurity Blog.

Modern Security Operations Centers (SOCs) face an unprecedented challenge: defending against an ever-evolving threat landscape while managing alert fatigue, resource constraints, and the need for rapid response times. The integration of high-quality Threat Intelligence (TI) feeds has proven itself as a force multiplier for SOC teams, transforming reactive security postures into proactive defense strategies.  ANY.RUN’s […]

The post 5 Key Ways Threat Intelligence Feeds Drive SOC Performance   appeared first on ANY.RUN's Cybersecurity Blog.

Recently, we hosted a webinar exploring the everyday challenges SOC teams face and how ANY.RUN helps solve them. From low detection rates to alert fatigue, poor coordination, and infrastructure overhead, our team outlined a practical action plan to tackle it all.  Missed the session? You can watch it on ANY.RUN’s YouTube channel. Here are the […]

The post How SOC Teams Save Time and Effort with ANY.RUN: Action Plan  appeared first on ANY.RUN's Cybersecurity Blog.

We’ve packed May with updates to make your experience smoother and your threat detection even sharper. Whether you’re just getting started or knee-deep in malware every day, these changes are here to save you time and give you better insights.  In this update:  Take a look below to see how these updates can help you […]

The post Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.