Anyrun

When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry.  In this article, we’ll walk […]

The post How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox  appeared first on ANY.RUN's Cybersecurity Blog.

Threat analysis is a complex task that demands full attention, especially during active incidents, when every second counts. ANY.RUN’s Interactive Sandbox is designed to ease that pressure with an intuitive interface and fast threat detection.   Our new feature, Detonation Actions, takes this further by highlighting detonation steps during analysis. When a specific action is needed […]

The post Simplify Threat Analysis and Boost Detection Rate with Detonation Actions  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Clandestine, threat researcher and threat hunter. You can find Clandestine on X. Threat actors today are continuously developing sophisticated techniques to evade traditional detection methods. ANY.RUN’s Threat Intelligence Lookup offers advanced capabilities for threat data gathering and analysis. As a specialized search engine, it allows security analysts to query […]

The post Threat Hunting: Hands-on Tips for SOC Analysts and MSSPs  appeared first on ANY.RUN's Cybersecurity Blog.

It usually starts with something small: an app download, a strange text message, a tap on the wrong link. But when that device is also connected to company email, Slack, or cloud storage, it’s no longer just a personal problem.  Android malware has become a serious risk for businesses. Attackers know mobile devices are often […]

The post Why Businesses Are at Risk of Android Malware Attacks and How to Detect Them Early appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s Threat Intelligence Feeds (TI Feeds) provide security teams with exclusive intel on threats targeting 15,000 companies worldwide. With TAXII protocol, you can safely and easily reinforce your company’s proactive detection with TI Feeds.   Why Use TAXII for TI Feeds?  TAXII (Trusted Automated eXchange of Indicator Information) allows for swift and comfortable delivery of threat […]

The post Integrate Threat Intelligence Feeds via TAXII Protocol  appeared first on ANY.RUN's Cybersecurity Blog.

Modern Security Operations Centers (SOCs) face an unprecedented challenge: defending against an ever-evolving threat landscape while managing alert fatigue, resource constraints, and the need for rapid response times. The integration of high-quality Threat Intelligence (TI) feeds has proven itself as a force multiplier for SOC teams, transforming reactive security postures into proactive defense strategies.  ANY.RUN’s […]

The post 5 Key Ways Threat Intelligence Feeds Drive SOC Performance   appeared first on ANY.RUN's Cybersecurity Blog.

Recently, we hosted a webinar exploring the everyday challenges SOC teams face and how ANY.RUN helps solve them. From low detection rates to alert fatigue, poor coordination, and infrastructure overhead, our team outlined a practical action plan to tackle it all.  Missed the session? You can watch it on ANY.RUN’s YouTube channel. Here are the […]

The post How SOC Teams Save Time and Effort with ANY.RUN: Action Plan  appeared first on ANY.RUN's Cybersecurity Blog.

We’ve packed May with updates to make your experience smoother and your threat detection even sharper. Whether you’re just getting started or knee-deep in malware every day, these changes are here to save you time and give you better insights.  In this update:  Take a look below to see how these updates can help you […]

The post Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.

Government institutions worldwide face a growing number of sophisticated cyberattacks. This case study examines how ANY.RUN’s solutions can be leveraged to detect, analyze, and mitigate cyber threats targeting government organizations.  By analyzing real-world threats, we demonstrate how ANY.RUN’s Threat Intelligence Lookup, Interactive Sandbox, and YARA Search assist cybersecurity teams in identifying attack vectors, tracking malicious […]

The post Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  What looks like a simple freelance bug fix turns out to be a full-blown malware infection. OtterCookie, a new tool from the Lazarus Group APT, hides behind clean code and fake job offers, then […]

The post OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals appeared first on ANY.RUN's Cybersecurity Blog.

Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity.  This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can […]

The post How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Malware doesn’t stick to one platform or play fair. One day it’s a Python stealer. The next, it’s an Android RAT or a Node.js backdoor quietly pinging its C2. Then it hits Linux, flooding your network with suspicious connections.  Modern threats are unpredictable. They move across systems and languages, often slipping past tools that weren’t […]

The post How to Analyze Node.js, Python, Android, and Linux Malware with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

A new phishing campaign is spreading the Remcos Remote Access Trojan (RAT) through DBatLoader. It employs User Account Control (UAC) bypass, obfuscated scripts, Living Off the Land Binaries (LOLBAS) abuse, and persistence mechanisms. Here’s an analysis of the infection chain, key techniques, and detection tips.  How the Attack Works   To see how the attack unfolds, […]

The post DBatLoader Delivers Remcos via .pif Files and UAC Bypass in New Phishing Campaign  appeared first on ANY.RUN's Cybersecurity Blog.

Security Operations Centers (SOCs) are under constant pressure to detect threats faster, respond more effectively, and reduce operational noise. Metrics like Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), False Positive Rate (FPR), and True Positive Rate (TPR) are more than just numbers — they define the health and impact of a business […]

The post How SOC Teams Improve Mean Time to Detect and Other KPIs with Threat Intelligence Feeds appeared first on ANY.RUN's Cybersecurity Blog.

While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts.  Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to […]

The post How Adversary Telegram Bots Help to Reveal Threats: Case Study  appeared first on ANY.RUN's Cybersecurity Blog.

Time really flies. Nine years ago, we set out with a simple goal: to make malware analysis faster, easier, and more accessible for analysts and security teams everywhere.  We started as a small group of researchers with a big idea. Today, ANY.RUN is trusted by over 15,000 companies and half a million professionals around the […]

The post We’re 9! Special Thanks (and Special Offers) Just for You appeared first on ANY.RUN's Cybersecurity Blog.

We are honored to announce that ANY.RUN became a gold winner at the annual Globee Business Awards 2025. The award aims to recognize and celebrate excellence in various industries worldwide, including cybersecurity.  Our solution, ANY.RUN’s TI Lookup, was named best in the Cyber Threat Intelligence category. We believe that threat intelligence is an essential aspect […]

The post ANY.RUN Becomes a Gold Winner in Threat Intelligence at Globee Awards 2025   appeared first on ANY.RUN's Cybersecurity Blog.

Security Operations Centers (SOCs) and Managed Security Service Providers (MSSPs) serve as the frontline defenders for organizations worldwide. The teams operate in high-pressure environments, analyzing security incidents, monitoring threats, and responding to attacks in real time. Continuous learning — especially through hands-on malware analysis training — is not just beneficial, but essential for their performance.  […]

The post How Malware Analysis Training Powers Up SOC and MSSP Teams appeared first on ANY.RUN's Cybersecurity Blog.

Attackers keep improving ways to avoid being caught, making it harder to detect and investigate their attacks. The Tycoon 2FA phishing kit is a clear example, as its creators regularly add new tricks to bypass detection systems.  In this study, we’ll take a closer look at how Tycoon 2FA’s anti-detection methods have changed over the […]

The post Evolution of Tycoon 2FA Defense Evasion Mechanisms: Analysis and Timeline appeared first on ANY.RUN's Cybersecurity Blog.

The financial sector is heavily targeted by cybercriminals. Banks, investment firms, and credit unions are prime victims of attacks aimed at stealing sensitive data or holding it hostage for massive ransoms. One emerging threat in this landscape is Nitrogen Ransomware, a malicious group discovered in September 2024.   It has since then been notoriously renowned for […]

The post Nitrogen Ransomware Exposed: How ANY.RUN Helps Uncover Threats to Finance  appeared first on ANY.RUN's Cybersecurity Blog.