Anyrun

As cybersecurity threats grow more sophisticated, collaboration becomes a cornerstone of effective defense strategies. This is where MISP, an open-source threat intelligence sharing platform, comes into play.   Recognizing its value, we are excited to announce the launch of our own MISP instance, enabling users to access and use indicators of compromise (IOCs) from ANY.RUN’s Threat Intelligence […]

The post Access and Use ANY.RUN’s TI Feeds via MISP appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mostafa ElSheimy, a malware reverse engineer and threat intelligence analyst. You can find Mostafa on X and LinkedIn.  In this malware analysis report, we will delve into Nova, a newly discovered fork of the Snake Keylogger family. This variant has been observed employing even more sophisticated tactics, signaling the continued […]

The post Analysis of Nova: A Snake Keylogger Fork appeared first on ANY.RUN's Cybersecurity Blog.

The manufacturing industry has long been a target of cybercriminals. While data encryption has been a prevalent tactic in recent years, threat actors are now increasingly focusing on stealing sensitive information and gaining control over critical infrastructure.   One of the latest campaigns on record involves the use of Lumma and Amadey malware.  Campaign Uses Fake […]

The post Manufacturing Companies Targeted with New Lumma and Amadey Campaign appeared first on ANY.RUN's Cybersecurity Blog.

Recently, our analyst team shared their research into a zero-day attack involving the use of corrupted malicious files to bypass static detection systems. Now, we present a technical analysis of this method and its mechanics.  In this article, we will:   Let’s get started.  Sandbox Analysis of a Corrupted File Attack To first see how such […]

The post Zero-day Attack Uses Corrupted Files to Bypass Detection: Technical Analysis appeared first on ANY.RUN's Cybersecurity Blog.

Finding information on specific cyber threats in a vast amount of data can be challenging. Threat Intelligence Lookup from ANY.RUN simplifies this task with wildcards and operators that provide you with the ability to create flexible and precise search queries. Let’s take a look at how you can use them to identify and collect intel […]

The post Search Operators and Wildcards for Cyber Threat Investigations appeared first on ANY.RUN's Cybersecurity Blog.

Welcome to ANY.RUN’s monthly updates, where we give you all the details on our latest features and enhancements.  November has been a month of innovation at ANY.RUN, with major upgrades. We’ve launched Smart Content Analysis as part of Automated Interactivity, updated the home screen of TI Lookup featuring an interactive MITRE ATT&CK matrix connected with […]

The post Release Notes: MITRE ATT&CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More appeared first on ANY.RUN's Cybersecurity Blog.

In this article, ANY.RUN‘s analyst team will explore a malicious loader known as PSLoramyra. This advanced malware leverages PowerShell, VBS, and BAT scripts to inject malicious payloads into a system, execute them directly in memory, and establish persistent access.   Classified as a fileless loader, PSLoramyra bypasses traditional detection methods by loading its primary payload entirely […]

The post PSLoramyra: Technical Analysis of Fileless Malware Loader appeared first on ANY.RUN's Cybersecurity Blog.

TI Lookup from ANY.RUN is a versatile tool for gathering up-to-date intelligence on the latest cyber threats. The best way to demonstrate its effectiveness is to hear from actual security professionals about how they use the service in their daily work.   This time, we asked Jane_0sint, an accomplished network traffic analyst and the first ANY.RUN […]

The post Investigating Phishing Threats with TI Lookup: Use Cases from an Expert appeared first on ANY.RUN's Cybersecurity Blog.

Black Friday 2024 at ANY.RUN is here! As always, we’ve prepared time-limited deals to not only help you save on our tools but also improve collaboration with your colleagues.  Here’s what we have in store for you this time.  Hunter Plan: Two Subscriptions for the Price of One  Hunter plan is designed for individual users, […]

The post Black Friday 2024 at ANY.RUN appeared first on ANY.RUN's Cybersecurity Blog.

We’re excited to announce the latest update to Threat Intelligence (TI) Lookup. The enhanced home screen now integrates all techniques and tactics of the MITRE ATT&CK matrix, along with relevant malware samples and signatures.  Let’s dive into how these updates can transform your workflow and help you tackle threats with greater confidence.  Redesigned Threat Intelligence […]

The post Explore MITRE ATT&CK Techniques in Real-World Samples with TI Lookup appeared first on ANY.RUN's Cybersecurity Blog.

Persistence mechanisms are techniques used by attackers to keep malware active, even after log-offs, reboots, or restarts. In other words, they’re techniques that make malware tougher to detect and even harder to remove once it’s on a system.  Let’s dive into a few of the common mechanisms attackers use to keep their malware persistent, quietly […]

The post 6 Common Persistence Mechanisms in Malware appeared first on ANY.RUN's Cybersecurity Blog.

Last year, we introduced Automated Interactivity — a feature that simulates user behavior inside the ANY.RUN sandbox to automatically force cyber attack execution.  The first stage of Automated Interactivity focused on basic user interactions like clicking buttons and completing CAPTCHA challenges. This allowed many analysts to simplify their investigations and streamline the sandbox use via […]

The post Automated Interactivity: Stage 2 appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by the threat researcher Aaron Jornet Sales, also known as RexorVc0. You can find him on X and LinkedIn.  HawkEye, also known as PredatorPain (Predator Pain), is a malware categorized as a keylogger, but over the years, it has adopted new functionalities that align it with the capabilities of […]

The post HawkEye Malware: Technical Analysis appeared first on ANY.RUN's Cybersecurity Blog.

On October 23, we hosted a webinar “How to Improve Threat Investigations with TI Lookup”. The session was led by Dmitry Marinov, CTO at ANY.RUN, who showed the audience effective methods for collecting the latest threat intelligence.  You can check out the recording on our YouTube channel. Here is a quick rundown of the main […]

The post How to Improve Threat Investigations with TI Lookup: Webinar Recap  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by RacWatchin8872, who is a threat intelligence analyst. You can find him on X.  This article covers two distinct methods used to infect systems with AsyncRAT via open directories. These techniques show how attackers are constantly adapting, finding new ways to use publicly accessible files to broaden AsyncRAT’s […]

The post AsyncRAT’s Infection Tactics <br>via Open Directories: Technical Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

Welcome to ANY.RUN‘s monthly updates, where we share our latest achievements and improvements.  October has been another productive month here at ANY.RUN, filled with new features to enhance your cybersecurity toolkit. We’ve introduced TI Lookup Notifications for real-time threat updates, rolled out a newly improved Linux sandbox for smoother malware analysis, and added the ability to export STIX reports for seamless […]

The post Release Notes: TI Lookup Notifications, Upgraded Linux Sandbox, STIX Reports, <br>and More  appeared first on ANY.RUN's Cybersecurity Blog.

Dr. Jim Furstenberg is a distinguished faculty member in the Ferris State University Information Security and Intelligence program. Since joining the faculty in 2014, he has combined his extensive industry experience — including roles as Chief Information Officer, Cybersecurity Consultant, and Chief Operating Officer — with his passion for teaching.  With an information technology/security career […]

The post Expert Q&A: Dr. Jim Furstenberg on Cybersecurity Education and Practice  appeared first on ANY.RUN's Cybersecurity Blog.

Network traffic analysis provides critical insights into malware and phishing attacks. Doing it effectively requires using proper tools like ANY.RUN’s Interactive Sandbox. It simplifies the entire process, letting you investigate threats with ease and speed. Take a look at the key ways you can monitor and analyze network activity with the service. Connections  Examining network […]

The post How to Capture, Decrypt, and Analyze Malicious Network Traffic with ANY.RUN appeared first on ANY.RUN's Cybersecurity Blog.

In this article, we’ll explore the most common types of protectors—packers and crypters—along with simple ways to detect and remove them.   We’ll also introduce some useful tools to simplify the process and improve your malware analysis skills.  What Are Protectors and What Types Are There?  Protectors are tools designed to complicate code analysis, making […]

The post Packers and Crypters in Malware <br>and How to Remove Them appeared first on ANY.RUN's Cybersecurity Blog.

Using Threat Intelligence (TI) feeds in your cybersecurity strategy can significantly impact not only your organization’s security posture but also its business performance. Such an integration brings many benefits that directly and indirectly improve cost-efficiency, operational effectiveness, and strategic decision-making. Let’s explore these improvements in detail. Cost Savings and ROI Investing in TI feeds can […]

The post How TI Feeds Support Organizational Performance appeared first on ANY.RUN's Cybersecurity Blog.