Anyrun

ANY.RUN’s team conducted an extensive malware analysis of CastleLoader, the first link in the chain of attacks impacting various industries, including government agencies and critical infrastructures. It’s a unique walkthrough of its entire execution path, from a packaged installer to C2 server connection, as well as an overview of a parser developed to extract initialized […]

The post CastleLoader Analysis: A Deep Dive into Stealthy Loader Targeting Government Sector appeared first on ANY.RUN's Cybersecurity Blog.

SOAR platforms are excellent at moving work forward. They trigger playbooks, route incidents, and enforce consistent response steps. What they don’t do well on their own is confirm what’s actually SOAR helps teams move faster, but speed isn’t the real problem.  The real issue is figuring out what an alert actually means. A sandbox solves that by safely running the file or link […]

The post Integrating a Malware Sandbox into SOAR Workflows: Steps, Benefits, and Impact  appeared first on ANY.RUN's Cybersecurity Blog.

By 2026, MSSPs will compete less on tooling and more on clarity, speed, and foresight. Security buyers want proof that their provider understands what threats matter now, how fast they can respond, and how security decisions reduce business risk. At the center of this challenge sits threat intelligence. Not as a research output, but as […]

The post 5 Ways MSSPs Can Win Clients in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN is wrapping up 2025 with updates that take pressure off your SOC and help your team work faster. You can now get AI‑generated Sigma rules, track threats by industry and region, and detect new campaigns with better speed and accuracy.   Let’s see what these improvements bring to your security stack.  Product Updates  Industry & Geo Threat Landscape […]

The post Release Notes: AI Sigma Rules, Live Threat Landscape & 1,700+ New Detections appeared first on ANY.RUN's Cybersecurity Blog.

We’re glad to present our regular quarterly report highlighting the most prominent malicious trends of the last three months of 2025, as observed by ANY.RUN’s community. Following the release of our annual report on key threats and milestones, this report offers a closer look at the threat landscape of the final chapter of 2025.  The Malware Trends report Q4 features top malware types, families, phishing kits, TTPs, […]

The post Malware Trends Q4 2025: Inside ANY.RUN’s Latest Threat Landscape Report  appeared first on ANY.RUN's Cybersecurity Blog.

It’s December — that time of year when we take a pause and look back at how much we’ve achieved.  If you’re reading this, chances are you’ve shared these wins with us. Maybe you’ve launched one analysis, maybe thousands. Maybe you’ve browsed our Threat Intelligence Lookup daily or just joined us. Anyhow, thanks for being here!  2025 kept all of us busy for sure. But it also brought a ton of breakthrough studies, insights, and improvements. Let’s glance back […]

The post Year in Review by ANY.RUN: Key Threats, Solutions, and Breakthroughs of 2025  appeared first on ANY.RUN's Cybersecurity Blog.

When CISOs ask for budget, they are rarely competing against “no security.” They are competing against growth initiatives, product launches, and cost optimization.  Technical jargon and security metrics often fall flat here. To win the conversation, threat intelligence cannot be framed as more data for analysts. It must be positioned as a business enabler that reduces […]

The post 5 Ways Threat Intelligence Drives ROI in SOCs: Board-Ready Cases for CISOs  appeared first on ANY.RUN's Cybersecurity Blog.

If you’ve ever looked at a SOC queue and thought, “Where do we even start?” you’re not alone.  Most teams face more alerts than they can realistically investigate, tools that don’t always connect, and investigations that take longer than they should.  In a recent webinar, we shared a simple framework for speeding up detection and response without overloading teams. You can watch the full […]

The post SOC Leader’s Playbook: 3 Practical Steps to Faster MTTR  appeared first on ANY.RUN's Cybersecurity Blog.

Security teams face thousands of alerts every single day. Many of them don’t clearly show whether there’s a true threat behind them. Investigation slows down, analysts lose time on low-value signals, and important findings are often buried in noise.  AI Sigma Rules change this routine. With this new capability in ANY.RUN’s Interactive Sandbox, SOC teams can not only see the source of malicious activity […]

The post AI Sigma Rules: Scale Threat Detection, Drive Down MTTR  appeared first on ANY.RUN's Cybersecurity Blog.

Phishing used to be easy to spot. Now it looks clean, trusted, and almost perfect. Behind it are phishkits; ready-made attack platforms built to steal credentials, bypass MFA, and hijack live sessions in seconds.  For SOC teams, one click starts the countdown. What looks like a routine alert can already be a live account takeover.  Here’s how these attacks actually […]

The post Phishing Kit Attacks 101: Everything SOC Analysts Should Know  appeared first on ANY.RUN's Cybersecurity Blog.

Effective cyber security depends on knowing which risks matter most. ANY.RUN’s Threat Intelligence Lookup provides industry and geographic context, powered by live attack investigations from 15,000+ companies, that SOC teams need to prioritize alerts, IOCs, and threats with confidence and build their defense strategy for maximum ROI.  Here’s how.  Challenge: Context-free TI Wastes SOC Time  Most threat intelligence sources return long lists of IPs, domains, […]

The post Track Evolving Cyber Threat Landscape for Your Industry & Country in Real Time  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: This work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence. The article was written by Mauro and Heiner. In this article, we’ll uncover an entire North Korean infiltration operation aimed […]

The post Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme  appeared first on ANY.RUN's Cybersecurity Blog.

 Phishing kits usually have distinct signatures in their delivery methods, infrastructure, and client-side code, which makes attribution fairly predictable. But recent samples began showing traits from two different kits at once, blurring those distinctions.  That’s exactly what ANY.RUN analysts saw with Salty2FA and Tycoon2FA: a sudden drop in Salty activity, the appearance of Tycoon indicators inside Salty-linked chains, and eventually single […]

The post Salty2FA & Tycoon2FA Hybrid: A New Phishing Threat to Enterprises  appeared first on ANY.RUN's Cybersecurity Blog.

November was a packed month for detection coverage. We rolled out new behavioral insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report.  Let’s walk through […]

The post Threat Coverage Digest: New Malware Reports and 5K+ Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.

Stealers, loaders, and targeted campaigns dominated November’s activity. ANY.RUN analysts examined cases ranging from PNG-based in-memory loading used to deploy XWorm to JSGuLdr, a three-stage JavaScript-to-PowerShell loader pushing PhantomStealer.  Alongside these public cases, three Threat Intelligence Reports detailed new activity across Windows, Linux, and Android, including loader-enabled hijackers, Tor-based cryptotrojan communication, Linux ransomware in Go, MaaS stealers, and a WhatsApp-propagating campaign […]

The post Major Cyber Attacks in November 2025: XWorm, JSGuLdr Loader, Phoenix Backdoor, Mobile Threats, and More  appeared first on ANY.RUN's Cybersecurity Blog.

Alert overload is one of the hardest ongoing challenges for a Tier 1 SOC analyst. Every day brings hundreds, sometimes thousands of alerts waiting to be triaged, categorized, and escalated. Many of them are false positives, duplicates, or low-value notifications that muddy the signal.   When the queue never stops growing, even experienced analysts start losing clarity, missing […]

The post How to See Critical Incidents in Alert Overload: A Guide for SOCs and MSSPs  appeared first on ANY.RUN's Cybersecurity Blog.

In many SOCs, phishing analysis still follows the same old pattern: manually pull apart URLs, inspect attachments by hand, take screenshots, collect indicators one by one… and hope nothing slips through in the process. It’s careful work, but slow.  A sandbox flips that workflow on its head.  Every step analysts normally handle themselves is condensed into […]

The post Detected in 60 Seconds: How to Identify Phishing with a Malware Sandbox  appeared first on ANY.RUN's Cybersecurity Blog.

Some attacks smash the door open. LOLBins just borrow your keys and walk right in.  They’re tricky because tools everyone trusts suddenly start doing things that don’t match their usual job; loading odd-looking modules, decoding files that shouldn’t need decoding, or quietly handing work off to hidden PowerShell scripts. At first glance it all feels […]

The post LOLBin Attacks Explained with Examples: Everything SOC Teams Need to Know  appeared first on ANY.RUN's Cybersecurity Blog.

Scaling as a managed security provider can be a mixed blessing. Growth comes with more revenue, but also with increasingly high demands related to maintaining SLAs, quality, and compliance. For MSSPs in healthcare, this pressure is intensified by regulations like HIPAA and NIS2, along with the striking cost of a single mistake.  This was a […]

The post Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

How many real threats hide behind the noise your SOC faces every day?  When hundreds of alerts demand attention at once, even the best analysts start to lose focus. The nonstop pressure to react to everything drains energy, clouds judgment, and opens the door to real risk.  Teams using ANY.RUN have already flipped that script:  […]

The post Solve Alert Fatigue, Focus on High-Risk Incidents: An Action Plan for CISOs  appeared first on ANY.RUN's Cybersecurity Blog.