Anyrun

Editor’s note: The current article is authored by Mohamed Talaat, a cybersecurity researcher and malware analyst. You can find Mohamed on X and LinkedIn. In this malware analysis report, we take an in-depth look at how an undocumented loader called PhantomLoader has been used by attackers to distribute a rust-based malware known as SSLoad. Overview The PhantomLoader usually […]

The post New PhantomLoader Malware Distributes SSLoad: Technical Analysis appeared first on ANY.RUN's Cybersecurity Blog.

Welcome to ANY.RUN‘s monthly updates, where we share our team’s achievements over the past month.  September has been a productive month at ANY.RUN, packed with exciting new features and improvements. We’ve launched Safebrowsing, a powerful tool that lets you safely check suspicious URLs in an isolated browser.  In addition to that, we’ve integrated with Splunk, […]

The post Release Notes: Safebrowsing, Private AI Assistant, Splunk Integration, and more appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Anna Pham (also known as RussianPanda), a threat intelligence researcher. You can find her latest research and insights on X, LinkedIn, and her blog. ANY.RUN introduced Threat Intelligence Lookup in February 2024, followed by the YARA Search in April 2024. This article will explore both services and […]

The post TI Lookup: Real-World Use Cases <br>from a Malware Researcher appeared first on ANY.RUN's Cybersecurity Blog.

Gathering Indicators of Compromise (IOCs) is key to identifying and responding to threats. IOCs are pieces of forensic data that point to potential malicious activity, helping you detect, investigate, and prevent cyberattacks. With ANY.RUN, you can collect a wide variety of IOCs, giving you a complete picture of any threat.  Let’s dive into the types […]

The post How to Collect Indicators of Compromise <br>in the ANY.RUN Sandbox appeared first on ANY.RUN's Cybersecurity Blog.

Often, malware uses platforms like — Telegram and Discord for data exfiltration. Due to its simplicity and the lack of need for building a server architecture, this exfiltration method has gained significant popularity. However, this very simplicity is also its weakness.  In this article we’ll show you how to obtain information related to threat actors’ […]

The post How to Intercept Data Exfiltrated by Malware via Telegram and Discord appeared first on ANY.RUN's Cybersecurity Blog.

Current security measures against phishing links focus on automated checks and timely blocking before they reach users. Yet, some links still make it to their targets, leaving them vulnerable as they often have no simple, fast, and reliable tool at hand to check these links at the final stage.  To address this security gap, we […]

The post Introducing Safebrowsing: Explore Suspicious Links in a Safe Virtual Browser appeared first on ANY.RUN's Cybersecurity Blog.

Recently, our team of analysts discovered a sample of a yet-unknown ransomware that they dubbed Kransom. The malware employed the malicious DLL-sideloading technique to hijack the execution flow of an .exe file belonging to the popular game Honkai: Star Rail. Here is everything we have on the threat so far. Initial Infection Vector View the […]

The post Kransom Ransomware: New Threat Using DLL-Sideloading to Hijack Popular RPG appeared first on ANY.RUN's Cybersecurity Blog.

Roughly 70% of malware incidents are a result of social engineering, with spearphishing being a common method. Let’s learn more about this phenomenon and discover: What is spearphishing?  It is a targeted form of phishing attack where the adversary focuses on a specific individual or organization. Unlike generic phishing, spearphishing is often more sophisticated and […]

The post What is Spearphishing: Definition, Techniques, Real-world Example  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN‘s Threat Intelligence Lookup is a valuable resource for security professionals searching for information on the latest cyber threats.  One of the key features of Threat Intelligence Lookup is its extensive search capabilities. The service offers over 40 different search parameters that can be combined to form specific queries. These parameters allow you to filter […]

The post How to Collect Threat Intelligence Using Search Parameters in TI Lookup appeared first on ANY.RUN's Cybersecurity Blog.

We have some thrilling news to share with you today. Our team at ANY.RUN is happy to announce the launch of our new integration with Splunk! How this integration benefits you  If you’re a Splunk user, you can now leverage ANY.RUN’s Interactive Sandbox and Threat Intelligence Lookup directly from your Splunk SOAR environment.   This means […]

The post ANY.RUN Now Integrates with Splunk! appeared first on ANY.RUN's Cybersecurity Blog.

Recently, Eric Parker, a cybersecurity expert and YouTuber, released a new video on ANY.RUN’s interactive sandbox. We recommend you take a look at his tutorial, as it offers a step-by-step guide on how to use the service and save time on reverse engineering. Here’s our overview of the key highlights from the video.  About malware […]

The post How to Analyze Malware in ANY.RUN Sandbox: Eric Parker’s Guide appeared first on ANY.RUN's Cybersecurity Blog.

At ANY.RUN, we’ve spent over 8 years tackling cybersecurity industry challenges. We built an interactive sandbox and Threat Intelligence Lookup to streamline malware analysis and investigations for hundreds of thousands of professionals worldwide. Now, we’re launching Security Training Lab to address another critical need: equipping future cybersecurity professionals with the skills they need to succeed.  […]

The post Security Training Lab: Educational Program <br>for Universities appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s Note: This is an edited version of an article originally posted in October 2023. It has been updated with some new information about ANY.RUN’s threat intelligence products. As a business owner, you’ve likely invested in a range of security tools like SIEMs, antivirus software, and IDS/IPS systems to safeguard your operations.   You might even […]

The post Understanding Threat Intelligence Benefits for a Business appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mostafa ElSheimy, a malware reverse engineer and threat intelligence analyst. You can find Mostafa on X and LinkedIn. In this malware analysis report, we conduct an in-depth examination of AZORult, a sophisticated credential and payment card information stealer. Our walk-through covers the malware’s evolution, including its transition from Delphi to […]

The post AZORult Malware: Technical Analysis appeared first on ANY.RUN's Cybersecurity Blog.

Welcome to ANY.RUN‘s monthly update, where we share what our team has been working on.  In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved network detection rules.   Here’s a closer look at what we’ve done in […]

The post Release Notes: New YARA Rules, Signatures, Config Extractors, and More  appeared first on ANY.RUN's Cybersecurity Blog.

Cyber attacks are becoming more complex and frequent, targeting organizations of all sizes. To counter these threats effectively, organizations need insights into their adversaries’ methods and capabilities.   This is where threat intelligence comes in.  Threat intelligence involves analyzing data about potential or current attacks to understand and defend against adversaries more effectively. It’s not […]

The post Why is Threat Intelligence Important   appeared first on ANY.RUN's Cybersecurity Blog.

Malware is evolving faster than ever. As security measures improve, so do the techniques used to bypass them. This ongoing arms race has led to increasingly sophisticated obfuscation methods that challenge even seasoned analysts.  This blog post will explore some of the cutting-edge obfuscation tactics we’re seeing in the wild. We’ll break down how they […]

The post 6 Common Obfuscation Methods in Malware  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s Note: This is an edited version of an article originally posted in October 2023. It has been updated with some new information about ANY.RUN’s threat intelligence products. Cyber Threat Intelligence (CTI) — often referred to as “Threat Intelligence” or “Threat Intel” — is the practice of gathering and analyzing data to identify, understand, and […]

The post What is Cyber Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

At ANY.RUN, we’re committed to staying at the forefront of cybersecurity threats. Our team continuously monitors and analyzes emerging phishing campaigns to keep our users informed and protected. We regularly share our findings on our X (formerly Twitter) account.    In this article, we’ve compiled a selection of the most notable phishing campaigns we’ve seen […]

The post Recent Phishing Campaigns Discovered by ANY.RUN Researchers appeared first on ANY.RUN's Cybersecurity Blog.

A sophisticated campaign is targeting Chinese-speaking users, distributing a malware known as ValleyRAT.  What’s happening?  There’s a new campaign spreading a multi-stage threat designed to monitor and control infected systems while deploying additional plugins to cause further damage.  Key components of the campaign: ValleyRAT employs a range of techniques to evade detection, including the use […]

The post New ValleyRAT Campaign Spotted with Advanced Techniques  appeared first on ANY.RUN's Cybersecurity Blog.