ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware


ANY.RUN revamped their user interface for a more streamlined workflow, as the sandbox homepage now features shortcut buttons for launching new analysis sessions, eliminating the need to navigate through the outdated map interface. 

A dedicated demo page within the Threat Intelligence section offers users the opportunity to request a demonstration of ANY.RUN’s TI Feeds, further enhancing their threat investigation capabilities, which improve the user experience by providing quicker access to core functionalities. 

The security system received a comprehensive malware detection and configuration extraction upgrade. The new YARA rules target specific malware families, including Sliver, Growtopia, Phobos, and PureHVNC. 

ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware
Get a demo of ANY.RUN’s TI Feeds 

Network rules were implemented to identify BlackMoon, CoinIMP Miner, and phishing attacks. Significantly, configuration extraction capabilities were bolstered, and a dedicated extractor for DarkCrystal RAT, encompassing its plugins, was created. 

Two new extractors were introduced for RisePro, while existing extractors and YARA rules for AsyncRAT, Lumma, Stealc, Vidar, and Formbook were also improved, which significantly strengthen your system’s ability to detect and gather valuable intel from diverse malware threats. 

With ANYRUN Sandbox You can Analyze any URL, Files & Email for Malicious Activity : Start Free Analysis

The threat intelligence team identified 25 new malware signatures in May, which include common names like NewBot, Beast, and RokRat, suggesting potentially new variants of existing malware families. 

They detected signatures for financially motivated malware (Cash.INC) and Remote Access Trojans (RATs) like BlackBasta and Latrodectus. 

ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware
ANY.RUN sandbox has a new home page!

The presence of signatures named after mythological figures (Zeus and Trinity) suggests attackers may be attempting to leverage brand recognition for intimidation purposes, and the ongoing signature collection efforts aim to proactively protect users from these evolving threats. 

Professionals in cybersecurity use ANY.RUN, an interactive sandbox environment, to examine suspicious files that target Windows and Linux systems. 

It simplifies malware analysis by automatically detecting common threats and identifying malware behavior, which allows analysts to quickly understand how malware works and respond to incidents faster. 

It offers features like real-time interaction with samples, collaboration tools, and scalable infrastructure, saving time and resources compared to traditional sandbox setups. 

What is ANY.RUN?

ANY.RUN is a cloud-based malware lab that does most of the work for security teams. 400,000 professionals use ANY.RUN platform every day to look into events and speed up threat research on Linux and Windows cloud VMs.

Advantages of ANY.RUN 

  • Real-time Detection: ANY.RUN can find malware and instantly identify many malware families using YARA and Suricata rules within about 40 seconds of posting a file.
  • Interactive Malware Analysis: ANY.RUN differs from many automated options because it lets you connect with the virtual machine from your browser. This live feature helps stop zero-day vulnerabilities and advanced malware that can get past signature-based protection.
  • Value for money: ANY.RUN’s cloud-based nature makes it a cost-effective option for businesses since your DevOps team doesn’t have to do any setup or support work.
  • Best for onboarding new security team members: ANY. RUN’s easy-to-use interface allows even new SOC researchers to quickly learn to examine malware and identify signs of compromise (IOCs).

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free



Source link