Annual Report 2020

2020 is finally coming to the end. This year was full of unexpected events and there is no doubt, they have an incredible impact on cybersecurity. Rise of phishing due to the COVID-19 outbreak, large data breaches, ransomware attacks, etc. 

To give you a better view of the year, we’ve collected significant statistics from our service in the ANY.RUN’s annual report for 2020.

Team behind the service 

This year our small team has doubled! And now we have even more people who are encouraged to do their job perfectly. Software engineers, malware analysts, designers, marketers – all of them work hard to create a service for your successful malware hunting. And of course, along with you, we have learned how to work remotely in 2020.  

Interactive analysis is all over the world! 

All 195 official countries have chosen our service. It’s quite overwhelming, that our community is so diverse and huge! Let’s have a look at some notable results: the United States heads the list with 570,165 visits on our service. Next is India with 204,768 visits, followed by the United Kingdom – 126,299 users, 100,892 from Brazil, and 99,693 from Germany. 

Amazing ANY.RUN squad 

The attendance of our service has doubled since last year –  4.6 million users in 2020! 101,057 new members of the ANY.RUN community have discovered the service and its features. Moreover, the number of our clients has tripled. We appreciate your support, and we are excited to see new researchers joining the service.

Can never have too many samples  

This year 1,636,074 tasks have been run. We believe that this is the best indicator among similar services. Every day ANY.RUN processes about 8,000 tasks. Thanks to them, the database has been updated with 244 million IOCs over the year. And a major part of them is available for your investigation in public submissions.

The most active malware in 2020

This year 460,925 malicious samples were detected. In the figure below you can see the statistics of top threats by uploads for 2020: 

1. Emotet – the absolute king in the chart. It has 33,604 uploads in ANY.RUN. This year we have also analyzed 15 Emotet’s updates including its new versions, maldoc templates, and spam campaigns.

2. Agent Tesla – spyware remains in second place with 8,856 samples over the year.  

3. njRAT – it ranks third, 6,064 submissions prove it to be the most accessible RAT in the wild. 

4. Lokibot – 5,108 attempts to install extra malware to the system, good to know that it was just a virtual machine.

5. Nanocore – the RAT wraps up our top 5 with 4,900 results. 

We also have results of the most popular malware types uploaded in ANY.RUN. Have a look at the graph below.

 Service upgrades for productive work   

ANY.RUN has released several major updates on the service. We have increased the system’s stability and the speed of our service. It was achieved by the distribution of requests between database instances. Moreover, we have added bot protection. Our service has become more user-friendly as we have redesigned almost all parts of the service. 90% of bugs has been reduced so you can use our platform to the fullest. 

We hope you can enjoy improvements and a new design, and yes, we have just started! Our team has been working hard to upgrade our platform, and you should get ready for new amazing changes in the upcoming year! 

Partners we are proud of 

ANY.RUN has started the cooperation with the Zero2Automated malware reverse engineering course. It’s a big step for our company to be a part of this high-quality course. Some training practices will be based on ANY.RUN platform. The most rewarding part for us is that students can gain knowledge and perform their analyses effectively with our contribution. That’s why we’ve started the integration in training courses and ANY.RUN is ready for new collaborations. 

Our service has become a partner of the VB2020localhost, the world-renowned Virus Bulletin international conference where you can get the latest and best research on malware, malicious actors, and threat intelligence. The event was an interesting experience for us. 

New integrations

This year we have integrated with such platforms as the Hive Project, an open-source and Security Incident Response Platform, and ThreatConnect, a decision and operational support platform. Now all their users who work via API have an opportunity to work with our service. 

It is possible to open a task on our platform by clicking the link at the bazaar.abuse.ch service. Now you can save your time and investigate the examples in ANY.RUN within 2 clicks.

We want to be closer to you 

ANY.RUN always tries to find ways to get connected with you. This year we have started the blog. There are 27 articles on various topics connected with cybersecurity. ANY.RUN hasn’t forgotten about the Youtube channel: 21 videos with tutorials, detection tips, and service guides. And the audience there keeps building up, that really makes us proud. Malware Trends Tracker has also extended its collection with 10 more malware reviews where you can collect IOCs and fresh samples. Whenever you need extra help or advice – check this content, we are sure it can help you out.

This year was extremely challenging. However, we are happy to see the ANY.RUN community grow and flourish. Cybersecurity specialists from all over the world find our service useful, and we do our best to meet your needs. We believe that the next year our cooperation will be successful, your analysis – easy and fast, our service – better!

Thank you for your support and happy hunting with ANY.RUN!