HomeService Updates
Linux is now Available in ANY.RUN: We’ve Expanded Our Sandbox Capabilities  
HomeService Updates
Linux is now Available in ANY.RUN: We’ve Expanded Our Sandbox Capabilities  

We’re excited to announce that ANY.RUN added Linux support. Now, malware analysts, SOC and DFIR team members can analyze not only Windows malware but also Linux-based samples in a secure, interactive cloud environment — with the advantages of ANY.RUN. 

A Linux task in ANY.RUN
A Linux task in ANY.RUN 

How to launch Linux tasks in ANY.RUN 

When creating a new task, you will now see Linux as an option in the Operating system drop-down. Select it, and your sample will run in Ubuntu. At launch, Ubuntu 22.04.2 is supported. 

Linux is available to all ANY.RUN’s users, including those with the community plan.
Linux is available to all ANY.RUN’s users, including those with the community plan. 

For simple navigation we marked Linux samples with an Ubuntu logo — it will make it easy to determine which tasks are Windows-based and which are Linux-based in the sidebar quick menu and in the team’s homepage menu. 
 

ANY.RUN provides the easiest way to analyze Linux malware 

Get started free

Why Linux malware analysis is important 

Linux malware analysis is important because Linux is an attractive target for hackers, and Linux malware is sophisticated. 

Many organizations use Linux for their IT infrastructure, which means there are a lot of files to analyze on Linux systems. 

IBM researchers note that Linux malware is on the rise. There’s been a 40% increase in Linux-related malware families in 2020. Compromising Linux-based cloud computing platforms could grant attackers access to vast resources, which makes the OS an attractive target. 

Bringing advantages of ANY.RUN to Linux malware analysis 

For the first time, we’re bringing the power of ANY.RUN’s interactive analysis to Linux. ANY.RUN already helps analysts from junior to senior levels accelerate threat analysis with Windows samples, while spending fewer resources and providing faster training for entry-level analysis and reverse engineers. 

ANY.RUN also has easy-to-understand reports like this Process Graph view 
ANY.RUN also has easy-to-understand reports like this Process Graph view 

ANY.RUN’s built around the concept of interactive analysis — it lets an analyst detect hidden threats faster by changing the vector of analysis even when dealing with zero days. For the first time, it is available for Linux. Our service shows suspicious activity to the analyst in real time, making sure no important details go unnoticed. When the task is completed, users get a series of clear reports, making sure that every analyst has all necessary data and IOCs for further research or incident response.  

MITTRE ATT&CK Matrix in ANY.RUN
MITTRE ATT&CK Matrix in ANY.RUN 

For example, ANY.RUN has a MITRE Matrix report which makes it easy to align suspicious behaviors that the sandbox recorded in a Linux task with TTPs — this is a quick way to understand the type of family or threat you are dealing with. 

ANY.RUN advantages for Linux malware analysis 

Linux as an operating system inherently has stronger security than Windows. This means that many malware families capable of exploiting Linux vulnerabilities are sophisticated, which makes them difficult to detect. 

Not all security specialists are reverse engineers capable of quickly identifying functionality and extracting necessary IOCs of sophisticated Linux malware. ANY.RUN addresses this by providing information from the analysis in real-time. Analysts immediately understand the results, allowing them to proceed efficiently without context switching. 

ANY.RUN also reduces company expenses with a cost-effective solution, eliminating the need for custom infrastructure. Our Linux VMs are already set up and configured to collect IOCs, saving our users weeks of DevOps time of set-up infrastructure. 

Try ANY.RUN for Linux with a free account 

Register now

ANY.RUN can be used independently as a self-sufficient research platform, or in combination with SIEM/SOAR. 

About ANY.RUN 

ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis of Windows and Linux tasks.   

Request a demo today and enjoy 14 days of free access to our Enterprise plan.    

Request demo → 

What do you think about this post?

7 answers

  • Awful
  • Average
  • Great

No votes so far! Be the first to rate this post.

0 comments