Every day researchers upload about 8k submissions to ANY.RUN sandbox. And many of them have a malicious verdict. Cyberthreats are a global danger, and being up-to-date is a must for any specialists. A powerful solution for your threat intelligence can help improve security. Today we will discuss Malware Trends Tracker.
What is Malware Trends Tracker?
ANY.RUN is committed to improving cybersecurity awareness and threat intelligence. That is why we created Malware Trends Tracker (MTT). Here you can find:
- Dynamic tracker of malware activity
- Counter of uploads
- Malware trends that fluctuate in real-time
- Fresh IPs, hashes, domains
- Articles about different malicious programs
MTT’s results are based on data gathered from ANY.RUN’s public submissions with tagged malware. And the database consists of nearly 5 million uploads that are updated in real-time. Malware Trends Tracker provides statistics of the cyberthreat landscape across the world over a certain period.
MTT shows an easy-to-understand score to monitor malware trends and levels of cyberthreats. It helps to provide further analytics and insights.
How to monitor malware trends?
View information about trending malware activities using threat trackers. Widgets of each malware provide the number of tasks overall that users run in the sandbox. The graph on the widget shows the dynamics of a malicious object. Sometimes you can see the pattern of actions, notice what period is the most and least active for campaigns, etc. Malware is changing in real-time, so it doesn’t let you miss a new trend.
For example, here is the infamous Emotet. The number of uploads rocketed and then plummeted just within a year – threat actors were arrested, and all actions stopped. But now there is a tiny change at the end of the graph. As we know maybe, Emotet is coming back. And the dynamics in this widget will give the complete history of this malware.
We like to use this as an identifier for what the hot malware is at the time and what most people are encountering in the field. It can be offset by automation or old samples but in general, most people are not automating or have access to your API so we see it as a good organic measurement. In particular, when Emotet spikes up we see that as a good indicator of infections going up.
@Cryptolaemus1, a team of cybersecurity analysts, learn more on their blog
Each malware name goes with green or red symbols. These are the signs of active and non-active malware that are there in the wild.
If you want to see the number of uploads, you can choose an indication over a specific period: all time, a year, month, two weeks, or a week. The arrow presents the rise or decline of malware within a particular time.
Hashes, IPs, and domains of a particular malware program are at the bottom of the widget, so you can plan how many of them you can investigate.
Top 10 threats
The latest data on malware
When you encounter malware of any type for the first time, you rather know everything about it. And here you are. All detailed information about the object of your analysis is here, in MTT. The articles contain new information that is provided by the latest submissions and reports.
Choose malware and click on its cell. Here you can find the following details:
- malware description
- malware history
- recent samples
- malware distribution method
- malware execution video
- detection process
- global, week, and month ranks
- IOCs – last 20 IP addresses
- hashes
- domain names
For example, you can find the following data on Redline:
| IOCs | Hashes | Domain names |
| 78.198.121.158 193.161.193.99 185.223.92.157 193.56.146.64 107.178.110.44 80.66.87.32 185.215.113.29 | 338567FF62A52033BD4444 2F1213D40121C8376EAFDE41DEF9F04EDBCEF3B4FD 77FC252A6443547090256C E7074876D5DC0C719E830B7DCFB5F2CBF9D50F1A7A 0609F3D5EF79CA0271D079 590F1AD180CAB9CD51453DEF7A4FB198DB30F0D0B2 0EFDE7CE3C9FAA2CD31BB3 053FA0ADB1CAFDF9A42B847D45849C3F5D7270B4F6 60B83B75D646D23576A9E36E3D7E974B76766C13C973B7 | matioll44-44298.portmap.host matioll44-61936.portmap.host mateico88-34597.portmap.host Liwliwa971-46342.portmap.io Robertobrotola23-49845.portmap.host hjeitro049-37590.portmap.host exara32-40892.portmap.io |
Why do you need malware statistics and trends?
Malware statistics and trends are an effective source for security specialists. Recent threat dynamics can help predict predictions of future trends of malware and possible attacks, enhance defense strategy, and understand the behavior of existing malicious objects. Trends tracker gives that visual connection that transforms information into intelligence.
It’s great to see those ever-shifting trends. I use it to help customers to protect themself better by focusing their efforts at the right place. I take the TOP actors and try to understand their TTPs, get those aligned to the MITRE ATT&CK map, and then make a move to protect the customer by working myself from left to right through the kill chain.
@tagnullde, cybersecurity analyst, learn more on their blog
Moreover, junior malware specialists may find MTT helpful, so they widen their knowledge. Owing to the tracker, understanding what malware is active on the net is easy. The tracker is a powerful tool for everyday malware monitoring that any cybersecurity specialist can use. You can also subscribe to our social media, as we post malware statistics every week.
However, it would be best not to rely your whole threat intelligence efforts on the tracker. Instead, use it as an addition to other sources.
0 comments