HomeService Updates
Release Notes: New IOCs in TI Lookup, Network Threats Tab, Free Windows 10 VM, and More
HomeService Updates
Release Notes: New IOCs in TI Lookup, Network Threats Tab, Free Windows 10 VM, and More

Welcome to ANY.RUN‘s monthly updates, where we share our team’s achievements over the past month.  

In July, we introduced new features in Threat Intelligence Lookup, added Windows 10 for free users, reduced task startup time, implemented numerous YARA rules and signatures, and expanded our Suricata ruleset.  

Let’s break down what’s new in ANY.RUN step by step. 

Product Updates 

Search query for finding domains from Remcos’s configs

IOCs from malware configurations in TI Lookup

IOCs extracted directly from malware configurations are the most reliable means to identify attackers’ infrastructure. TI Lookup now gives you access to these IOCs, labeling them with the “malconf” tag.

Learn more

Results for SuricataThreatLevel:”malicious”

Suricata search in TI Lookup

We’ve also added a new Suricata search feature, allowing you to use parameters like SuricataClass, SuricataMessage, SuricataThreatLevel, and SuricataID to find specific network threats.

Plus, the Network Threats tab in TI Lookup includes all the discovered Suricata detections, making it easier to identify potential network-based risks.

Learn more

Select Windows 10 from the list of operating systems

Windows 10 – now free for everyone 

We’ve introduced Windows 10 for free users, expanding testing capabilities for all our users. 

Analysis sessions take just 5 seconds to start

We’ve significantly optimized our analysis session startup process. Sessions now initiate in less than 5 seconds

Integrate ANY.RUN solutions in your organization 

Contact Sales

New Signatures 

Our malware analysts have been hard at work, significantly expanding our detection capabilities. This month, we’ve added a total of 54 new signatures, including: 

  • Medusa ransomware (2 signatures). 

Among them, 35 are new behavioral signatures.

New YARA Rules 

Our YARA rule set has also been expanded and refined. New and updated rules cover a wide range of threats, including: 

  • Luka ransomware. 
  • M0yv (with fixes) 

We’ve also made improvements to existing tools, such as updating the extractor for AsyncRat to now work effectively with BoratRat as well. 

Advanced Detection Techniques 

In our ongoing effort to stay ahead of evolving threats, we’ve implemented new YARA rules for detecting WMI, PowerShell, and certain WinAPI calls, including their base64 encoded variants. 

Expanded Suricata Ruleset 

Our Suricata ruleset saw a substantial expansion in July, with the addition of 248 new rules. These include: 

  • 35 rules for identifying known phishing domains. 
  • 11 rules specifically designed to detect redirect sites leading to phishing pages. 

About ANY.RUN  

ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.  

With ANY.RUN you can: 

  • Detect malware in seconds. 
  • Interact with samples in real time. 
  • Save time and money on sandbox setup and maintenance 
  • Record and study all aspects of malware behavior. 
  • Collaborate with your team 
  • Scale as you need. 

Try the full power of ANY.RUN with a free trial →

What do you think about this post?

2 answers

  • Awful
  • Average
  • Great

No votes so far! Be the first to rate this post.

0 comments