{"id":10122,"date":"2024-12-03T09:59:15","date_gmt":"2024-12-03T09:59:15","guid":{"rendered":"\/cybersecurity-blog\/?p=10122"},"modified":"2024-12-17T13:51:27","modified_gmt":"2024-12-17T13:51:27","slug":"release-notes-november-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/","title":{"rendered":"Release Notes: MITRE ATT&amp;CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More"},"content":{"rendered":"\n<p>Welcome to <a href=\"?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_nov_24&amp;utm_term=031224&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>\u2019s <a href=\"https:\/\/any.run\/cybersecurity-blog\/?s=release+notes\" target=\"_blank\" rel=\"noreferrer noopener\">monthly updates<\/a>, where we give you all the details on our latest features and enhancements.&nbsp;<\/p>\n\n\n\n<p>November has been a month of innovation at ANY.RUN, with major upgrades. We\u2019ve launched <strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" target=\"_blank\" rel=\"noreferrer noopener\">Smart Content Analysis<\/a><\/strong> as part of Automated Interactivity, updated the home screen of <strong>TI Lookup<\/strong> featuring an <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-ttps-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>interactive MITRE ATT&amp;CK matrix<\/strong><\/a> connected with real-world samples, and expanded our detection capabilities with <strong>new YARA rules, signatures, and Suricata rules<\/strong> for even more comprehensive threat coverage.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s everything you need to know about our November updates!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Automated Interactivity: Stage 2&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-1024x576.png\" alt=\"\" class=\"wp-image-10126\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image4.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Enabling Automated Interactivity inside ANY.RUN sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Last year, we introduced <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Automated Interactivity<\/a>, a feature that simulates user behavior inside the ANY.RUN sandbox to automatically trigger cyberattacks. It was a game-changer, helping analysts streamline tasks like clicking buttons or solving CAPTCHA challenges.&nbsp;<\/p>\n\n\n\n<p>Now, we\u2019re thrilled to unveil Stage 2 of this feature: <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" target=\"_blank\" rel=\"noreferrer noopener\">Smart Content Analysis<\/a>, a major upgrade that offers better detection and execution of complex threats.&nbsp;<\/p>\n\n\n\n<p>This update makes your security workflow more efficient by enhancing detection capabilities, automating time-consuming tasks, and simplifying complex analyses. It saves analysts valuable time, provides deeper insights, and helps teams respond to threats faster and more effectively.&nbsp;<\/p>\n\n\n\n<p><strong>What is Smart Content Analysis?&nbsp;<\/strong><\/p>\n\n\n\n<p>Smart Content Analysis enhances Automated Interactivity by analyzing and detonating malware and phishing attacks at every step of the kill chain. Here\u2019s how it works:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Identifying content<\/strong>: It scans for URLs, email attachments, or hidden malicious components.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Extracting key data<\/strong>: This includes extracting URLs from QR codes or bypassing rewritten links from security filters.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Simulating actions<\/strong>: It interacts with extracted content, such as opening links, solving CAPTCHA challenges, or launching payloads.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-1024x576.jpg\" alt=\"\" class=\"wp-image-10127\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-1024x576.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-300x169.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-768x432.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-370x208.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-270x152.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image-740x416.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN sandbox automatically solving CAPTCHA problems<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Automated Interactivity is available to Hunter and Enterprise-plan users and can be manually enabled in any sandbox session. &nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTry Automated Interactivity and other <span class=\"highlight\">pro features for free<\/span>&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_nov_24&#038;utm_term=031224&#038;utm_content=linktodemo\/\" rel=\"noopener\" target=\"_blank\">\nGet 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">MITRE ATT&amp;CK Techniques with Real-World Samples inside TI Lookup&nbsp;<\/h3>\n\n\n\n<p>We\u2019re thrilled to announce a major update to <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, now featuring a redesigned home screen integrated with the <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-ttps-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE ATT&amp;CK matrix<\/a>. This upgrade turns the matrix into an interactive tool, bridging the gap between theoretical frameworks and practical, real-world threat analysis.&nbsp;<\/p>\n\n\n\n<p><strong>What\u2019s new?&nbsp;<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"608\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-1024x608.png\" alt=\"\" class=\"wp-image-10129\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-1024x608.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-300x178.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-768x456.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-1536x911.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-370x220.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-270x160.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2-740x439.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image2.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Updated home screen of TI Lookup featuring MITRE ATT&amp;CK matrix<\/em><\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Interactive MITRE ATT&amp;CK matrix<\/strong>: All techniques and tactics are now neatly organized in a functional, actionable layout.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"249\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-1024x249.png\" alt=\"\" class=\"wp-image-10130\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-1024x249.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-300x73.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-768x187.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-1536x374.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-370x90.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-270x66.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-740x180.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Filtering options for MITRE ATT&amp;CK techniques<\/em><\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Filtering options<\/strong>: Prioritize techniques by risk level\u2014red for high risk, yellow for moderate, and blue for less urgent.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"551\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-1024x551.png\" alt=\"\" class=\"wp-image-10132\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-1024x551.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-300x161.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-768x413.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-1536x826.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2048x1101.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-370x199.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-270x145.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-740x398.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Tactics, techniques and procedures of phishing (T1566)<\/em><\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Real-world sample connections<\/strong>: Click on any technique to see related malware samples and how they behave in real attacks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Best of all, this feature is completely free and available to everyone right now. Dive into the MITRE ATT&amp;CK matrix on TI Lookup and start exploring it today!&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nBlack Friday 2024: <br>Double your search requests in TI Lookup<span class=\"highlight\"> for free<\/span>&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_nov_24&#038;utm_term=031224&#038;utm_content=linktoplans\/\" rel=\"noopener\" target=\"_blank\">\nSee details\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Update&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enhanced Network Threat Detection&nbsp;<\/h3>\n\n\n\n<p>In November, we expanded our <a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata rule<\/a> collection with an additional 7,206 rules, significantly enhancing network threat detection.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The new rules were added using domains derived directly from <em><a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_nov_24&amp;utm_term=031224&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Public submissions<\/a><\/em>, supplemented by data from TI Lookup and advanced processing logic.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Key highlights:&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Focus on threat group activity:<\/strong> We continue to monitor the operations of major threat groups and phishing kits, leveraging this information to enhance detection capabilities.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Community engagement:<\/strong> Regular updates and insights into phishing threats are shared through our dedicated <strong>weekly post<\/strong> on <a href=\"https:\/\/x.com\/anyrun_app\/\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>, helping you stay informed about the latest developments in the phishing and malware attacks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Recent Updates in Suricata Rules&nbsp;<\/h3>\n\n\n\n<p>Our latest Suricata updates have focused on enhancing detection accuracy for phishing campaigns and domain-related threats. Here are some examples of the recent additions:&nbsp;<\/p>\n\n\n\n<p><strong>MassBass phishing campaign detection<\/strong>&#8211; A massive phishing attack that we named MassBass, has been identified and tagged in our Suricata rules:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9f763289-baa1-4bf4-87ed-ce003e3ba201\" target=\"_blank\" rel=\"noreferrer noopener\">MassBass Example 1<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/6535e9c2-82c5-4dae-b53f-e61c36c031ac\" target=\"_blank\" rel=\"noreferrer noopener\">MassBass Example 2<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>TI Lookup: Search MassBass-related rules and insights <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup#{%22query%22:%22suricataMessage:%5C%22massbass%5C%22%20%22,%22dateRange%22:180}\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>&nbsp;<\/p>\n\n\n\n<p><strong>CrossDomain rules detection<\/strong>&#8211; These Suricata rules for domains were created using data from public submissions and include \u201cCrossDomain\u201d in their rule names.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4b804a84-2f62-4a0f-ac78-9cae7c0b4097\/\" target=\"_blank\" rel=\"noreferrer noopener\">CrossDomain Task Example 1<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/6abf1363-6c09-43ef-bd78-2c4aba82da54\" target=\"_blank\" rel=\"noreferrer noopener\">CrossDomain Task Example 2<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>TI Lookup: You can explore CrossDomain-related activity and insights using our TI Lookup tool:&nbsp;<br><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup#%7B%22query%22:%22suricataMessage:%5C%22crossdomain%5C%22%20%22,%22dateRange%22:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">Search CrossDomain<\/a>&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New Signatures&nbsp;<\/h3>\n\n\n\n<p>This month, we\u2019ve added a total of <strong>56 new signatures<\/strong> to enhance our detection capabilities, covering a wide range of malicious behaviors and threats.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Office\/archive exploit:<\/strong> Detection of deliberately damaged files exploiting the self-repair mechanism.&nbsp;<\/li>\n\n\n\n<li><strong>Kms tool:<\/strong> Identification of unauthorized kms activation tools.&nbsp;<\/li>\n\n\n\n<li><strong>Torvil mutex:<\/strong> Discovery of torvil-related mutex activity.&nbsp;<\/li>\n\n\n\n<li><strong>Cve-2024-43451:<\/strong> a critical vulnerability (<a href=\"https:\/\/app.any.run\/tasks\/f9051f34-9934-461a-91cc-fa2afb0181ef\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>).&nbsp;<\/li>\n\n\n\n<li><strong>Untrusted certificate execution:<\/strong> alerting on files executed with untrusted certificates.&nbsp;<\/li>\n\n\n\n<li><strong>Silentkill:<\/strong> a sophisticated malware strain identified.&nbsp;<\/li>\n\n\n\n<li><strong>Rhysida:<\/strong> a ransomware strain (<a href=\"https:\/\/app.any.run\/tasks\/7003152b-771c-4297-bb92-a18e8dd20f6f\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>).&nbsp;<\/li>\n\n\n\n<li><strong>Secretsdump:<\/strong> detection of credential-stealing activity.&nbsp;<\/li>\n\n\n\n<li><strong>Gumen:<\/strong> a unique malware variant (<a href=\"https:\/\/app.any.run\/tasks\/9737162f-8eb3-4711-b05e-a354731359e2\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>).&nbsp;<\/li>\n\n\n\n<li><strong>Badrabbit:<\/strong> identification of the infamous ransomware.&nbsp;<\/li>\n\n\n\n<li><strong>Ateraagent:<\/strong> detection of unauthorized agent installations (<a href=\"https:\/\/app.any.run\/tasks\/e4b4eb3e-259a-4202-9639-c3e856b62f48\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>).&nbsp;<\/li>\n\n\n\n<li><strong>Lunam and Luna:<\/strong> discovery of related malware strains (<a href=\"https:\/\/app.any.run\/tasks\/0bb2ccfa-ff3f-479f-98cb-a6630e78ec0a\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>).&nbsp;<\/li>\n\n\n\n<li>Behavioral detection of attempts to establish <strong>rdp connections<\/strong> using configuration files extracted from outlook emails.&nbsp;<\/li>\n\n\n\n<li>Identification of <strong>conti-based ransomware<\/strong>, <strong>formbook<\/strong>, and <strong>xworm<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Detection of <strong>expresszip<\/strong> malware (<a href=\"https:\/\/app.any.run\/tasks\/904f9a4c-36a6-4a31-9f07-e1120d8cbf9e\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>).&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Browser extension module<\/strong><\/h3>\n\n\n\n<p>A new signature module for browser extensions was introduced, enabling in-depth content analysis of web pages. Besides, the following signatures were added:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Obfuscated JavaScript.&nbsp;<\/li>\n\n\n\n<li>Fake Microsoft authentication pages.&nbsp;<\/li>\n\n\n\n<li>Email addresses embedded in URLs.&nbsp;<\/li>\n\n\n\n<li>Phishing kits such as Ty<strong>coon2fa<\/strong> and M<strong>amba2fa<\/strong>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">New YARA Rules&nbsp;&nbsp;<\/h3>\n\n\n\n<p>This month, 9 new YARA rules were implemented, further enhancing our detection capabilities. Notable additions include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>winPEAS detection (<a href=\"https:\/\/app.any.run\/tasks\/c2a110d6-5ade-442a-8f62-84336074d4d4\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>)&nbsp;<\/li>\n\n\n\n<li>rhysida YARA rule (<a href=\"https:\/\/app.any.run\/tasks\/3bf6d75d-babd-470a-ac3a-2af4a6605d2f\" target=\"_blank\" rel=\"noreferrer noopener\">example session<\/a>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">APT Detection Update&nbsp;<\/h3>\n\n\n\n<p>This month, we\u2019ve enhanced our detection capabilities against APT groups, specifically focusing on Lazarus and Rhysida. To address these threats, we\u2019ve added 2 YARA rules and approximately 20 tailored signatures, ensuring more precise tracking and analysis of their activity.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Get Your Black Friday Deals from ANY.RUN!&nbsp;<\/h2>\n\n\n\n<p>Black Friday 2024 is here, and ANY.RUN has prepared exclusive time-limited offers to help you save big while enhancing your security workflow:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/subscriptions-hunter-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hunter Plan:<\/a><\/strong>&nbsp;Get two annual subscriptions for the price of one\u2014perfect for individual researchers who want to collaborate.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-for-enterprises\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprise Plan<\/a>:<\/strong>&nbsp;Buy 5 licenses and get 2 free, or 10 licenses with 3 free plus a complimentary Threat Intelligence Lookup plan. Special renewal bonuses available!&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>:<\/strong>&nbsp;Double your search requests with every subscription purchase.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Offers will expire on&nbsp;<strong>December 8th, 11:59 PM PST<\/strong>. Don\u2019t miss out: <a href=\"https:\/\/app.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_nov_24&amp;utm_term=031224&amp;utm_content=linktoplans\" target=\"_blank\" rel=\"noreferrer noopener\">secure your deal today<\/a>!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our <a href=\"?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_nov_24&amp;utm_term=031224&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds<\/li>\n\n\n\n<li>Interact with samples in real time<\/li>\n\n\n\n<li>Save time and money on sandbox setup and maintenance<\/li>\n\n\n\n<li>Record and study all aspects of malware behavior<\/li>\n\n\n\n<li>Collaborate with your team&nbsp;<\/li>\n\n\n\n<li>Scale as you need<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_nov_24&amp;utm_term=031224&amp;utm_content=linktodemo\/\" target=\"_blank\" rel=\"noreferrer noopener\">Try all PRO features of the ANY.RUN sandbox for FREE \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN\u2019s monthly updates, where we give you all the details on our latest features and enhancements.&nbsp; November has been a month of innovation at ANY.RUN, with major upgrades. We\u2019ve launched Smart Content Analysis as part of Automated Interactivity, updated the home screen of TI Lookup featuring an interactive MITRE ATT&amp;CK matrix connected with [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34,40,55,56],"class_list":["post-10122","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: MITRE Matrix with samples, YARA rules, and more<\/title>\n<meta name=\"description\" content=\"Discover ANY.RUN&#039;s updates in November 2024: Stage 2 of Automated Interactivity, MITRE ATT&amp;CK matrix with real-world samples, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: MITRE ATT&amp;CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More\",\"datePublished\":\"2024-12-03T09:59:15+00:00\",\"dateModified\":\"2024-12-17T13:51:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/\"},\"wordCount\":1280,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"malware behavior\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/\",\"name\":\"Release Notes: MITRE Matrix with samples, YARA rules, and more\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-12-03T09:59:15+00:00\",\"dateModified\":\"2024-12-17T13:51:27+00:00\",\"description\":\"Discover ANY.RUN's updates in November 2024: Stage 2 of Automated Interactivity, MITRE ATT&CK matrix with real-world samples, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: MITRE ATT&amp;CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: MITRE Matrix with samples, YARA rules, and more","description":"Discover ANY.RUN's updates in November 2024: Stage 2 of Automated Interactivity, MITRE ATT&CK matrix with real-world samples, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: MITRE ATT&amp;CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More","datePublished":"2024-12-03T09:59:15+00:00","dateModified":"2024-12-17T13:51:27+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/"},"wordCount":1280,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","malware behavior","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/","name":"Release Notes: MITRE Matrix with samples, YARA rules, and more","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-12-03T09:59:15+00:00","dateModified":"2024-12-17T13:51:27+00:00","description":"Discover ANY.RUN's updates in November 2024: Stage 2 of Automated Interactivity, MITRE ATT&CK matrix with real-world samples, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: MITRE ATT&amp;CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10122"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=10122"}],"version-history":[{"count":27,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10122\/revisions"}],"predecessor-version":[{"id":10520,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10122\/revisions\/10520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=10122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=10122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=10122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}