{"id":14123,"date":"2025-06-04T13:33:30","date_gmt":"2025-06-04T13:33:30","guid":{"rendered":"\/cybersecurity-blog\/?p=14123"},"modified":"2025-06-09T12:58:57","modified_gmt":"2025-06-09T12:58:57","slug":"release-notes-may-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/","title":{"rendered":"Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules\u00a0"},"content":{"rendered":"\n<p>We\u2019ve packed May with updates to make your experience smoother and your threat detection even sharper. Whether you\u2019re just getting started or knee-deep in malware every day, these changes are here to save you time and give you better insights.&nbsp;<\/p>\n\n\n\n<p>In this update:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A brand-new onboarding tutorial in the sandbox to guide you step by step&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TAXII support for TI Feeds, so you can plug threat intel right into your tools&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A big boost in threat coverage, with new signatures, YARA rules, and standout samples&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Take a look below to see how these updates can help you work faster, stay ahead of threats, and get more out of <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">New Sandbox Onboarding Tutorial&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"557\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-1024x557.png\" alt=\"\" class=\"wp-image-14133\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-1024x557.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-300x163.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-768x418.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-1536x835.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-2048x1114.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-370x201.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-270x147.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image-740x402.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>New sandbox tutorial for quick and effortless onboarding<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Whether you&#8217;re brand new to ANY.RUN or just want a quick refresher, the new onboarding tutorial in the sandbox has you covered. It walks you through each step of the analysis process, from uploading a sample to making sense of the process tree, network activity, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/iocs-iobs-ioas-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>.&nbsp;<\/p>\n\n\n\n<p>It\u2019s a great starting point for new analysts or anyone looking to get more comfortable with the platform.&nbsp;<\/p>\n\n\n\n<p>You can find it in the <strong>FAQ<\/strong> section <a href=\"https:\/\/app.any.run\/docs\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">under the <strong>Tutorials<\/strong> tab<\/a>; just click on <strong>Quick Sandbox Tutorial<\/strong> and you\u2019re good to go.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTest <span class=\"highlight\">ANY.RUN&#8217;s services<\/span> with 14-day trial<br>to see how they can strengthen your company&#8217;s security&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_apr_25&#038;utm_term=300425&#038;utm_content=linktodemo\" rel=\"noopener\" target=\"_blank\">\nGet 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">TAXII Protocol Now Supported for TI Feeds&nbsp;<\/h3>\n\n\n\n<p>TAXII (Trusted Automated eXchange of Indicator Information) is a widely used protocol for sharing threat intelligence in a fast, secure, and standardized way. It\u2019s designed to make integrating threat data with your existing tools, like SIEMs, EDRs, or TIPs, smooth and efficient.&nbsp;<\/p>\n\n\n\n<p>Now, ANY.RUN\u2019s <strong>Threat Intelligence Feeds<\/strong> fully support TAXII, making it even easier to bring high-quality threat data directly into your security stack.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s what you get with ANY.RUN\u2019s TI Feeds + TAXII integration:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Actionable, real-world threat indicators: <\/strong>The feeds pull data from threats seen across 15,000+ companies worldwide. You\u2019ll get fresh, high-confidence IOCs sourced from dynamic malware analysis and enriched with context from ANY.RUN\u2019s sandbox.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Minimal false positives: <\/strong>Every indicator is pre-processed and vetted before it reaches your system, so you get clean, reliable data that won\u2019t overload your analysts or flood your alerts.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Boosted detection and response automation: <\/strong>Use TI Feeds to automatically block malicious IPs, flag risky logs, enrich alerts, or trigger playbooks, saving your team time and cutting response delays.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How It Works&nbsp;<\/h3>\n\n\n\n<p>If you&#8217;re on a paid plan, you can now set up ANY.RUN\u2019s TI Feeds as a TAXII endpoint in your existing system, whether it&#8217;s a SIEM, EDR\/XDR, NGFW, or TIP platform.&nbsp;<\/p>\n\n\n\n<p>Once connected to our TAXII server, your tools will start receiving fresh threat intel automatically. Want to see what the feeds look like? You can <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktofeeds\" target=\"_blank\" rel=\"noreferrer noopener\">preview a sample<\/a> in <strong>STIX<\/strong> or <strong>MISP<\/strong> format.&nbsp;<\/p>\n\n\n\n<p>For full access to the latest indicators, reach out to us for <a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">14-day trial<\/a> of TI Feeds.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Updates&nbsp;<\/h2>\n\n\n\n<p>In May, we expanded our detection coverage across Windows, <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Android<\/a> environments with 900+ new behavior signatures, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-rules-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA rules<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata<\/a> rules, and attribution-based detections. These updates help defenders spot emerging malware families and reduce analysis time with better context and accuracy.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New Behavior Signatures&nbsp;<\/h3>\n\n\n\n<p>162 new behavior-based signatures were added to improve detection across commodity malware, ransomware, loaders, and remote tools.&nbsp;<\/p>\n\n\n\n<p>Highlighted additions include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1e8e7dbd-4a7a-4d3b-8701-9a85e84e9d1e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>BPFDoor<\/strong><\/a> \u2013 A stealthy Linux backdoor that receives TCP\/UDP\/ICMP packets directly via BPF filters. Linked to the Red Menshen group, this malware hides without opening network ports and persists on servers for months.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/ee3a7074-5ee2-4de1-9a72-65ce4fe2b681\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Sakura RAT<\/strong><\/a> \u2013 A rare APT-26 (Deep Panda) tool used in major data breaches. It hides C2 traffic in normal HTTP requests and uses stolen certificates to avoid detection.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/7493290a-f90e-42f4-9b69-3424e036f5ba\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>RoamingMOUSE<\/strong><\/a> \u2013 An Excel dropper used by MirrorFace (APT10) to side-load the Anel backdoor. Targets Japanese and Taiwanese government entities.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/d1f94333-0ad7-4299-ae8a-407c8bbaeeb6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>FinalDraft<\/strong><\/a> \u2013 A cross-platform backdoor that uses Microsoft Graph API and Outlook drafts as C2 channels. It can proxy traffic and inject malicious code.\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/b77f67be-0dba-4cda-ac01-9a5afee2ddef\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TerraLogger<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<p>Other behavior-based detections added for the following threats:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/44b21285-ddcb-4b79-9751-068dea28202e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SectopRat<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/30524c32-fa1c-4e1d-b51b-4431a6fdbc2d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PandaStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d4186bf9-99f6-4264-999a-609d138cfd25\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Aegis<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0cd8afb8-13b7-47e5-be90-9e8ca37ea396\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Packit<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/711706bc-b599-4854-ab50-715e0cd1e865\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MoreEggs<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6329f21c-e3a0-4a80-9424-f1c11d4b1fd2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MaksRAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/db506593-96d0-43e9-8a61-6c229a60fc8e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Zergeca<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/27d6dead-f551-4cbf-9d88-ee01a168984b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">AvosLocker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/61b3e0e8-be41-4794-8199-8afc2ec233b2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Arcus<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3d48bca1-eb0f-4dc9-96eb-410fb19e1061\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BlackHunt<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/46d28c1a-c658-4fbc-acb1-9e5b2a7bab1b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ZeroTrace<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4716cecb-f70a-4e36-a873-9982ca4d420e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Teapot<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/07bb27f8-9e5e-4428-8021-7fcb75c3f9ae\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">RaWorld<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8a434f98-deb6-4ffb-9c6f-39d39738884d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Canbis<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dece57a6-c847-49dc-ad82-4915cbb3c0a6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Diamotrix<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d26d2852-d0a9-4eea-92c4-230b0e0bf46b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Prysmax<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c85da889-a87c-48ec-9889-7842f1fdad8b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ralord<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2953b818-e91c-4e57-824f-40d21b679f53\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ratty RAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a1daee17-8c98-4d2c-8b7c-a965a6954fad\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Apex Ransomware<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d475c34f-4c89-425c-8b45-48b7839e7505\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Zapya Greyware<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e6471bf6-67cb-481b-a999-e608fd4b06cc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BoxedApp Packer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d94bfaf5-346c-4c8a-9f8c-63870b604b8e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Badjoke<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d694d1bc-41c8-4f8e-bc4a-e4bcdfb2fde2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Emotet<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fd3f64b3-7f3c-4c42-88b0-6d03ae92fa83\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BlackBit Ransomware<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b87b5c24-dfea-4638-8000-d8b1dc4473fa\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Psychosomatic Locker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b87b5c24-dfea-4638-8000-d8b1dc4473fa\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">LogonUI Locker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c39cce7c-6a08-4d16-b38e-26d41987acf9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Shinra Ransomware<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ee1fb2d6-d7cd-45c4-974c-eacc12064f84\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sarcoma Ransomware<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>New Tool and Utility Detections<\/strong>&nbsp;<\/h3>\n\n\n\n<p>We also added detections for commonly abused remote access tools and packers:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7dbd0730-05aa-4745-a289-047d667b8870\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ResourceHacker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9bc2e45c-5852-41d7-bf7e-8bfc3d6796c4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CPU-Z<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2971414f-d281-439b-adcd-d5c6990629fb\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">EMCO<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/faec0982-c5a3-4e3e-873a-f984b1884747\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DWAgent<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e40418b3-5a29-467b-9c52-254f165952af\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Duplicati<\/a>\u00a0<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">YARA Rule Updates&nbsp;<\/h3>\n\n\n\n<p>In May, we released 19 new and updated YARA rules to strengthen static detection and improve malware classification during analysis. These rules help identify emerging threats, improve attribution, and support faster triage, especially when working with evasive samples or reviewing files pre-execution.&nbsp;<\/p>\n\n\n\n<p>Here are the latest additions:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0cd8afb8-13b7-47e5-be90-9e8ca37ea396\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Packit Stealer<\/strong><\/a> \u2013 Rule added to detect this custom packer-based stealer known for targeting credentials and crypto assets.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c75ce416-89db-45a8-98d7-631a3f704eee\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Lobshot<\/strong><\/a> \u2013 Detection rule to catch a Windows-based stealer that uses legitimate processes for stealth.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fef2ae0a-aa0b-4f1f-8b51-079231135353\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>GoFing<\/strong><\/a> \u2013 Rule added for this lesser-known info-stealer that focuses on browser and session data.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/234b57f7-af59-4980-9da0-1b49a6a0d100\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Anel Backdoor<\/strong><\/a> \u2013 Part of the RoamingMOUSE dropper chain; used in targeted attacks.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4716cecb-f70a-4e36-a873-9982ca4d420e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Teapot Stealer<\/strong><\/a> \u2013 New rule to detect this Python-based stealer active in commodity malware campaigns.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1becd69f-16db-4c8c-8cad-fb79d6b090e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Ralord Ransomware<\/strong><\/a> \u2013 Detection rule for this rapidly spreading ransomware targeting personal files and enterprise systems.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>We also added YARA rules tied to the following threats:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-3 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5b3755ec-e988-49fc-89e2-7f29cc7fac73\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Maze<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5eeb32b8-ea4d-491a-ad04-c8274aebb555\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Mamona<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/bfe8522f-f5dc-493e-a39c-b1171e3fde13\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Gunra<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/58138c0d-3768-4739-ae9a-37793b3f5557\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Spark<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ee1fb2d6-d7cd-45c4-974c-eacc12064f84\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sarcoma<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e6471bf6-67cb-481b-a999-e608fd4b06cc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BoxedApp<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2953b818-e91c-4e57-824f-40d21b679f53\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ratty<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Suricata Rule Updates&nbsp;<\/h3>\n\n\n\n<p>To improve detection of network-based threats, we added&nbsp;<strong>756 new Suricata rules<\/strong> in May. These updates expand visibility into malicious domains, phishing infrastructure, and command-and-control traffic seen across live malware samples.&nbsp;<\/p>\n\n\n\n<p>Some highlights include new detections for infrastructure observed in:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktolookup#%7B%2522query%2522:%2522suricataID:%255C%252285000014%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>WikiKit Campaign<\/strong><\/a> \u2013 Detects domain chains used in phishing and payload delivery.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktolookup#%7B%2522query%2522:%2522suricataID:%255C%252285000015%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EvilProxy Campaign<\/strong><\/a> \u2013 Tracks malicious proxies abusing login flows and multi-factor authentication bypasses.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These rules are automatically applied during analysis and contribute to network-layer IOCs in your reports, making it easier to detect lateral movement, data exfiltration, and malware beaconing early in the infection chain.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> supports over <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000 organizations<\/a> across industries such as banking, manufacturing, telecommunications, healthcare, retail, and technology, helping them build stronger and more resilient cybersecurity operations.&nbsp;&nbsp;<\/p>\n\n\n\n<p>With our cloud-based Interactive Sandbox, security teams can safely analyze and understand threats targeting Windows, Linux, and Android environments in less than 40 seconds and without the need for complex on-premise systems. Combined with <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, we equip businesses to speed up investigations, reduce security risks, and improve team\u2019s efficiency.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_may_25&amp;utm_term=050625&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate ANY.RUN\u2019s Threat Intelligence suite in your organization \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve packed May with updates to make your experience smoother and your threat detection even sharper. Whether you\u2019re just getting started or knee-deep in malware every day, these changes are here to save you time and give you better insights.&nbsp; In this update:&nbsp; Take a look below to see how these updates can help you [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,55,56],"class_list":["post-14123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: TAXII Support, New Onboarding, and More<\/title>\n<meta name=\"description\" content=\"Discover ANY.RUN&#039;s releases in May 2025, including TAXII support for TI Feeds, refreshed Sandbox Onboarding, and 900+ threat detection rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules\u00a0\",\"datePublished\":\"2025-06-04T13:33:30+00:00\",\"dateModified\":\"2025-06-09T12:58:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/\"},\"wordCount\":1188,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/\",\"name\":\"Release Notes: TAXII Support, New Onboarding, and More\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-06-04T13:33:30+00:00\",\"dateModified\":\"2025-06-09T12:58:57+00:00\",\"description\":\"Discover ANY.RUN's releases in May 2025, including TAXII support for TI Feeds, refreshed Sandbox Onboarding, and 900+ threat detection rules.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: TAXII Support, New Onboarding, and More","description":"Discover ANY.RUN's releases in May 2025, including TAXII support for TI Feeds, refreshed Sandbox Onboarding, and 900+ threat detection rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules\u00a0","datePublished":"2025-06-04T13:33:30+00:00","dateModified":"2025-06-09T12:58:57+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/"},"wordCount":1188,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/","name":"Release Notes: TAXII Support, New Onboarding, and More","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-06-04T13:33:30+00:00","dateModified":"2025-06-09T12:58:57+00:00","description":"Discover ANY.RUN's releases in May 2025, including TAXII support for TI Feeds, refreshed Sandbox Onboarding, and 900+ threat detection rules.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14123"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=14123"}],"version-history":[{"count":23,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14123\/revisions"}],"predecessor-version":[{"id":14165,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14123\/revisions\/14165"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=14123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=14123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=14123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}