{"id":15734,"date":"2025-09-04T09:56:44","date_gmt":"2025-09-04T09:56:44","guid":{"rendered":"\/cybersecurity-blog\/?p=15734"},"modified":"2025-09-08T06:39:09","modified_gmt":"2025-09-08T06:39:09","slug":"release-notes-august-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/","title":{"rendered":"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0"},"content":{"rendered":"\n<p>August was a busy month at ANY.RUN. We expanded our list of connectors with&nbsp;<strong>Microsoft Sentinel<\/strong>&nbsp;and&nbsp;<strong>OpenCTI<\/strong>, added&nbsp;<strong>Linux Debian (ARM) support<\/strong>&nbsp;to the SDK, and strengthened detection across hundreds of new malware families and techniques. With fresh signatures, rules, and product updates, your SOC can now investigate faster, detect more threats in real time, and keep defenses sharp against the latest campaigns.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s dive into the details now.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">New Connectors: Bringing Threat Intelligence into Your Existing Stack&nbsp;<\/h3>\n\n\n\n<p>We continue to expand ANY.RUN connectors so teams can work with familiar tools while boosting threat visibility. Our goal is simple: reduce setup friction and deliver fresh, high-fidelity IOCs directly into your workflows; no extra tools, no complex scripts, no wasted analyst time.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Microsoft Sentinel&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN now delivers&nbsp;<a href=\"https:\/\/intelligence.any.run\/feeds?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktofeeds\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence (TI) Feeds<\/strong><\/a>&nbsp;directly to Microsoft Sentinel via the <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\" target=\"_blank\" rel=\"noreferrer noopener\">built-in STIX\/TAXII connector<\/a>. That means:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Effortless setup:<\/strong>&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/connect-threat-intelligence-taxii\" target=\"_blank\" rel=\"noreferrer noopener\">Connect TI Feeds<\/a> with your custom API key.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced automation:<\/strong>&nbsp;Sentinel\u2019s playbooks automatically correlate IOCs with your logs, trigger alerts, and even block IPs.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost efficiency:<\/strong>&nbsp;Maximize your existing Sentinel setup, cut false positives, and reduce breach risks with high-fidelity indicators.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rich context:<\/strong>&nbsp;Every IOC links back to a sandbox session with full TTPs for faster investigations and informed responses.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster detection:<\/strong>&nbsp;Fresh IOCs stream into Sentinel in real time, accelerating threat identification before impact.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Seamless interoperability:<\/strong>&nbsp;TI Feeds work natively within your Sentinel environment, so no workflows need to change.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"493\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1.png\" alt=\"\" class=\"wp-image-15736\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1.png 936w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1-300x158.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1-768x405.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1-370x195.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image5-1-740x390.png 740w\" sizes=\"(max-width: 936px) 100vw, 936px\" \/><figcaption class=\"wp-element-caption\"><em>Indicators with key parameters accessible for browsing inside MS Sentinel<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Investigations become faster and responses more precise with IOCs enriched by full sandbox context. Unlike static or delayed threat feeds,&nbsp;<strong>ANY.RUN\u2019s TI Feeds are powered by real-time detonations of fresh malware samples<\/strong>&nbsp;observed across attacks on <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000+ organizations<\/a> worldwide. The data is updated continuously and pre-processed by analysts to ensure high fidelity and near-zero false positives, so your SOC can act on threats that truly matter.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nWant to integrate TI Feeds from ANY.RUN? <br>\nReach out to us and we\u2019ll help you set it up  \n\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_august_25&#038;utm_term=040925&#038;utm_content=linktotiplans\" target=\"_blank\" rel=\"noopener\">\nContact us \n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">OpenCTI&nbsp;<\/h3>\n\n\n\n<p>For SOC teams using&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Filigran\u2019s OpenCTI<\/strong><\/a>, ANY.RUN now provides dedicated connectors that bring interactive analysis and fresh threat intelligence directly into your workflows. Instead of juggling multiple tools, analysts can analyze files, enrich observables, and track emerging threats inside the OpenCTI interface they already use.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-1024x531.png\" alt=\"\" class=\"wp-image-15737\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-1024x531.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-768x398.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-1536x797.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1-740x384.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-4-2048x1062-1.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN connectors inside OpenCTI<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>: Automate analysis of suspicious files and URLs to quickly understand their threat level, TTPs, and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">collect IOCs<\/a>.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>: Enrich observables with threat context based on fresh live attack data.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/feeds?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktofeeds\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>: Stay updated on the active threats with filtered, actionable network IOCs from the latest malware samples.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You can connect any combination of these connectors based on their specific needs and licenses.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-opencti\/tree\/main\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>View documentation on GitHub \u2192<\/strong><\/a><strong><\/strong>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"532\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-1024x532.png\" alt=\"\" class=\"wp-image-15738\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-1024x532.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-768x399.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-1536x797.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1-740x384.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1063-1.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Detailed documentation on how to set up the OpenCTI connector<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">SDK Update: Linux Debian (ARM) Support&nbsp;<\/h2>\n\n\n\n<p>We\u2019ve expanded our&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/sdk-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>software development kit (SDK)<\/strong><\/a>&nbsp;to include&nbsp;<strong>Linux Debian 12.2 (ARM, 64-bit)<\/strong>&nbsp;in the Linux connector. This addition ensures that analysts can now automate malware analysis for ARM-based threats alongside Windows, Linux x86, and Android, all from the same SDK.&nbsp;<\/p>\n\n\n\n<p>With this update, your team can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Submit ARM samples for automated analysis and retrieve detailed reports.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Collect IOCs, IOBs, and IOAs from Debian (ARM) environments in real time.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Integrate ARM analysis seamlessly into SIEM, SOAR, or XDR workflows without extra tools.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAdd ANY.RUN\u2019s Interactive Sandbox to your SOC workflow<br>\n <span class=\"highlight\">Automate<\/span> threat analysis, <span class=\"highlight\">speed up<\/span> detection, and <span class=\"highlight\">shorten<\/span> MTTDs\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_august_25&#038;utm_term=040925&#038;utm_content=linktoregistration#register\" target=\"_blank\" rel=\"noopener\">\nGet started now\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>ARM-based malware is rapidly expanding across IoT, embedded systems, and cloud servers. By adding Debian ARM support, the SDK gives SOCs earlier visibility into these threats and helps reduce costs by keeping all environments under one automated process.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-sdk\" target=\"_blank\" rel=\"noreferrer noopener\">Explore ANY.RUN\u2019s SDK on GitHub<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Update&nbsp;<\/h2>\n\n\n\n<p>In August, our team continued to expand detection capabilities to help SOCs stay ahead of evolving threats:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>104 new signatures<\/strong>&nbsp;were added to strengthen detection across malware families and techniques.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>14 new YARA rules<\/strong>&nbsp;went live in production, boosting accuracy and enabling deeper hunting capabilities.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2,124 new Suricata rules<\/strong>&nbsp;were deployed, ensuring better coverage for network-based attacks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These updates mean analysts get faster, more confident verdicts in the sandbox and can enrich SIEM, SOAR, and IDS workflows with fresh, actionable IOCs.&nbsp;<\/p>\n\n\n\n<p><strong>New Behavior Signatures<\/strong>&nbsp;<\/p>\n\n\n\n<p>In August, we introduced a new set of behavior signatures to help SOC teams detect obfuscation, persistence, and stealthy delivery techniques earlier in the attack chain. These detections are triggered by real actions, not static indicators, giving analysts deeper visibility and faster context during investigations.&nbsp;<\/p>\n\n\n\n<p>This month\u2019s coverage includes new families and techniques across stealers, lockers, loaders, RATs, as well as legitimate remote monitoring and management (RMM) tools often abused in attacks:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2ed558dc-5b51-42e9-af5e-5eefbff70a4e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MixShell<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/34dcc9a8-4608-4bb3-8939-2dfe9adf5501?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-8088<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c35f8f5f-4107-4bbf-aa21-ae3c8e959304?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MystroDX<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/04086765-4aca-430f-92d4-34299f4862c9?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">UpCrypter<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/083f3548-17bb-4790-9be1-539a51ec9825?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Noodlophile<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d97ab0fd-14d1-4838-ae5b-0ffa3a3d95d4?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BlueLocker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/bf452462-fca4-4cb5-bdb7-a923edb606e3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CyberStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6a244758-2498-40c5-a019-64efc92a695b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-50154<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f76918e1-c67c-4be6-910b-8175e9da6d1c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raven<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6bd6b0fb-7eea-4470-b857-3c46a24b0b4a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ArcStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2963665c-8b43-49d8-87c4-fbbd16d94760?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Firewood<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4a042c84-baa0-450c-b63b-fe5616fd0772?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DogeStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/01cf7ddc-0dfc-4dce-9424-d7eaf0705e1f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CMIMAI<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7e0cfc36-97a1-4446-8204-c3308f9fb32b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">HoaxCalls<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b4a4badd-21d0-48eb-b474-2109117c3e41?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">RedHook<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/66f39e09-42e7-4c61-b5b7-2e828d06fc9a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ApolloShadow<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2f598739-5946-483a-9242-a2233370d248?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">NovaBlight<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9f688597-3f20-46cc-98ac-496523e5af89?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">FSOCIETY<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4bed01be-a7f6-443a-8a04-865d7f41a00d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SUFUZAN<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/70622247-ca44-484b-b956-0209ec99c806?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BYT3R<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d85bcdd7-0433-414b-8132-2392cde245c0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Cephalus<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1be34925-ac8f-4bd6-9b2d-2c6b36f530cf?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Hoptodesk (registry)<\/a>\u00a0(legitimate RMM tool)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1be34925-ac8f-4bd6-9b2d-2c6b36f530cf?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Hoptodesk (files)<\/a> (legitimate RMM tool)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a2978b40-d66e-4e32-809c-50790b17d2c3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Aspia<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8d6ffc35-8a76-4f6f-ba59-c0e90870c6f4?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CyberVolkV2<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1ff3ab67-beae-481e-a646-60863676c0b1?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Empire<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/74e17379-2aee-4649-936a-1145e2f1c0a7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Asiak<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/400d13fc-994c-449c-b86e-56d31e6da15f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Noct<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6c98449f-eaac-4148-98be-13ab6d805a2f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Cyborg<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/40544fd5-6aac-4184-b35d-2355dab2c5c7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">XtinyLoader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/146b50a1-bc27-4c2c-a464-bf0e0a8e280c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DarkRoad<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/824fbd04-6ff5-4635-bc1c-89df91c01d5f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ROKRAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f3ed57e7-1aaf-4076-9157-afb717998dc0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raspberry Robin<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f417b165-e452-4f7a-b11b-75691f3962a4?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ClickFix<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p><strong>YARA Rule Updates<\/strong>&nbsp;<\/p>\n\n\n\n<p>In August, we released&nbsp;<strong>14 new YARA rules<\/strong>&nbsp;into production to help analysts detect threats faster, improve hunting accuracy, and cover a wider range of malware families and evasion tactics. Key additions include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e5955cab-4d29-467b-ae62-641344a195fb?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">YANO<\/a>&nbsp;\u2013 Stealer detection&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/011a4c0a-8161-4701-bed8-f12578bb2da3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BABEL<\/a>&nbsp;\u2013 Obfuscation coverage&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f12a1d81-dabe-4b49-a48e-1c26a3190e89?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DNGuard<\/a>&nbsp;\u2013 Packer\/obfuscator detection&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>New Suricata Rules<\/strong>&nbsp;<\/p>\n\n\n\n<p>We also added&nbsp;<strong>2,124 targeted Suricata rules<\/strong>&nbsp;to help SOC teams catch data exfiltration and phishing campaigns more reliably. Highlights include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/browses\/711894b5-2df5-4e12-9f1d-dd2f366f703a??utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Salty2FA exfiltration activity<\/strong><\/a>&nbsp;(sid:85002719): Detects emerged phishkit&#8217;s pattern of retrieving stolen credentials&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/50e82015-a2cf-47a5-9714-d99abf24f381??utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Salty2FA TLD domain chain<\/strong><\/a>&nbsp;(sid:85002796): Tracks Salty2FA infrastructure by usage of domain names in&nbsp;.*.com&nbsp;&amp;&nbsp;.ru&nbsp;TLD-zones in specific order&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3b65c369-a8c7-442e-8c30-a7a390708909??utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Rhadamanthys stage-payload HTTP request<\/strong><\/a>&nbsp;(sid:85002618): Identifies stealer activity by specific web request for additional payload&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Other Updates<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Updated extractor<\/strong>&nbsp;\u2013 improved parsing for modern samples&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Updated Lumma rule<\/strong>&nbsp;\u2013 enhanced detection for new campaign variants (<a href=\"https:\/\/app.any.run\/tasks\/1fe20130-efc9-48d8-a601-fe7fe20b6f58??utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">sample<\/a>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_25&amp;utm_term=040925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;supports over&nbsp;15,000 organizations&nbsp;across banking, manufacturing, telecom, healthcare, retail, and tech, helping them build faster, smarter, and more resilient cybersecurity operations.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Our&nbsp;cloud-based Interactive Sandbox&nbsp;enables teams to safely analyze threats targeting Windows, Linux, and Android systems in under 40 seconds; no complex infrastructure required. Paired with&nbsp;TI Lookup,&nbsp;YARA Search, and&nbsp;Threat Feeds, ANY.RUN empowers security teams to accelerate investigations, reduce risk, and boost SOC efficiency.&nbsp;<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>August was a busy month at ANY.RUN. We expanded our list of connectors with&nbsp;Microsoft Sentinel&nbsp;and&nbsp;OpenCTI, added&nbsp;Linux Debian (ARM) support&nbsp;to the SDK, and strengthened detection across hundreds of new malware families and techniques. With fresh signatures, rules, and product updates, your SOC can now investigate faster, detect more threats in real time, and keep defenses sharp [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15741,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34,55,56],"class_list":["post-15734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0<\/title>\n<meta name=\"description\" content=\"Explore ANY.RUN&#039;s new releases: fresh connectors, SDK update, and over 2,200 new detection rules.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0\",\"datePublished\":\"2025-09-04T09:56:44+00:00\",\"dateModified\":\"2025-09-08T06:39:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/\"},\"wordCount\":1196,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/\",\"name\":\"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-09-04T09:56:44+00:00\",\"dateModified\":\"2025-09-08T06:39:09+00:00\",\"description\":\"Explore ANY.RUN's new releases: fresh connectors, SDK update, and over 2,200 new detection rules.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0","description":"Explore ANY.RUN's new releases: fresh connectors, SDK update, and over 2,200 new detection rules.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0","datePublished":"2025-09-04T09:56:44+00:00","dateModified":"2025-09-08T06:39:09+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/"},"wordCount":1196,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/","name":"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-09-04T09:56:44+00:00","dateModified":"2025-09-08T06:39:09+00:00","description":"Explore ANY.RUN's new releases: fresh connectors, SDK update, and over 2,200 new detection rules.\u00a0","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15734"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=15734"}],"version-history":[{"count":20,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15734\/revisions"}],"predecessor-version":[{"id":15769,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15734\/revisions\/15769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/15741"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=15734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=15734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=15734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}