{"id":16646,"date":"2025-11-01T10:18:34","date_gmt":"2025-11-01T10:18:34","guid":{"rendered":"\/cybersecurity-blog\/?p=16646"},"modified":"2025-11-01T10:18:34","modified_gmt":"2025-11-01T10:18:34","slug":"release-notes-october-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/","title":{"rendered":"Release Notes: ANY.RUN &amp; ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage\u00a0"},"content":{"rendered":"\n<p>October brought another strong round of updates to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoregistration\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, from a new&nbsp;<strong>ThreatQ integration<\/strong>&nbsp;that connects our real-time Threat Intelligence Feeds directly into one of the industry\u2019s leading TIPs, to hundreds of new signatures and rules that sharpen network and behavioral detection.&nbsp;<\/p>\n\n\n\n<p>With&nbsp;<strong>125 new behavior signatures<\/strong>,&nbsp;<strong>17 YARA rules<\/strong>, and&nbsp;<strong>3,264 Suricata rules<\/strong>, analysts can now spot emerging threats faster and with greater precision. Together with the ThreatQ connector, these improvements make it easier for SOCs and MSSPs to enrich alerts, automate response, and gain deeper visibility into live attack activity.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Expanding Threat Intelligence Reach: ANY.RUN &amp; ThreatQ&nbsp;<\/h3>\n\n\n\n<p>October brought another major milestone to ANY.RUN\u2019s growing ecosystem; a new integration that links&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Threat Intelligence Feeds<\/a>&nbsp;directly with&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-threatq-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ThreatQ<\/strong><\/a>, one of the industry\u2019s leading Threat Intelligence Platforms (TIPs).&nbsp;<\/p>\n\n\n\n<p>This integration helps SOC teams and MSSPs gain&nbsp;real-time visibility into active global threats,&nbsp;cut investigation time, and&nbsp;strengthen detection accuracy&nbsp;across phishing, malware, and network attack surfaces.&nbsp;<\/p>\n\n\n\n<p>Now, analysts using ThreatQ can automatically ingest&nbsp;<strong>fresh, high-confidence IOCs<\/strong>&nbsp;gathered from live sandbox investigations of malware samples detonated by&nbsp;<strong>15,000+ organizations and 500,000+ analysts worldwide<\/strong>.&nbsp;<\/p>\n\n\n\n<p>How this update helps security teams:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-1024x576.png\" alt=\"\" class=\"wp-image-16651\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Feeds help SOCs boost key security metrics<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Early detection:<\/strong>\u00a0Indicators are streamed into ThreatQ the moment they appear in <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linksandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN sandbox<\/a> sessions, helping teams spot threats before they hit endpoints or networks.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Expanded coverage:<\/strong>\u00a0Up to\u00a099% <a href=\"https:\/\/any.run\/cybersecurity-blog\/enrich-iocs-with-threat-intelligence\/\" target=\"_blank\" rel=\"noreferrer noopener\">unique IOCs<\/a>\u00a0from recent phishing and malware attacks provide visibility beyond traditional feeds.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster, smarter response:<\/strong>\u00a0Each IOC includes a link to its sandbox analysis, giving full behavioral context for rapid validation and containment.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lower analyst workload:<\/strong>\u00a0Feeds are filtered to include only verified malicious indicators, cutting false positives and Tier-1 triage time.\u00a0<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><em>Simple Setup, Instant Impact<\/em>&nbsp;<\/h4>\n\n\n\n<p>The connector works through the&nbsp;STIX\/TAXII protocol, ensuring full compatibility with existing ThreatQ environments. Security teams can configure feeds to update hourly, daily, or on a custom schedule; no custom development or infrastructure changes required.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"529\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-1024x529.png\" alt=\"\" class=\"wp-image-16653\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-1024x529.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-300x155.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-768x397.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-1536x793.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-370x191.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-270x139.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1-740x382.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/image2-1.png 1619w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Add New TAXII Feed to your integrations<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<p>For detailed information,&nbsp;<a href=\"https:\/\/intelligence.any.run\/ANYRUN_TI_Feeds_TAXII_Documentation_V3.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">see ANY.RUN\u2019s TAXII connection documentation<\/a>.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN\u2019s products\u00a0<span class=\"highlight\">for stronger proactive security<\/span> <\/br> Request a quote or demo for your SOC\u00a0\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_october_2025&#038;utm_term=011125&#038;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Update&nbsp;<\/h2>\n\n\n\n<p>In October, our team continued to strengthen detection capabilities so SOCs can stay ahead of new and evolving threats:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>125 new behavior signatures<\/strong>\u00a0were added to improve coverage across ransomware, loaders, stealers, and RATs, helping analysts detect persistence and payload activity earlier in the attack chain.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>17 new YARA rules<\/strong>\u00a0went live in production, expanding visibility into credential-dumping tools, network scanners, and new loader families.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>3,264 new Suricata rules<\/strong>\u00a0were deployed, enhancing detection for phishing, APT infrastructure, and evasive network behaviors.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>These updates enable analysts to gain faster, more confident verdicts in the sandbox and enrich SIEM, SOAR, and IDS workflows with fresh, actionable IOCs.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New Behavior Signatures&nbsp;<\/h2>\n\n\n\n<p>This month\u2019s updates focus on helping analysts catch stealthy activity earlier in the attack chain. The new behavior signatures detect payload downloads, privilege escalation attempts, and persistence mechanisms used by modern ransomware, stealers, and loaders.&nbsp;<\/p>\n\n\n\n<p>We also expanded coverage of mutex detections and legitimate administrative tools often abused by attackers. Together, these improvements provide clearer visibility into real-world execution flow and strengthen automated classification in the sandbox.&nbsp;<\/p>\n\n\n\n<p><strong>Highlighted families and techniques include:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/460130c2-6a5e-4d61-834c-539c05599583?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Jaff<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5c0aceb4-df72-40e9-aba6-2d4792e697c1?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Crypvault<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d0c4bddc-79d5-45ce-98e3-45f7347300ea?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Aptlock<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c0fe30a4-ac9b-45a7-aadd-13639091878d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">XtBl<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/50bacf2d-8527-4dc7-a870-742f4455b10a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ouroboros<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/57f240cf-096d-4163-b534-5390ea1c3e5e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Nefilim<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/46126eea-3e87-4cd7-8340-7321b56e5c94?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DarkCloud<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d185d3c1-179b-44b4-a596-72735d5391fe?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Xworm<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/54ba3f7e-1c77-4922-8284-215837b8f750?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Snake<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c5cb5f98-e0f7-4ec8-9537-6cb13ee5504e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Cryptowall<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3f18a1a3-cf91-46a5-812c-8587f3e3cdc0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Phoenix<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2b7e0526-3110-4901-8040-52302f1ae862?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Lazarus<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f6294180-f0da-4a38-9826-d68134debb85?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Supershell<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7bf29490-e9fe-4065-bc32-803acce61370?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Starfish<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c3fb6cec-8a2e-4963-af85-5a1a4d8eacd3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Valkyrie<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/45c0e522-0469-4c57-805c-b215cb1e4d92?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Pranova<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c0defc3f-edc1-49f2-a792-8ef4341e2ed0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Spartacus<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/09664518-1f99-4c56-a9cb-5b3cc3a2448e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Velox<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d24d1288-0b58-42d8-a777-094decb543ad?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Lockify<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New YARA Rules&nbsp;<\/h2>\n\n\n\n<p>In October, we added&nbsp;17 new YARA rules&nbsp;focused on detecting emerging malware families, credential-dumping utilities, and reconnaissance tools increasingly used in modern attack chains.&nbsp;<\/p>\n\n\n\n<p>These additions strengthen both automated detection and manual hunting, helping analysts identify threats that blend malicious code with legitimate administrative software.&nbsp;<\/p>\n\n\n\n<p>Several new rules were built directly from live samples analyzed in the sandbox,&nbsp;capturing real payloads, shellcode fragments, and memory artifacts tied to loaders, stealers, and botnets. This ensures faster and more reliable classification when scanning new samples or correlating incidents across environments.&nbsp;<\/p>\n\n\n\n<p><strong>Highlighted YARA rules include:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5af20bea-61d4-40ea-bd96-c3acd3513cdd?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Maverick<\/a>: Detection for a recently active loader family observed in targeted phishing campaigns.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5a657aee-f5a8-4d6e-a1de-93e82149ac48?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ChaosBot<\/a>: Identifies obfuscated botnet samples distributing info-stealers via Discord channels.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1acc0cfc-c3ab-45f0-bb63-b804e84e1f10?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Hexa<\/a>: Flags packed binaries linked to a new modular backdoor variant.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/bc399b73-ac05-49be-b088-882d75a62e77?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Pmdump<\/a>: Detects credential-dumping activity using memory process extraction tools.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/52c90530-ae54-43d3-8073-dac14a134324?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Task Manager DeLuxe<\/a>: Identifies legitimate system tools often repurposed for lateral movement.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/432f4aa2-eefc-4348-a64b-31ee51bc1893?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Network Scanner<\/a>: Flags reconnaissance utilities used to map internal networks.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/427fbb29-7e81-4a47-860c-4bbe407382e5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Yapm<\/a>: Detects process-management tools frequently abused for privilege escalation.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/cbdd981b-1b27-488c-b702-2d24ad61c24c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">TaskExplorer<\/a>: Expands visibility into post-exploitation tool use.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dd3ac695-d10e-4049-b4ab-2dacbff0e33c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ophcrack<\/a>: Detection of password-recovery tools commonly found in attacker toolkits.\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New Suricata Rules&nbsp;<\/h2>\n\n\n\n<p>This month, the detection team delivered&nbsp;<strong>3,264 new Suricata rules<\/strong>&nbsp;to improve coverage of phishing activity, APT operations, and evasive web-based malware behavior.&nbsp;<\/p>\n\n\n\n<p>These updates expand network visibility for SOCs and MSSPs, helping analysts detect malicious traffic even when it hides behind trusted services or multi-stage redirects.&nbsp;<\/p>\n\n\n\n<p><strong>Highlighted additions include:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7dcb4461-10c8-418c-bb80-88e136d4f8e0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Tycoon 2FA Domain Chain<\/strong><\/a> (sid:85004273, 85004828, 85005024): New heuristic rules based on set of web-resources loaded in specific order by Tycoon client-side code\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/80d13feb-fe21-43f8-9ef7-abd222d9878b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Patchwork APT Payload Retrieval via HTTP<\/strong><\/a> (sid:85004317): Detects HTTP requests for payload used by Patchwork APT\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/356310d5-6517-4727-ac07-0a0c33d67025?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft 365 themed Phishing Attempt<\/strong><\/a> (sid:85004831): Identifies mismatch of MS365 authorization URL chain being used on fake websites\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktoregistration\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> supports more than&nbsp;<strong>15,000 organizations<\/strong>&nbsp;worldwide across industries such as banking, manufacturing, telecom, healthcare, and technology, helping them build faster, smarter, and more resilient cybersecurity operations.&nbsp;<\/p>\n\n\n\n<p>Our&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linksandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">cloud-based interactive sandbox<\/a>&nbsp;enables teams to safely analyze threats targeting Windows, Linux, and Android systems in real time. Analysts can observe every system and network action, interact with running samples, and extract IOCs in under 40 seconds; all without complex infrastructure setup.&nbsp;<\/p>\n\n\n\n<p>Combined with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>, ANY.RUN helps SOCs accelerate investigations, reduce noise, and improve detection accuracy. Teams can easily integrate these capabilities into SIEM and SOAR systems to automate enrichment and streamline response.&nbsp;<\/p>\n\n\n\n<p>Ready to see it in action?&nbsp;<br><a href=\"https:\/\/any.run\/demo?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_october_2025&amp;utm_term=011125&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Start your 14-day trial of ANY.RUN<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>October brought another strong round of updates to ANY.RUN, from a new&nbsp;ThreatQ integration&nbsp;that connects our real-time Threat Intelligence Feeds directly into one of the industry\u2019s leading TIPs, to hundreds of new signatures and rules that sharpen network and behavioral detection.&nbsp; With&nbsp;125 new behavior signatures,&nbsp;17 YARA rules, and&nbsp;3,264 Suricata rules, analysts can now spot emerging threats [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34,55],"class_list":["post-16646","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-release"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: ThreatQ Integration, 3K+ New Detection Rules<\/title>\n<meta name=\"description\" content=\"Discover how ANY.RUN\u2019s October 2025 updates, including ThreatQ integration, 3,000+ new rules, and improved sandbox intelligence.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: ANY.RUN &amp; ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage\u00a0\",\"datePublished\":\"2025-11-01T10:18:34+00:00\",\"dateModified\":\"2025-11-01T10:18:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/\"},\"wordCount\":1051,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"release\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/\",\"name\":\"Release Notes: ThreatQ Integration, 3K+ New Detection Rules\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-11-01T10:18:34+00:00\",\"dateModified\":\"2025-11-01T10:18:34+00:00\",\"description\":\"Discover how ANY.RUN\u2019s October 2025 updates, including ThreatQ integration, 3,000+ new rules, and improved sandbox intelligence.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: ANY.RUN &amp; ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: ThreatQ Integration, 3K+ New Detection Rules","description":"Discover how ANY.RUN\u2019s October 2025 updates, including ThreatQ integration, 3,000+ new rules, and improved sandbox intelligence.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: ANY.RUN &amp; ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage\u00a0","datePublished":"2025-11-01T10:18:34+00:00","dateModified":"2025-11-01T10:18:34+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/"},"wordCount":1051,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","release"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/","name":"Release Notes: ThreatQ Integration, 3K+ New Detection Rules","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-11-01T10:18:34+00:00","dateModified":"2025-11-01T10:18:34+00:00","description":"Discover how ANY.RUN\u2019s October 2025 updates, including ThreatQ integration, 3,000+ new rules, and improved sandbox intelligence.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-october-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: ANY.RUN &amp; ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16646"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=16646"}],"version-history":[{"count":6,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16646\/revisions"}],"predecessor-version":[{"id":16657,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16646\/revisions\/16657"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/16650"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=16646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=16646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=16646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}