{"id":18285,"date":"2026-02-04T07:34:45","date_gmt":"2026-02-04T07:34:45","guid":{"rendered":"\/cybersecurity-blog\/?p=18285"},"modified":"2026-02-05T12:19:12","modified_gmt":"2026-02-05T12:19:12","slug":"release-notes-january-2026","status":"publish","type":"post","link":"\/cybersecurity-blog\/release-notes-january-2026\/","title":{"rendered":"Release Notes: Workflow Improvements, MISP Integration &amp; 2,000+ New Detections\u00a0"},"content":{"rendered":"\n<p>First month of the year, and&nbsp;we\u2019re&nbsp;starting it off with updates that support faster decisions and more predictable SOC operations.&nbsp;<\/p>\n\n\n\n<p>In January, we introduced a&nbsp;major workflow enhancement with the new&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN Sandbox<\/a>&nbsp;integration with MISP, alongside expanded detection coverage across&nbsp;behavior&nbsp;signatures, YARA rules, and Suricata.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s&nbsp;find&nbsp;out&nbsp;what this means for your&nbsp;team.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<p>January brought another solid round of improvements focused on practical SOC workflows: faster alert validation, less manual back-and-forth, and earlier decisions that help stop incidents from growing into bigger problems.&nbsp;<\/p>\n\n\n\n<p>The main highlight of the month was the release of the ANY.RUN Sandbox&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-sandbox-misp-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">integration with MISP<\/a>;&nbsp;an&nbsp;important step&nbsp;for teams that use MISP daily for threat intelligence and investigations.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ANY.RUN x MISP: Boost Your Triage &amp; Response&nbsp;<\/h3>\n\n\n\n<p>Most SOC teams spend too much time validating alerts, moving samples between tools, and filling in missing context. When execution evidence is separated from threat intelligence platforms, investigations slow down, MTTR increases, and SLAs come under pressure.&nbsp;<\/p>\n\n\n\n<p>With the&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN Sandbox<\/a>&nbsp;integration for MISP, analysts can now&nbsp;<strong>bring real execution&nbsp;behavior&nbsp;directly into MISP<\/strong>, turning it from a passive intelligence repository into an active investigation layer.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-1024x580.png\" alt=\"MISP integration with ANY.RUN Sandbox\" class=\"wp-image-17905\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-1024x580.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-300x170.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-768x435.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-1536x869.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-2048x1159.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-370x209.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-270x153.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MISP-integration-with-ANY.RUN-Sandbox-740x419.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>MISP \u201cPhishing attempt\u201d event enriched with ANY.RUN Sandbox and phishing-related tags<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Using native MISP modules, suspicious files and URLs can be sent straight from MISP into the ANY.RUN Sandbox, without any context switching or manual handoffs.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can easily integrate the modules, using the following links:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/misp.github.io\/misp-modules\/expansion\/#anyrun-sandbox-submit\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Submit files\/URLs for analysis<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/misp.github.io\/misp-modules\/import_mod\/#anyrun-sandbox-import\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Get analysis reports<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Analysis runs automatically using&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" target=\"_blank\" rel=\"noreferrer noopener\">Automated Interactivity<\/a>.<strong>&nbsp;<\/strong>This&nbsp;allows the sandbox to behave like a real user by clicking, opening files, and waiting when needed. This is critical for exposing modern threats that delay execution or hide behind user-driven actions.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-1024x580.png\" alt=\"MITRE ATT&amp;CK technique T1082 expanded inside MISP\" class=\"wp-image-17907\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-1024x580.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-300x170.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-768x435.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-1536x869.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-2048x1159.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-370x209.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-270x153.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/MITRE-ATTCK-technique-inside-MISP-740x419.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>MITRE ATT&amp;CK technique T1082 expanded inside MISP, displaying its description and related metadata<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Once execution completes, results are automatically returned to MISP, including, verdict and risk assessment,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/enrich-iocs-with-threat-intelligence\/\" target=\"_blank\" rel=\"noreferrer noopener\">extracted IOCs<\/a>,&nbsp;adirect&nbsp;link to the interactive sandbox session,&nbsp;HTML analysis report, mapped&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE ATT&amp;CK techniques<\/a>&nbsp;and tactics.&nbsp;<\/p>\n\n\n\n<p>This allows analysts to&nbsp;<strong>validate&nbsp;alerts using real&nbsp;behavior<\/strong>, not assumptions, directly inside their existing workflow.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAdd <span class=\"highlight\">behavior-based evidence<\/span> to your MISP\n<br>Cut triage\u00a0time and reduce noise\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release-notes-january-2026&#038;utm_term=040226&#038;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noopener\">\nReach out for details\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h4 class=\"wp-block-heading\">Benefits for Your SOC and Business&nbsp;<\/h4>\n\n\n\n<p>For organizations using MISP as part of daily operations, this integration delivers clear operational gains:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lower incident costs:<\/strong>&nbsp;Shorter investigations reduce effort per case&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced MTTR:<\/strong>&nbsp;Faster validation and response limit business impact&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stronger SLA performance:<\/strong>&nbsp;Helps MSSPs meet response time and quality commitments&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No extra headcount:<\/strong>&nbsp;Scale investigation capacity without growing the team&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Zero integration overhead:<\/strong>&nbsp;No custom development required when MISP is already in use&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"656\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-1024x656.png\" alt=\"TI Feeds contribute to your company\u2019s proactive defense\" class=\"wp-image-17941\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-1024x656.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-300x192.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-768x492.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-1536x984.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-370x237.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-270x173.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-740x474.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Feeds contribute to your company\u2019s proactive defense and help you catch attacks early<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>To support proactive coverage at scale,&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN Threat Intelligence Feeds<\/a>&nbsp;deliver verified malicious network IOCs from real attacks across&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000+ organizations<\/a>, in&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/taxii-protocol-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">STIX\/TAXII&nbsp;format<\/a>,&nbsp;ready for use in MISP, SIEM, or SOAR platforms.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/misp-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn more about TI Feeds integration with MISP<\/a>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Early detection with continuously updated indicators&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>99% unique indicators<\/strong>&nbsp;for broader coverage&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Verified data to reduce false positives&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improved correlation across campaigns&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Less manual enrichment work for the team&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nImprove early detection <span class=\"highlight\">at scale<\/span>\n<br>Get <span class=\"highlight\">fresh IOCs<\/span> from over 15k+ orgs\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release-notes-january-2026&#038;utm_term=040226&#038;utm_content=linktotifeedslanding#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Update&nbsp;<\/h2>\n\n\n\n<p>In January, our team continued expanding the detection layer across sandbox execution,&nbsp;behavioral&nbsp;analytics, and network visibility, reinforcing&nbsp;<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;as a&nbsp;unified operational solution&nbsp;for detection, validation, and response.&nbsp;<\/p>\n\n\n\n<p>This month\u2019s updates include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>158 new&nbsp;behavior&nbsp;signatures&nbsp;<\/strong>were added to strengthen coverage across ransomware and loader activity, plus common attacker tradecraft, helping security teams spot malicious intent earlier in execution.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>4 new YARA rules<\/strong>&nbsp;went live in production, improving classification and hunting coverage for active malware and tooling seen in recent investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>1,897 new Suricata rules<\/strong>&nbsp;were deployed, expanding network visibility for phishing infrastructure (including&nbsp;PhaaS&nbsp;URL patterns), backdoor C2 attempts, and stealer-related HTTP traffic.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Together, these updates help security teams move faster from alert to decision,&nbsp;without switching tools or waiting for late-stage indicators.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New&nbsp;Behavior&nbsp;Signatures&nbsp;&nbsp;<\/h3>\n\n\n\n<p>January\u2019s behavior signature updates focus on&nbsp;early-stage execution signals and hands-on attacker activity, helping teams identify malicious intent before payloads fully deploy or damage occurs.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-1024x569.png\" alt=\"Petty ransomware analyzed inside ANY.RUN\u2019s Interactive Sandbox\u00a0\" class=\"wp-image-18298\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-1024x569.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-300x167.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-768x427.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-1536x853.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-2048x1138.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-370x206.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-270x150.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Petty-ransomware-740x411.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Petty ransomware detonated inside ANY.RUN\u2019s Interactive Sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The new detections expand coverage across ransomware families, loaders, stealers, and post-exploitation techniques, with particular attention to abuse of native Windows tooling and suspicious command-line&nbsp;behavior&nbsp;often seen in real-world intrusions.&nbsp;<\/p>\n\n\n\n<p>This month, our team added signatures that detect:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c255a0b5-5928-4ab6-9189-41f20c707a78?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/c255a0b5-5928-4ab6-9189-41f20c707a78?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Redboot<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4d1b2806-af79-4986-99ab-3afdcf2251b0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/4d1b2806-af79-4986-99ab-3afdcf2251b0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Fantom<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8adab54f-8397-4487-8ce2-b2c0a791b81f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Petty<\/a><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/72d984c2-20dd-40fe-853b-62eb950377f5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/72d984c2-20dd-40fe-853b-62eb950377f5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Winlocker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a3d768ae-3f80-495e-a3ce-6fcc8b4387e7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/a3d768ae-3f80-495e-a3ce-6fcc8b4387e7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/a3d768ae-3f80-495e-a3ce-6fcc8b4387e7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Mountlocker<\/a><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/55b1841d-2c4a-43e8-a623-0c802423cb9a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/55b1841d-2c4a-43e8-a623-0c802423cb9a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Derialock<\/a> &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/efb609d2-36d0-4026-a42b-5fcb30307c68?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/efb609d2-36d0-4026-a42b-5fcb30307c68?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Spora<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2fe575db-aa6d-4bf7-bd4e-bd865ece5a1b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/2fe575db-aa6d-4bf7-bd4e-bd865ece5a1b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Babuk<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c07f31f2-081d-4ca6-928e-b76fd21867af?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/c07f31f2-081d-4ca6-928e-b76fd21867af?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Bqtlock<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/decf3e96-a32a-4894-9046-9181959a44e7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/app.any.run\/tasks\/decf3e96-a32a-4894-9046-9181959a44e7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Vantom<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a256f1ae-bc0b-4ec8-a467-2fd6e7a48770?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Okiru<\/a><\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p><strong>Malware and loader execution patterns<\/strong>, such as&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fc8127ac-abe3-43c8-a69d-c6cd476e21b5\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Dropper behavior<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/59fbc1c0-dd71-4728-9da5-3de3a1b9992a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Loader pattern detection<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/68e54d46-f33e-487f-8a80-bcc52246ee28?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Possible code assembly via raw command-line parameters<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6eb53fcd-dd9d-4b96-8ee4-58f70e599aad?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">FOR cycle usage in command line<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Suspicious use of built-in Windows tools<\/strong>, including&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c361086a-b099-44da-9243-77353bd518dc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PowerShell used for ZIP file operations<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/14135d01-a218-47c8-b47f-b87ed3c7968c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PowerShell used for GZIP file operations<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/02050dc9-b093-4ece-b904-432ceb59ff8e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CertUtil used for decoding hex-encoded data<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ae7c354d-3941-4398-ba78-4eebdbb7e7af\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Password parameters passed via command line<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nReduce MTTD to <span class=\"highlight\">15 seconds per case<\/span> in your SOC\n<br>Detect malware &#038; phishing threats early\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release-notes-january-2026&#038;utm_term=040226&#038;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noopener\">\nSign up now\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p><strong>Persistence and system modification techniques<\/strong>, such as&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dc11f4fc-7c24-4d0e-a636-04a323dba1fa\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Service autostart disabling<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6707fec2-9181-484d-b040-6a3ef2a2beac\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Browser launch with unusual user-data-dir configuration<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Remote access and administrative tools&nbsp;observed&nbsp;in malicious contexts<\/strong>, including&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f138eb39-8a88-4013-bf9d-4f1503ced3b8?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">RuDesktop<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/881f4019-2e4d-41fe-b740-5422f1299947?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Ripple<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/91cd3ee8-f837-4c06-bf93-2a42a63178a7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Kontur Admin<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f2a1fd43-31a8-43df-ad7a-22670770fe20?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Assistant<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b3df5848-1c73-4ad8-a76d-ef531f554fe1?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">RustDesk<\/a>,&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/730e247a-d67c-4c2b-9019-9ccaa443c6dc?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SharpHound<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Mutex- and pattern-based detections<\/strong>, including&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/16879760-32ff-4b6a-bdc9-c9fa90ae80f1?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Bumerang mutex identified during execution<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">New YARA Rules&nbsp;<\/h3>\n\n\n\n<p>In January,&nbsp;<strong>4 new YARA rules went live in production<\/strong>, expanding detection and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/cyber-threat-hunting-tips\/\" target=\"_blank\" rel=\"noreferrer noopener\">hunting coverage<\/a>&nbsp;inside ANY.RUN, especially useful when teams need quick classification and reliable pivots during triage.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"516\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--1024x516.png\" alt=\"Anubis analyzed inside ANY.RUN sandbox\u00a0\" class=\"wp-image-18299\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--1024x516.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--300x151.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--768x387.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--1536x774.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--2048x1032.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--370x186.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--270x136.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/02\/Anubis-detected-inside-ANY.RUN-sandbox--740x373.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Anubis detected inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Highlighted additions include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1ba7b995-2b8c-4828-9579-c547993a230d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Neverliet<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e66682e8-2940-4d94-ba72-ee8425cd128c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Anubis<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These rules help security teams&nbsp;tag and cluster related samples faster,&nbsp;validate&nbsp;whether a file matches known patterns, and speed up investigation workflows without relying on a single indicator type.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New Suricata Rules&nbsp;&nbsp;<\/h3>\n\n\n\n<p>Our team deployed&nbsp;<strong>1,897 new Suricata rules<\/strong>&nbsp;to expand network-level visibility into phishing infrastructure, backdoor communication, and stealer-related traffic patterns. These detections help teams&nbsp;identify&nbsp;malicious activity even when payloads are fileless, heavily obfuscated, or delivered through multi-stage web flows.&nbsp;<\/p>\n\n\n\n<p>Highlighted additions include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/65320611-93c8-4ff5-b58c-b718d810492a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sneaky2FA-related URL pattern<\/a>&nbsp;<em>(sid:85005763)<\/em>: Tracks HTTP requests to URLs associated with Sneaky2FA&nbsp;PhaaS&nbsp;infrastructure&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f287a5eb-3368-4a9f-bbdb-d73aef006bb1\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">VShell&nbsp;backdoor C2 connection<\/a>&nbsp;<em>(sid:85005789)<\/em>:&nbsp;Identifies&nbsp;attempts by a fileless Go-based backdoor to&nbsp;establish&nbsp;communication with its C2 infrastructure&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a7e7b39f-3e4b-430f-9741-c6e281d97519\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SantaStealer HTTP activity<\/a>&nbsp;<em>(sid:84000895)<\/em>: Detects malware C2 communication based on specific artifacts present in outbound HTTP requests&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;is a&nbsp;<strong>core part of modern security operations<\/strong>, helping organizations make faster, more confident decisions across the full investigation lifecycle, from early alert validation to deep analysis and continuous threat awareness.&nbsp;<\/p>\n\n\n\n<p>By exposing real attacker behavior in real time, ANY.RUN adds the context that alerts often lack and keeps detections aligned with how threats actually operate in the wild. This allows SOC teams to reduce noise, shorten response times, and focus effort where it matters most.&nbsp;<\/p>\n\n\n\n<p>Today, more than&nbsp;<strong>600,000 security specialists<\/strong>&nbsp;and&nbsp;<strong>15,000 organizations worldwide<\/strong>&nbsp;rely on ANY.RUN to accelerate triage, limit unnecessary escalations, and stay ahead of fast-moving phishing and malware campaigns&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-january-2026&amp;utm_term=040226&amp;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate ANY.RUN\u2019s solution for Tier 1\/2\/3 in your organization \u2192<\/a><strong><\/strong>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>First month of the year, and&nbsp;we\u2019re&nbsp;starting it off with updates that support faster decisions and more predictable SOC operations.&nbsp; In January, we introduced a&nbsp;major workflow enhancement with the new&nbsp;ANY.RUN Sandbox&nbsp;integration with MISP, alongside expanded detection coverage across&nbsp;behavior&nbsp;signatures, YARA rules, and Suricata.&nbsp; Let\u2019s&nbsp;find&nbsp;out&nbsp;what this means for your&nbsp;team.&nbsp; Product Updates&nbsp; January brought another solid round of improvements [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,56],"class_list":["post-18285","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>January Release Notes: MISP Integration &amp; 2K+ New Detections<\/title>\n<meta name=\"description\" content=\"Discover how ANY.RUN\u2019s January 2026 updates introduce MISP integration, 2,000+ new detections, and improved investigation workflows.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"ANY.RUN\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"Release Notes: Workflow Improvements, MISP Integration &amp; 2,000+ New Detections\u00a0\",\n\t            \"datePublished\": \"2026-02-04T07:34:45+00:00\",\n\t            \"dateModified\": \"2026-02-05T12:19:12+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/\"\n\t            },\n\t            \"wordCount\": 1365,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"cybersecurity\",\n\t                \"update\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Service Updates\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/\",\n\t            \"name\": \"January Release Notes: MISP Integration & 2K+ New Detections\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2026-02-04T07:34:45+00:00\",\n\t            \"dateModified\": \"2026-02-05T12:19:12+00:00\",\n\t            \"description\": \"Discover how ANY.RUN\u2019s January 2026 updates introduce MISP integration, 2,000+ new detections, and improved investigation workflows.\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Service Updates\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"Release Notes: Workflow Improvements, MISP Integration &amp; 2,000+ New Detections\u00a0\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"January Release Notes: MISP Integration & 2K+ New Detections","description":"Discover how ANY.RUN\u2019s January 2026 updates introduce MISP integration, 2,000+ new detections, and improved investigation workflows.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Workflow Improvements, MISP Integration &amp; 2,000+ New Detections\u00a0","datePublished":"2026-02-04T07:34:45+00:00","dateModified":"2026-02-05T12:19:12+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/"},"wordCount":1365,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/","name":"January Release Notes: MISP Integration & 2K+ New Detections","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-02-04T07:34:45+00:00","dateModified":"2026-02-05T12:19:12+00:00","description":"Discover how ANY.RUN\u2019s January 2026 updates introduce MISP integration, 2,000+ new detections, and improved investigation workflows.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-january-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Workflow Improvements, MISP Integration &amp; 2,000+ New Detections\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/18285"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=18285"}],"version-history":[{"count":30,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/18285\/revisions"}],"predecessor-version":[{"id":18356,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/18285\/revisions\/18356"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/16650"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=18285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=18285"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=18285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}