{"id":18949,"date":"2026-03-05T10:26:41","date_gmt":"2026-03-05T10:26:41","guid":{"rendered":"\/cybersecurity-blog\/?p=18949"},"modified":"2026-03-05T10:33:26","modified_gmt":"2026-03-05T10:33:26","slug":"threat-coverage-digest-february-2026","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/","title":{"rendered":"Threat Coverage Digest:\u00a0New Malware Reports and\u00a02,400+ Detection Rules\u00a0\u00a0"},"content":{"rendered":"\n<p>February brought another round of major detection improvements across\u00a0<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s<\/a>\u00a0threat intelligence and sandbox coverage.\u00a0Alongside new Threat Intelligence reports,\u00a0our analysts expanded\u00a0behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules.\u00a0<\/p>\n\n\n\n<p>Let\u2019s&nbsp;take a closer look at the updates delivered this month.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence Reports&nbsp;<\/h2>\n\n\n\n<p>In February, we published several new&nbsp;<a href=\"https:\/\/intelligence.any.run\/reports\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Reports<\/a>&nbsp;covering malware families and attack techniques currently&nbsp;observed&nbsp;in the wild. All reports are available to&nbsp;<a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup Premium users<\/a>, along with related IOCs, detection guidance, and TI Lookup pivot queries.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"512\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-1024x512.png\" alt=\"\" class=\"wp-image-18956\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-1024x512.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-300x150.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-768x384.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-1536x769.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-2048x1025.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-370x185.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-270x135.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/TI-reports-740x370.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Threat Intelligence Reports&nbsp;on recent malware and phishing attacks&nbsp;written by ANY.RUN experts<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>The reports cover the following threats:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/02-05-threat-brief-anypdf-greenblood-dynowiper\" target=\"_blank\" rel=\"noreferrer noopener\">Anypdf,&nbsp;Greenblood,&nbsp;Dynowiper<\/a>:&nbsp;A credential-stealing trojan disguised as a PDF viewer, a Go-based ransomware with data-theft capabilities, and a destructive wiper designed to overwrite files and make recovery impossible.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/02-12-threat-brief-macro-starstealer-chrysalis-lotuslite\" target=\"_blank\" rel=\"noreferrer noopener\">Macrostealer,&nbsp;Starstealer, Chrysalis,&nbsp;Lutuslite<\/a>:&nbsp;Credential-stealing malware targeting browsers and cloud services, alongside stealthy backdoors used in targeted intrusions and supply-chain attacks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/02-19-threat-brief-modelorat-sirkeira-evelynstealer-symbiote\" target=\"_blank\" rel=\"noreferrer noopener\">Modelorat,&nbsp;Sirkeira, Evelyn Stealer, Symbiote<\/a>:&nbsp;RAT and infostealer activity&nbsp;leveraging&nbsp;browser extensions, developer environments, and system persistence techniques to&nbsp;maintain&nbsp;access and exfiltrate sensitive data.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/02-26-threat-brief-surxrat-simpleloader-phantomproxylite-astarionrat\" target=\"_blank\" rel=\"noreferrer noopener\">Surx Rat, Simple Loader,&nbsp;Phantomproxylite,&nbsp;Astarion&nbsp;Rat<\/a>:&nbsp;Malware used across&nbsp;different stages&nbsp;of attacks, from Android remote access&nbsp;and phishing-delivered loaders to&nbsp;tunneling&nbsp;tools and RAT implants enabling long-term control of compromised systems.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">Improve SOC metrics\n<\/span>and reduce business risk <br>Validate alerts in seconds with <span class=\"highlight\">behavior-based proof\u00a0<\/span>\n&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Threat_Coverage_Digest_February_2026&#038;utm_term=050326&#038;utm_content=linktoenterprise#contact-sales\" rel=\"noopener\" target=\"_blank\">\nIntegrate now \n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Behavior&nbsp;Signatures&nbsp;<\/h2>\n\n\n\n<p>In February, we expanded the malicious\u00a0behavior\u00a0coverage of\u00a0<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>\u00a0with\u00a0<strong>150 new\u00a0behavior\u00a0signatures<\/strong>. These updates help teams surface malicious activity faster during analysis sessions and reduce investigation time by highlighting key indicators automatically.\u00a0<\/p>\n\n\n\n<p>The new signatures cover a wide range of malware families, including loaders, stealers, ransomware strains, and remote access tools commonly used in modern intrusion campaigns.&nbsp;<\/p>\n\n\n\n<p>Among the threats now detected in the sandbox:&nbsp;<\/p>\n\n\n\n<p><strong>Evasion and discovery techniques:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/59288b67-87db-44e7-824d-821b25e2c5ae?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Vm-related process checks<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/59288b67-87db-44e7-824d-821b25e2c5ae?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Vm-related registry checks<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/59288b67-87db-44e7-824d-821b25e2c5ae?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Net.exe host discovery<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/2810a534-54fa-4e00-a6bb-c2c07d1f170b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Deno runtime abuse<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/562ce48f-8dff-46ca-9699-74860579e565\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Delegate execute modification<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"547\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-1024x547.png\" alt=\"ANY.RUN\u2019s Interactive Sandbox exposing\u00a0Rutsstager\u00a0attacks\u00a0\" class=\"wp-image-18959\" style=\"width:584px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-1024x547.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-300x160.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-768x411.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-370x198.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-270x144.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38-740x396.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-05-at-07.46.38.png 1186w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN\u2019s Interactive Sandbox exposing&nbsp;Rutsstager&nbsp;attacks<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Loaders and droppers<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/cc9251d7-e104-4eb5-9eb8-66b33a7e6b7e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Rutsstager<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/366d63d7-6fbe-45d0-99a2-7483945100d6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Iseloader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/70686e1a-e130-46d9-a49b-10d1f318b6b4?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Simpleloader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/70686e1a-e130-46d9-a49b-10d1f318b6b4?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Simpleloader mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4f9b7009-bb5b-4ff0-99d4-0093d2d949ef?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Guloader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7d4fb306-6d02-437d-a22b-66dd3f99bcad?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sugarloader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2fd02736-2d37-4856-9377-1d89f9259d04?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Waveshaper<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b9aa5584-9600-41d9-b49a-43d456caaddb?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Lofty<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">Power your\u00a0SOC\n<\/span>with fresh\u00a0threat\u00a0intel <br>from\u00a0<span class=\"highlight\">15K<\/span> organizations and <span class=\"highlight\">600K<\/span> analysts\n&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Threat_Coverage_Digest_February_2026&#038;utm_term=050326&#038;utm_content=linktoregistration\" rel=\"noopener\" target=\"_blank\">\nSign up now\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p><strong>Remote access and control<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a2c3d6d0-0511-4b7b-a443-5b81ff7a3391?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raton<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a2c3d6d0-0511-4b7b-a443-5b81ff7a3391?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raton mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9b5f0668-38e1-4f69-b792-e377e155b730?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Etherrat<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/320c03ad-afb6-4ab9-8850-583b02727384?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Surxrat<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/05946f91-10ad-493e-8388-9ec5f535d66c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Remotex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/faf60c82-d0ab-4cef-b5f0-390d0f05df48?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Tropium<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9ec6e8d3-3687-4600-9888-10c701cf7f80?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Viking<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"151\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-1024x151.png\" alt=\"\" class=\"wp-image-18961\" style=\"width:644px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-1024x151.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-300x44.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-768x114.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-370x55.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-270x40.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1-740x109.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/EtherRAT-1.png 1346w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>EtherRAT detected by ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Stealers and credential-focused threats:&nbsp;<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-3 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6686679a-2528-4784-b6cf-e02700bd3829?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Bulletstealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5cbcc328-e1b3-415c-b760-e5c97a21ca44?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Matrixstealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f390d649-3fa9-4ea8-8908-b89b47f93f92?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Nyxstealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0065eb4c-6dbb-4466-854c-6fe10dfab90e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Darkstealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6d2c0147-be76-4698-8cee-608af65f03b2?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Stealelite<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p><strong>Malware families and tools&nbsp;<\/strong>observed&nbsp;in sessions: <\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-4 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0c47cb48-df72-4108-8746-45895fb10c24?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Morstar<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dadaf7df-75b3-4698-a615-8b5de1104136?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Pspinjector<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dadaf7df-75b3-4698-a615-8b5de1104136?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Symbiote<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/cf5c7a3a-326c-46ea-a409-6d11014ee64e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Zephyr<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/571b39aa-8621-4145-984a-8d9dbc0729de?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Reynolds<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/99229f9b-55e9-4b63-8fe7-d1821aa81536\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Amadey mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7444bce1-673a-4341-8b2a-c72f12d5a934\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Oggov<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e5f49106-68bc-43cb-ade3-0f0e5f0ae4c8?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Chrysalis<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/818e603c-9412-4c23-9ce8-d6d6116c70de?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Greenblood<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e20596b0-f319-4576-b816-92ec83c1caec?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Pettylaw<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/05298dc1-d225-4568-9a26-2d4432609c8b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ransoom<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e8a24a25-9413-400e-8907-9979de6a04d6?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Promptspy<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3bb05e5f-b1fd-442d-96d3-fde0ff236887?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ven0m<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e17f6cbc-1555-4b55-af8a-597d74d0e184?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Massiv<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/31771f37-e59f-45ca-a65b-108edc82f973?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Arkanix<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/606099fd-1e28-47bb-b8fa-f1afda688c63?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ironchain<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f3a772d8-fcaf-4fd7-a91b-8cded1e1ecdf?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Nopname<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/46341a82-2a40-4845-a8bb-6dd097e4a078?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Conspiration3001<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-1024x567.png\" alt=\"Conspiration3001 attack analyzed inside ANY.RUN sandbox\u00a0\" class=\"wp-image-18963\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-1024x567.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-768x425.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-1536x851.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-2048x1134.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/Conspiration3001-1-740x410.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Conspiration3001 attack analyzed inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-5 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dff337f3-53b8-4ba1-9a61-bd8cc1506304?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Vect<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a2b71cfb-3ce5-43fb-bcb3-39732834104a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Herios<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/47e5a82a-1d67-4a4b-9db2-994cba48aa6e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Woex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/66a074db-0158-42ee-bfac-ccb790742782?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Evelyn<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/150cd96c-b749-4fec-b752-a96d589af86a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sirkeira<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/92bebe8e-352b-438a-8e86-9ac2cde154a2?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Amnesia<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/de5742bd-d3ac-4592-94e9-3310689dd092?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Deskcvb<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/696b75a7-c4fe-4e97-adb8-579ae2a41832?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Nexus<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0015190b-330f-4c54-8fb4-54b53440a3f9?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Hustlera<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b08617e5-fad4-4640-b19c-2d58b61a5047?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Modelo<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/515a308c-4d5f-4f2d-a18a-2dae84c4d498?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Skull<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0c503400-a942-461d-bcd6-a52e03c1c1c8?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Rahid<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b1ca1481-88d2-439b-917d-caa4b9d90ee6?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Chrysalis<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/cb95c7a8-2512-42c7-96e2-809f5d6e4a02?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Greenblood<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/292ad372-dda6-49d1-ab9f-0a3582c71cab?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Vsl<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8c8f2cba-97a3-4c9f-af73-563573389bb0?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Deadlock<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">YARA Rules&nbsp;<\/h2>\n\n\n\n<p>To improve early-stage detection during static inspection, we added&nbsp;<strong>2 new YARA rules<\/strong>&nbsp;targeting destructive malware and RAT activity.&nbsp;<\/p>\n\n\n\n<p>The new rules detect:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2e5028d7-6595-4229-a2d5-dff61d509bb7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DynoWiper<\/a>:&nbsp;A&nbsp;destructive wiper capable of damaging systems and disrupting operations&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2576ba3a-7c87-45fa-a30a-6d5bfeaaca2f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">KarstoRAT<\/a>: A&nbsp;remote access trojan capable of&nbsp;maintaining&nbsp;persistence and executing commands on infected machines&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These rules allow analysts to quickly flag suspicious samples before full execution, accelerating triage and investigation workflows.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nDetect malware &#038; phishing in <span class=\"highlight\">less than 60 seconds<\/span><br><span class=\"highlight\">Reduce investigation time\u00a0<\/span> and unnecessary escalations  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Threat_Coverage_Digest_February_2026&#038;utm_term=050326&#038;utm_content=linktoregistration\" rel=\"noopener\" target=\"_blank\">\nRegister now \n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Suricata Rules&nbsp;<\/h2>\n\n\n\n<p>In February, we significantly expanded network-level detection with&nbsp;<strong>2,314 new Suricata rules<\/strong>.&nbsp;<\/p>\n\n\n\n<p>These additions strengthen monitoring capabilities for stealer activity, phishing infrastructure, and modern command-and-control communication patterns.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"647\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-1024x647.png\" alt=\"\" class=\"wp-image-18965\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-1024x647.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-300x190.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-768x485.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-1536x971.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-370x234.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-270x171.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule-740x468.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/03\/suricata-rule.png 1544w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>A Suricata rule used for detecting a Tycoon URL pattern inside ANY.RUN\u2019s sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Key examples include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0d12fb2d-7345-4971-92ae-ff9745956ed2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Tycoon2FA URL pattern observed<\/a>\u00a0(sid: 85005825): Detects HTTP requests with specific URL patterns associated with Tycoon\u00a0PhaaS\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/91eee1ec-3d97-467a-8522-577322a1e6f6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PureLogs TCP C2 connection<\/a>\u00a0(sid: 85006096):\u00a0Identifies\u00a0PureLogs\u00a0Stealer\u00a0attempts\u00a0to establish connection with its C2 host\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8114761e-ddf4-4eec-a4aa-983aefd9cfe4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Snake Keylogger exfil via Telegram<\/a>\u00a0(sid: 85006206): Tracks malware stolen data exfiltration via Telegram Bot API\u00a0<\/li>\n<\/ul>\n\n\n\n<p>These new rules help SOC teams&nbsp;identify&nbsp;malicious network activity earlier and gain deeper visibility into attacker infrastructure and data exfiltration channels.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, a leading provider of interactive malware analysis and threat intelligence solutions, integrates into modern SOC operations and supports investigations from the first alert through containment and detection improvement.&nbsp;<\/p>\n\n\n\n<p>Security teams use&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>&nbsp;to execute suspicious files and URLs safely,&nbsp;observe&nbsp;real&nbsp;behavior&nbsp;in a controlled environment, extract actionable indicators, and enrich findings instantly with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence&nbsp;Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>. This approach reduces uncertainty, improves validation accuracy, and keeps response consistent across the organization.&nbsp;<\/p>\n\n\n\n<p>Today, more than&nbsp;<strong>600,000 security professionals across 15,000+ organizations<\/strong>&nbsp;rely on ANY.RUN to accelerate investigations, strengthen detection coverage, and stay ahead of evolving phishing and malware campaigns.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_February_2026&amp;utm_term=050326&amp;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Integrate ANY.RUN\u2019s solution for Tier 1\/2\/3 in your organization \u2192<\/strong><\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>February brought another round of major detection improvements across\u00a0ANY.RUN\u2019s\u00a0threat intelligence and sandbox coverage.\u00a0Alongside new Threat Intelligence reports,\u00a0our analysts expanded\u00a0behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules.\u00a0 Let\u2019s&nbsp;take a closer look at the updates delivered this month.&nbsp; Threat Intelligence Reports&nbsp; [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":18976,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,56],"class_list":["post-18949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Threat Coverage Digest: New TI Reports and 2,400+ Detection Rules<\/title>\n<meta name=\"description\" content=\"ANY.RUN expanded February threat coverage with 150 behavior signatures, 2 YARA and 2,314 Suricata rules to strengthen threat detection.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Threat Coverage Digest:\u00a0New Malware Reports and\u00a02,400+ Detection Rules\u00a0\u00a0\",\"datePublished\":\"2026-03-05T10:26:41+00:00\",\"dateModified\":\"2026-03-05T10:33:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/\"},\"wordCount\":929,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/\",\"name\":\"Threat Coverage Digest: New TI Reports and 2,400+ Detection Rules\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2026-03-05T10:26:41+00:00\",\"dateModified\":\"2026-03-05T10:33:26+00:00\",\"description\":\"ANY.RUN expanded February threat coverage with 150 behavior signatures, 2 YARA and 2,314 Suricata rules to strengthen threat detection.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Coverage Digest:\u00a0New Malware Reports and\u00a02,400+ Detection Rules\u00a0\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Coverage Digest: New TI Reports and 2,400+ Detection Rules","description":"ANY.RUN expanded February threat coverage with 150 behavior signatures, 2 YARA and 2,314 Suricata rules to strengthen threat detection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Threat Coverage Digest:\u00a0New Malware Reports and\u00a02,400+ Detection Rules\u00a0\u00a0","datePublished":"2026-03-05T10:26:41+00:00","dateModified":"2026-03-05T10:33:26+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/"},"wordCount":929,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/","url":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/","name":"Threat Coverage Digest: New TI Reports and 2,400+ Detection Rules","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-03-05T10:26:41+00:00","dateModified":"2026-03-05T10:33:26+00:00","description":"ANY.RUN expanded February threat coverage with 150 behavior signatures, 2 YARA and 2,314 Suricata rules to strengthen threat detection.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-february-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Threat Coverage Digest:\u00a0New Malware Reports and\u00a02,400+ Detection Rules\u00a0\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/18949"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=18949"}],"version-history":[{"count":20,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/18949\/revisions"}],"predecessor-version":[{"id":18986,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/18949\/revisions\/18986"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/18976"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=18949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=18949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=18949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}