{"id":4083,"date":"2022-12-06T01:47:00","date_gmt":"2022-12-06T01:47:00","guid":{"rendered":"\/cybersecurity-blog\/?p=3263"},"modified":"2022-12-21T06:41:13","modified_gmt":"2022-12-21T06:41:13","slug":"release-notes-december-6-2022","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/","title":{"rendered":"Release notes  December 6, 2022"},"content":{"rendered":"\n<p>Hello,<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release612&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"> ANY.RUN<\/a> users! Today we announce a new update on the service. This time, we present more than 100 signatures for TTPs analysis and detection and also fast and flawless virtual machine video&nbsp;streaming.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Update overview:<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Detect more successfully<\/strong><\/li><\/ul>\n\n\n\n<p>&nbsp;+100 new signatures and fewer false positives.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Enjoy fast and smooth interaction with VM&nbsp;<\/strong><\/li><\/ul>\n\n\n\n<p>A new beta functionality for virtual machine video streaming.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New signatures for improved detection<\/h2>\n\n\n\n<p>We&#8217;ve added more than<strong> 100 new signatures <\/strong>both for malware detection and analysis of different TTPs used by threat actors so that your analysis is complete and better. And we&#8217;ve reduced the number of false positives.<br><\/p>\n\n\n\n<p>Our usual signatures provide a detailed report on what is going on while the program is running. And the data is demonstrated in plain language, so anyone can get the whole picture of malware&nbsp;behavior.&nbsp;<br><\/p>\n\n\n\n<p>Check out examples of fresh ANY.RUN signatures for new malware versions and, of course, we\u2019ll continue to work on it.<\/p>\n\n\n\n<figure class=\"wp-block-table alignleft\"><table class=\"\"><tbody><tr><td><strong>Fresh ANY.RUN signatures<\/strong><\/td><td><strong>The detection usage<\/strong><\/td><\/tr><tr><td><strong>Emotet<\/strong><\/td><td>Now it&#8217;s spreading over the network again and continues<br> to infect computers on a large scale. We have updated <br>the signatures for this malware.<\/td><\/tr><tr><td><strong>WMIC<br><\/strong>all requests and what<br> they are responsible for<\/td><td>WMIC are used by many malware because its responses<br> contain data about the computer and connections. <br>Now you can find out what information the malware has asked for.<\/td><\/tr><tr><td><strong>Mitre 1012 &#8211; Query Registry<\/strong><br><\/td><td>A common technique used by malicious objects<br><\/td><\/tr><tr><td><strong>Detected use of alternative<\/strong><br><strong> data streams (AltDS)<\/strong><\/td><td>NFTS threads are often used for covert running.<br><\/td><\/tr><tr><td><strong>The DLL Hijacking<\/strong><\/td><td>DLL spoofing is an attack based on replacing a legitimate<br> DLL file with a malicious library.<\/td><\/tr><tr><td><strong>Starts NET.EXE to manage<\/strong><br><strong> network resources<\/strong><\/td><td>The process starts NET.EXE to manage network settings<\/td><\/tr><tr><td><strong>Connection from MS Office application<\/strong><\/td><td>Microsoft Office applications, such as Word, Excel, PowerPoint,<br> or another, made a network connection<\/td><\/tr><tr><td><strong>Loading modules from<\/strong><br><strong> mounted disk drive<\/strong><\/td><td>The process loaded its module from the mounted disk drive<\/td><\/tr><tr><td><strong>Process downloads<\/strong><br><strong> binary or script<\/strong><\/td><td>The process downloads the executable file or script from the Internet<\/td><\/tr><tr><td><strong>Check the default browser<\/strong><\/td><td>The process checks which Internet browser set as default in the OS<\/td><\/tr><tr><td><strong>The process checks<\/strong><br><strong> if it is being run<\/strong><br><strong> in the virtual environment<\/strong><\/td><td>The process checks if it is being run in a different <br>virtual environment to avoid detonation<\/td><\/tr><tr><td><strong>Process checks computer<\/strong><br><strong> location settings<\/strong><\/td><td>The process checks computer location settings in the registry, <br>which may lead to geofencing<\/td><\/tr><tr><td><strong>Unusual connections from<\/strong><br><strong> system programs and MOs<\/strong><\/td><td>Malware often connects to servers via these programs<br><\/td><\/tr><tr><td><strong>Stealerium<\/strong><\/td><td>A popular data theft malware<br><\/td><\/tr><tr><td><strong>LimeRAT<\/strong><\/td><td>Malicious software written in VB.NET<\/td><\/tr><tr><td><strong>StRRAT<\/strong><\/td><td>A trojan-RAT written in Java<\/td><\/tr><tr><td><strong>Ransomware koxoc note<\/strong><\/td><td>The signature helps to detect ransomware&nbsp;<\/td><\/tr><tr><td><strong>ISO mounted<\/strong><\/td><td>Many malware types use disk-mounting<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h1 class=\"wp-block-heading\"><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Next level of virtual machine video streaming<\/h2>\n\n\n\n<p>VM video streaming area is where you work with the virtual machine. We used to cut pieces and put them over the initial shot. It was a very complex algorithm to show numerous small changes during the analysis. But it isn\u2019t suitable for all types of data.&nbsp;<br><\/p>\n\n\n\n<p>The virtual machine in our understanding of a useful sandbox must flawlessly allow examining files of any kind. During the analysis of suspicious files, you may face documents with numerous lines, videos with repetitive elements, and other objects with repetitive small changes. So, we just raised to the challenge, and here are our results.<\/p>\n\n\n\n<p>Let\u2019s take a sneak peek at what we have done behind the scenes.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/Screen-task-1-1024x617.png\" alt=\"Choose VNC for better VM streaming\" class=\"wp-image-3311\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release612&amp;utm_content=landing\" target=\"_blank\">ANY.RUN<\/a>\u2019s team decided to alter the approach to this issue. Now, we are streaming anything you need on your virtual machine with HTML5 video and moreover, managing the stable bit rate at&nbsp;the&nbsp;same&nbsp;time.&nbsp;<br><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Owing to this approach, you can notice the following improvements:&nbsp;<\/h3>\n\n\n\n<ol class=\"wp-block-list\"><li>VM video streaming is now faster than it ever has been before. Smooth, fast performance just as it is on your own computer. The number of frames per second has increased, and that is why <strong>the image is sleek and stable.<\/strong> Watch videos, streams, endless documents, and spreadsheets with a bunch of data and whatsoever.&nbsp;<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/Sfqy6ce9imcu2hsCihmSRb06kEBy0cjaq1IvnISSSrZn9rsJuviOI2hVQsCsHgLOhumFHG0nUcz-_-oJgFEEm4S-NSYdeZLpR268-OmzMZ4EwzVbO0YzFGQrJiO38sr9BWBjlSqU4vG_jOQOWPjX0NfUKsbMZwSkwGXvqHR_xZArNDr7bryevEtUCwd7Ww\" alt=\"VM video streaming in ANY.RUN\"\/><\/figure>\n\n\n\n<p>The technology of this solution is new, complex, and is still in beta version and <strong>ANY.RUN users have a choice<\/strong>. You can turn this new functionality on in your profile or the New task window\u2013&nbsp;the beta version checkbox is responsible for it. And turn it off if you don\u2019t need this option or face any difficulties due to the state of your machine.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/Frame-21323398.png\" alt=\"VNC settings\" class=\"wp-image-3314\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><li>ANY.RUN\u2019s main goal is to make a perfect area where users interact with a sample. And this time we also focused on decreasing lags and the delay from the performance of any action (drag and click a mouse, push the button). The virtual machine that is so <strong>responsive, flexible, and fast<\/strong> simplifies the process of analysis significantly.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-video\"><video autoplay controls loop muted src=\"\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/VM.mp4\"><\/video><\/figure>\n\n\n\n<p>Try this new enhancement now at ANY.RUN sandbox and don&#8217;t forget to check out our previous <a rel=\"noreferrer noopener\" aria-label=\"November update (opens in a new tab)\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-november-16-2022\/\" target=\"_blank\">November update<\/a>!<br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello, ANY.RUN users! Today we announce a new update on the service. This time, we present more than 100 signatures for TTPs analysis and detection and also fast and flawless virtual machine video&nbsp;streaming.&nbsp; Update overview: Detect more successfully &nbsp;+100 new signatures and fewer false positives. Enjoy fast and smooth interaction with VM&nbsp; A new beta [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4099,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,55,56],"class_list":["post-4083","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release notes December 6, 2022 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"ANY.RUN has updated the service with a new release on the 6th of December. 100+ signatures for detection and flawless virtual machine video streaming.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release notes December 6, 2022\",\"datePublished\":\"2022-12-06T01:47:00+00:00\",\"dateModified\":\"2022-12-21T06:41:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/\"},\"wordCount\":847,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/\",\"name\":\"Release notes December 6, 2022 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2022-12-06T01:47:00+00:00\",\"dateModified\":\"2022-12-21T06:41:13+00:00\",\"description\":\"ANY.RUN has updated the service with a new release on the 6th of December. 100+ signatures for detection and flawless virtual machine video streaming.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release notes December 6, 2022\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release notes December 6, 2022 - ANY.RUN&#039;s Cybersecurity Blog","description":"ANY.RUN has updated the service with a new release on the 6th of December. 100+ signatures for detection and flawless virtual machine video streaming.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release notes December 6, 2022","datePublished":"2022-12-06T01:47:00+00:00","dateModified":"2022-12-21T06:41:13+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/"},"wordCount":847,"commentCount":3,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/","name":"Release notes December 6, 2022 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2022-12-06T01:47:00+00:00","dateModified":"2022-12-21T06:41:13+00:00","description":"ANY.RUN has updated the service with a new release on the 6th of December. 100+ signatures for detection and flawless virtual machine video streaming.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-6-2022\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release notes December 6, 2022"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4083"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=4083"}],"version-history":[{"count":1,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4083\/revisions"}],"predecessor-version":[{"id":4100,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4083\/revisions\/4100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/4099"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=4083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=4083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=4083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}