{"id":4678,"date":"2023-04-13T09:38:51","date_gmt":"2023-04-13T09:38:51","guid":{"rendered":"\/cybersecurity-blog\/?p=4678"},"modified":"2023-04-13T10:45:49","modified_gmt":"2023-04-13T10:45:49","slug":"malware-trends-q1-2023","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/","title":{"rendered":"Malware Trends Report: Q1, 2023\u00a0"},"content":{"rendered":"\n<p>Welcome to ANY.RUN&#8217;s quarterly malware trends report!&nbsp;&nbsp;<\/p>\n\n\n\n<p>At <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=trendsq1&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, we process hundreds of thousands of tasks each month. While we&#8217;ve traditionally shared yearly statistics, we&#8217;ve decided to introduce a new format: <strong>quarterly malware trends<\/strong>.\u00a0\u00a0<\/p>\n\n\n\n<p>This allows us to offer timely insights into the latest threats and developments within the cybersecurity space.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary&nbsp;<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"466\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023.jpg\" alt=\"\" class=\"wp-image-4681\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023.jpg 842w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023-300x166.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023-768x425.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023-370x205.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023-270x149.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/Review-IN-Q1-2023-740x410.jpg 740w\" sizes=\"(max-width: 842px) 100vw, 842px\" \/><\/figure>\n\n\n\n<p>In this quarter&#8217;s analysis, we processed a total of <strong>775,613 tasks <\/strong>in ANY.RUN. Our sandbox identified <strong>257,006 tasks (33.1%) <\/strong>as malicious and <strong>38,884 tasks (5%) <\/strong>as suspicious. We also collected <strong>282,172,811 Indicators of Compromise (IOCs)<\/strong>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Types in Q1 2023\u00a0<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"721\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1.jpg\" alt=\"TOP MALWARE TYPES\" class=\"wp-image-4683\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1.jpg 842w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1-300x257.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1-768x658.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1-370x317.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1-270x231.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-TYPES-BY-UPLOADS-IN-Q1-2023-1-740x634.jpg 740w\" sizes=\"(max-width: 842px) 100vw, 842px\" \/><\/figure>\n\n\n\n<p><strong>Highlights<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Loaders top the list of most popular malware types<\/strong>: With 7,820 uploads loaders secured the first position in Q1 2023. emphasizing the widespread popularity of this attack vector.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Trojans are the second most popular malware type.<\/strong> We recorded 7696 trojan submissions, in Q1 2023.&nbsp;Their versatility and ability to deliver various payloads make Trojans a persistent challenge for researchers and analysts.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>RATs occupy the third spot.<\/strong> Remote Access Trojans (RATs), were recorded in 5,296 uploads in Q1 2023. This underscores the importance of securing remote access channels and closely monitoring network activity to protect against unauthorized access and data exfiltration.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Families in Q1 2023\u00a0<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"594\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233.jpg\" alt=\"TOP MALWARE FAMILIES\" class=\"wp-image-4684\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233.jpg 842w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233-300x212.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233-768x542.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233-370x261.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233-270x190.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/TOP-MALWARE-BY-UPLOADS-IN-Q1-20233-740x522.jpg 740w\" sizes=\"(max-width: 842px) 100vw, 842px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Highlights<\/strong>:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/redline\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>RedLine<\/strong><\/a><strong> remains a top concern<\/strong>:&nbsp; RedLine remains a significant threat \u2014 it has been near the top of our charts for two years in a row but has snatched the top spot from other families in Q1 2023 with 1,895 uploads.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/remcos\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Remcos<\/strong><\/a><strong> is in the top two<\/strong>:&nbsp;Remcos \u2014 despite being first spotted around 2015 \u2014 is still among the top malware families by popularity. It remains a significant threat&nbsp;in Q1 2023, with 1,385 uploads, placing it in the second spot.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/njrat\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>njRAT<\/strong><\/a><strong> is a common threat. <\/strong>With 1,096 uploads, njRAT was the third most popular malware family in Q1 2023, closely following the Remcos RAT.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/emotet\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Emotet<\/strong><\/a><strong> declined in popularity:<\/strong> Emotet \u2014 which used to firmly lead various malware charts \u2014 is now dethroned with only 982 uploads in Q1 2023, placing it in the fourth place.&nbsp;This shows the impact of Emotet gang arrests.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Top MITRE ATT&amp;CK techniques in Q1 2023&nbsp;<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"721\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques.jpg\" alt=\"Top MITRE ATT&amp;CK techniques in Q1 2023\u00a0\" class=\"wp-image-4689\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques.jpg 842w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques-300x257.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques-768x658.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques-370x317.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques-270x231.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/04\/techniques-740x634.jpg 740w\" sizes=\"(max-width: 842px) 100vw, 842px\" \/><\/figure>\n\n\n\n<p><strong>Highlights<\/strong>:&nbsp;&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li><strong>T1036.005 Masquerading. Match Legitimate Name or Location<\/strong>.&nbsp;A total of 78,101 uploads were found involving this technique, which involves attackers disguising their malicious activities by matching legitimate names or locations. How often do you encounter malicious &#8220;svchost&#8221; processes on a daily basis?&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>T1218.011 System Binary Proxy Execution. Rundll32.<\/strong> With a total of 22,030 uploads, this technique is used by attackers to execute malicious code through the legitimate Windows system binary Rundll32.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>T1059.003 Command and Scripting Interpreter. Windows Command Shell.<\/strong> A total of 20,225 uploads were detected, showcasing the prevalence of this technique used by attackers to execute commands and scripts through the Windows Command Shell. Keep an eye on CMD executions.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>T1555.003 Credentials from Password Stores. Credentials from Web Browsers.<\/strong> This technique, which targets web browser-stored credentials, accounted for 20,002 uploads. A substantial portion of malware consists of stealers, so it&#8217;s not surprising that this technique has risen to prominence.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>T1569.002 System Services. Service Execution.<\/strong> With a total of 14,291 uploads, this technique demonstrates the widespread use of service execution by attackers to perform malicious activities on compromised systems.&nbsp;<\/li>\n<\/ol>\n\n\n\n    <div class=\"post-footer\">\n      <div class=\"post-footer-banner\">\n        <p class=\"post-footer-banner__text\">\n          Free <span>malware research<\/span> with ANY.RUN\n        <\/p>\n        <div class=\"post-footer-banner__button-warp\">\n          <a href=\"https:\/\/app.any.run\/#register\" id=\"post-footer-banner\" target=\"_blank\" class=\"post-footer-banner__button\">\n            Start Now!\n          <\/a>\n        <\/div>\n      <\/div>\n    <\/div>\n  \n\n\n\n<h2 class=\"wp-block-heading\">Key takeaways&nbsp;<\/h2>\n\n\n\n<p>After Microsoft restricted the use of macros in Microsoft Office, the focus of attackers shifted from malicious documents to other tactics and techniques (TTPs). In addition to the increasingly popular delivery method of using IMG (iso) files, OneNote files are currently very relevant.&nbsp;<\/p>\n\n\n\n<p>OneNote allows embedding scripts directly into files, almost via drag-and-drop, and with some modifications the malicious document is ready for infection.\u00a0You can find this type of file in ANY.RUN\u2019s <a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=trendsq1&amp;utm_content=publicsubmissions\" target=\"_blank\" rel=\"noreferrer noopener\">public submissions<\/a> by filtering for Microsoft Office extensions.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Trojans remain a significant threat due to their versatility and ability to deliver various payloads.<\/strong> Every year, trojans are becoming increasingly complex, making them harder to detect. <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=trendsq1&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> allows you to thoroughly examine a sample from all angles and test its functionality on various versions of the Windows operating system.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security specialists should be on the lookout for Redline as the most widespread malware family<\/strong>. The risk of an attack evolving Redline is growing \u2014 researchers should be prepared to deal with current threats. Our service will extract the configuration for you, and all you&#8217;ll need to do is copy this information and add it to your EDR\\IDS.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The top MITRE ATT&amp;CK techniques used by attackers indicate a focus on obtaining unsecured credentials, subverting trust controls, and manipulating system processes. <\/strong>To better protect against these tactics, organizations and individuals should prioritize securing credentials, monitoring network activity, and maintaining up-to-date security measures.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Report methodology&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve examined data submitted to our public threat database by a diverse community of over 300,000 researchers, who have opted to make their analyses public, totaling 775,613 tasks.&nbsp;<\/p>\n\n\n\n<p>While this report should not be regarded as an exhaustive representation of the global malware threat landscape, we believe it can provide valuable insights into the most prevalent threats, as observed through the perspective of our sandbox.&nbsp;<\/p>\n\n\n\n<p>Did we overlook something significant? What information would you like to see in our next report? Share your thoughts in the comments below, and we&#8217;ll be sure to consider including it.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN&#8217;s quarterly malware trends report!&nbsp;&nbsp; At ANY.RUN, we process hundreds of thousands of tasks each month. While we&#8217;ve traditionally shared yearly statistics, we&#8217;ve decided to introduce a new format: quarterly malware trends.\u00a0\u00a0 This allows us to offer timely insights into the latest threats and developments within the cybersecurity space.&nbsp; Summary&nbsp; In this quarter&#8217;s [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4686,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[10,15,70],"class_list":["post-4678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-cybersecurity","tag-malware","tag-malware-analysis-report"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malware Trends Report: Q1, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"We identified top malware types &amp; families, and most-used MITRE ATT&amp;CK techniques. Read malware trends report Q1, 2023!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Malware Trends Report: Q1, 2023\u00a0\",\"datePublished\":\"2023-04-13T09:38:51+00:00\",\"dateModified\":\"2023-04-13T10:45:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/\"},\"wordCount\":889,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"cybersecurity\",\"malware\",\"malware analysis report\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/\",\"name\":\"Malware Trends Report: Q1, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-04-13T09:38:51+00:00\",\"dateModified\":\"2023-04-13T10:45:49+00:00\",\"description\":\"We identified top malware types & families, and most-used MITRE ATT&CK techniques. Read malware trends report Q1, 2023!\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malware Trends Report: Q1, 2023\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Trends Report: Q1, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"We identified top malware types & families, and most-used MITRE ATT&CK techniques. Read malware trends report Q1, 2023!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Malware Trends Report: Q1, 2023\u00a0","datePublished":"2023-04-13T09:38:51+00:00","dateModified":"2023-04-13T10:45:49+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/"},"wordCount":889,"commentCount":2,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["cybersecurity","malware","malware analysis report"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/","url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/","name":"Malware Trends Report: Q1, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-04-13T09:38:51+00:00","dateModified":"2023-04-13T10:45:49+00:00","description":"We identified top malware types & families, and most-used MITRE ATT&CK techniques. Read malware trends report Q1, 2023!","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"Malware Trends Report: Q1, 2023\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4678"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=4678"}],"version-history":[{"count":4,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4678\/revisions"}],"predecessor-version":[{"id":4691,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4678\/revisions\/4691"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/4686"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=4678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=4678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=4678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}