{"id":5482,"date":"2023-07-27T05:46:09","date_gmt":"2023-07-27T05:46:09","guid":{"rendered":"\/cybersecurity-blog\/?p=5482"},"modified":"2023-07-27T06:51:50","modified_gmt":"2023-07-27T06:51:50","slug":"release-notes-july-2023","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/","title":{"rendered":"Release Notes: Digital Signatures, New Network rules, and More\u00a0"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>In this article, we\u2019re breaking down all updates that took place in <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotes0723&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> in July: new features, detection rules, and community contributions. We have a lot to unpack, so let\u2019s get started.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product updates&nbsp;<\/h2>\n\n\n\n<p>We had two major releases in July: digital signatures and evidence archive export.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Digital signatures<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Digital signature data is <a href=\"https:\/\/any.run\/cybersecurity-blog\/digital-signatures\/\" target=\"_blank\" rel=\"noreferrer noopener\">now accessible<\/a> in ANY.RUN both for processes and modules.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"614\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-1024x614.png\" alt=\"Digital signatures\u00a0\" class=\"wp-image-5484\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-1024x614.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-300x180.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-768x460.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-1536x921.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-370x222.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-270x162.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10-740x444.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-10.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Signature icons appear on the process tree, indicating if a signature is valid, expired, revoked, or untrusted. Clicking on the icon brings up a detailed view. &nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"570\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-1024x570.png\" alt=\"Digital signatures\u00a0\" class=\"wp-image-5485\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-1024x570.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-768x427.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-1536x854.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11-740x412.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/07\/image-11.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>And for even more details, a new section of \u201cadvanced process\u201d details is now dedicated to signatures. There, you can download\u00a0the certificate itself and ASN.1\u00a0tree.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nANY.RUN takes the grunt work out of <span class=\"highlight\">malware analysis<\/span> for researchers, SOC, and DFIR teams&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\" rel=\"noopener\" target=\"_blank\">\nGet started with a free account\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New YARA rules and Signatures&nbsp;<\/h2>\n\n\n\n<p>We\u2019ve added a signature for lu0bot as well as&nbsp;new YARA rules for the following families:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PureLoader. <\/strong>A new loader family.&nbsp;<\/li>\n\n\n\n<li><strong>Revil\\Sodinokibi.<\/strong> Ransomware, also known as Sodin.\u00a0<\/li>\n\n\n\n<li><strong>BanditStealer<\/strong>: A new strain of information stealer.&nbsp;<\/li>\n\n\n\n<li><strong>Redosdru: <\/strong>A downloader trojan.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Config extractor additions and fixes\u00a0<\/h2>\n\n\n\n<p>ANY.RUN can automatically extract and decrypt the configuration for over 60 malware families, giving you quick access to encrypted strings. In July, we\u2019ve added 2 extractors:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Added: Lucastealer extractor &nbsp;<\/li>\n\n\n\n<li>Fixed: Dcrat extractor&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New network and detection rules&nbsp;<\/h2>\n\n\n\n<p>In July, we&#8217;ve written<strong> 74 new network rules<\/strong> in the Suricata format.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Minimal_PC_Miner, Repl.it Miner coverage added<\/strong>. We\u2019ve investigated GitHub repos in the wild, searching for Duino-Coin miners. As a result,&nbsp;we\u2019ve added a Minimal_PC_Miner, Repl.it Miner coverage. We\u2019ve also created a&nbsp;generic to account for subsequent forks.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>A new rule created to mark Hydrochasma reverse proxy<\/strong>. A traffic proxy tool called <a href=\"https:\/\/app.any.run\/tasks\/d87c45f7-9928-4d34-be2a-e826b5bcb146\" target=\"_blank\" rel=\"noreferrer noopener\">Hydrochasma<\/a>, which poses a threat to medical and shipping companies in Asia, has been marked by our rule. The rule, named Hydrochasma Fast Reverse Proxy, was shared with the ET community. &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improved Danabot coverage<\/strong>. We\u2019ve improved the coverage for Danabot by adding a new rule which targets the message structure related to this threat\u2019s activity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Two new phishing rules added<\/strong>. Phishing is one of the most pressing threats and a common vector of attack. Our HTMLPhisher page collection has been updated with two new rules.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>New rule for loading shellcode<\/strong>. Shellcode is a binary executable code that usually transfers control to the command processor. Our arsenal has been updated with a rule for loading shellcode, as well as a tag for similar content. Enter &#8216;shellcode&#8217; into the search bar and see the result <a href=\"https:\/\/app.any.run\/submissions\/#tag:shellcode\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Even more new rules<\/strong>. Fabookie, Stealc, Formbook, and GuLoader have also received additional rules for detecting network activity. We constantly monitor non-detectable connections of already known malware with the aim of achieving the most comprehensive threat coverage.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Better Coverage and Detection of New Threats&nbsp;<\/h2>\n\n\n\n<p><strong>Menorah, a new backdoor found<\/strong>. The backdoor that we&#8217;ve named Menorah, after the name of the <a href=\"https:\/\/app.any.run\/tasks\/f23fdb7f-40fb-48e1-a5bf-03d6dc7ef744\/\" target=\"_blank\" rel=\"noreferrer noopener\">executable file<\/a>, caught our attention with a lure in the form of a Microsoft Word document containing a vehicle registration form under the jurisdiction of the Seychelles. The document incorrectly stated the address of the Seychelles Licensing Authority and also contained a malicious macro.&nbsp;<\/p>\n\n\n\n<p><strong>Implemented detection of Mystic Stealer<\/strong>. Mystic Stealer is a relatively new threat, the network traffic of which was described in <a href=\"https:\/\/www.zscaler.com\/blogs\/security-research\/mystic-stealer\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">this article<\/a>. We&#8217;ve added our signature and have also <a href=\"https:\/\/community.emergingthreats.net\/t\/mystic-stealer-signature\/658\/5?u=jane0sint\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">contributed to the community<\/a>.\u00a0<\/p>\n\n\n\n<p><strong>Created a rule for Hydrogene \u2014 a new backdoor<\/strong>. The previously unexamined public Java backdoor Hydrogene was active as of July 16th, <a href=\"https:\/\/app.any.run\/tasks\/964f4493-3846-48aa-8c33-847aa6cb3e7a\/\" target=\"_blank\" rel=\"noreferrer noopener\">drawing our attention<\/a>. It received the <a href=\"https:\/\/app.any.run\/tasks\/2c7c4e19-07bf-481e-a700-85bb67ccbf97\" target=\"_blank\" rel=\"noreferrer noopener\">rule BACKDOOR [ANY.RUN] Hydrogene (Java.Agent).<\/a>&nbsp;<\/p>\n\n\n\n<p><strong>New MQsTTubo malware found<\/strong>. The Internet of Things (IoT) is all around us, and it has its own lightweight protocols, such as MQTT. Malicious actors decided to exploit this and have created yet another malware based on MQTT. This previously unexplored malware publicly accessible has been named MQsTTubo and has a series of rules for detecting network activity. Note, that reproducing the threat is quite complicated. The link to the <a href=\"https:\/\/app.any.run\/tasks\/f98aa2c5-deae-408a-8e86-530e7961dfb6\" target=\"_blank\" rel=\"noreferrer noopener\">primary analysis in ANY.RUN can be found here<\/a>.&nbsp;<\/p>\n\n\n\n<p><strong>A new GO-based stealer detected<\/strong>. The previously unexplored stealer written in the GO language and distributed via discord links was named <a href=\"https:\/\/app.any.run\/tasks\/cfee50df-73a6-4ffc-a7cd-d82cefa5affb\/\" target=\"_blank\" rel=\"noreferrer noopener\">SorryGoMaster<\/a> and received detection rules.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Increased activity of APT groups detected in July&nbsp;<\/h2>\n\n\n\n<p>This month, we observed a surge in activity from APT groups such as APT37, Storm-0978, and Lazarus.&nbsp;<\/p>\n\n\n\n<p>Storm-0978 exploited the zero-day vulnerability CVE-2023-36884 with a CVSS v3.1 score of 8.3\/8.1. The <a href=\"https:\/\/app.any.run\/tasks\/7cbfccb4-d464-44e9-aca1-83b99aeab946\" target=\"_blank\" rel=\"noreferrer noopener\">first sample<\/a> appeared in our sandbox on July 3rd, 2023. To proactively track exploitation, we added several policy class rules.&nbsp;<\/p>\n\n\n\n<p>Konni is a tool used by the North Korean APT37 group designed to steal victim data. Notably, it checked for a kill switch file that would halt the stealer&#8217;s operation. In the case we examined, the lure came with several documents in Korean:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\uc18c\uba85\uc790\ub8cc \ubaa9\ub85d(\uad6d\uc138\uc9d5\uc218\ubc95 \uc2dc\ud589\uaddc\uce59).hwp.lnk &#8211; List of explanatory materials (Execution Rules of the Tax Collection Law).hwp.lnk&nbsp;<\/li>\n\n\n\n<li>\uc778\uc9c0\uc138 \uc870\uc0ac \ubcf4\uace0\uc11c(\uc778\uc9c0\uc138 \uc0ac\ubb34\ucc98\ub9ac\uaddc\uc815).hwp &#8211; Report on stamp duty investigation (Stamp Duty Administration Rules).hwp&nbsp;<\/li>\n\n\n\n<li>\uc790\uae08\ucd9c\ucc98\uba85\uc138\uc11c(\ubd80\uac00\uac00\uce58\uc138\ubc95 \uc2dc\ud589\uaddc\uce59).hwp &#8211; Statement of source of funds (Implementation Rules of the Value-Added Tax Law).hwp&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You can find the <a href=\"https:\/\/app.any.run\/tasks\/e86329e9-30a6-485b-b796-4d41cc474af2\/\" target=\"_blank\" rel=\"noreferrer noopener\">analysis in ANY.RUN here<\/a>. We\u2019ve also published <a href=\"https:\/\/community.emergingthreats.net\/t\/konni-apt\/765\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">the rules for detecting these illegal online activities.<\/a> \u00a0<\/p>\n\n\n\n<p>Lazarus, another North Korean group, used an <a href=\"https:\/\/community.emergingthreats.net\/t\/lazarus-apt-backdoor\/785\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">unidentified backdoor tool<\/a>. Based on preliminary research, the DTrack tool is suspected at the initial stage, with a lure named &#8216;Multi National Recruitment System Templete.pdf.lnk&#8217; within a Korean archive &#8211; \\\ubbf8\uad70 \uad6c\uc778\uacf5\uace0 \uc6f9\uc0ac\uc774\ud2b8 \uc8fc\uc18c \ubc0f \uc0ac\uc6a9\ubc29\ubc95 \uc548\ub0b4\\ (US Army job posting website address and how to use it). As in the previous case, <a href=\"https:\/\/community.emergingthreats.net\/t\/lazarus-apt-backdoor\/785\" target=\"_blank\" rel=\"noreferrer noopener\">we informed the community with a new rule<\/a>.\u00a0<\/p>\n\n\n\n<p>The HZRAT threat remains active and has a functioning command and control server. We had to add another rule to our set due to the lack of detection in this <a href=\"https:\/\/app.any.run\/tasks\/ccd9cf70-59cd-4546-adb3-0ddd9c7621b9\/\" target=\"_blank\" rel=\"noreferrer noopener\">sample<\/a>.&nbsp;<\/p>\n\n\n\n<p>Previously flagged as the STEALER [ANY.RUN] Win32\/Clipbanker, the backdoor received its name BACKDOOR [ANY.RUN] KillRun PowerShell.Backdoor due to the presence of only two commands \u2014 kill and run. We relied on the <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/29930\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">research<\/a> conducted in SANS (Internet Storm Center) Diary by Xavier Mertens.\u00a0<\/p>\n\n\n\n<p>VanillaRAT is an advanced remote administration tool coded in C#, according to a 4-year-old description on GitHub. Vanilla itself is not something new and <a href=\"https:\/\/app.any.run\/tasks\/447beafd-926f-4a82-b4d4-e5bbe85e49d3\/\" target=\"_blank\" rel=\"noreferrer noopener\">was already on the radar back in 2019<\/a>. We still note its network activity, which received the <a href=\"https:\/\/app.any.run\/tasks\/a9dd4c1e-1e2c-4994-a85e-c66a3eb8fc55\/\" target=\"_blank\" rel=\"noreferrer noopener\">rule REMOTE [ANY.RUN] VanillaRAT<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">DNS Error found that can lead to vulnerabilities&nbsp;<\/h2>\n\n\n\n<p>An amazing case of negligence in programming DNS addresses occurred in a <a href=\"https:\/\/www.ptsecurity.com\/ru-ru\/research\/pt-esc-threat-intelligence\/space-pirates-exploring-non-standard-techniques-new-attack-vectors-and-grouping-tools\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">report<\/a>. It claims that Cisco OpenDNS with the address 208.67.222.222 is read by the malicious tool Deed RAT in reverse order, i.e., as 222.222.67.208. This leads to an erroneous connection to a server with a missing DNS resolver. This incident was reflected in our rule SUSPICIOUS [ANY.RUN] Misspelled OpenDNS IP (CosmicStrand or Deed RAT). Thanks to our colleagues for the report. We noticed the same error in the <a href=\"https:\/\/securelist.com\/cosmicstrand-uefi-firmware-rootkit\/106973\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CosmicStrand rootkit<\/a>.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">LucaStealer changes tactics&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/cdf82376-894c-4607-8005-2fa3607335d8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Network activity for LucaStealer has been detected<\/a>, based on HTTP POST requests. Previously, the preferred exfiltration channel for this malware was considered to be Telegram.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Try ANY.RUN for free for 14 days&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN is an interactive malware sandbox that streamlines behavioral analysis and accelerates access to knowledge. Our detection capabilities are already industry-leading, but we&#8217;re working hard to make them even more robust. See how ANY.RUN can help you catch emerging threats.\u00a0<\/p>\n\n\n\n<p>\u00a0<a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0723&amp;utm_content=trial\" target=\"_blank\" rel=\"noreferrer noopener\">Request your 14 days free trial \u2192<\/a>\u00a0<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article, we\u2019re breaking down all updates that took place in ANY.RUN in July: new features, detection rules, and community contributions. We have a lot to unpack, so let\u2019s get started.\u00a0 Product updates&nbsp; We had two major releases in July: digital signatures and evidence archive export.&nbsp; Digital signatures&nbsp; Digital signature data is now accessible [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4099,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,34,55],"class_list":["post-5482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-malware-analysis","tag-release"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes. Digital Signatures, New Network rules, and More<\/title>\n<meta name=\"description\" content=\"In July, ANY.RUN&#039;s launched Digital Signatures, YARA rules for PureLoader, BanditStealer, as well as new signatures, and config extractors.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: Digital Signatures, New Network rules, and More\u00a0\",\"datePublished\":\"2023-07-27T05:46:09+00:00\",\"dateModified\":\"2023-07-27T06:51:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/\"},\"wordCount\":1290,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"malware analysis\",\"release\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/\",\"name\":\"Release Notes. Digital Signatures, New Network rules, and More\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-07-27T05:46:09+00:00\",\"dateModified\":\"2023-07-27T06:51:50+00:00\",\"description\":\"In July, ANY.RUN's launched Digital Signatures, YARA rules for PureLoader, BanditStealer, as well as new signatures, and config extractors.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Digital Signatures, New Network rules, and More\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes. Digital Signatures, New Network rules, and More","description":"In July, ANY.RUN's launched Digital Signatures, YARA rules for PureLoader, BanditStealer, as well as new signatures, and config extractors.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Digital Signatures, New Network rules, and More\u00a0","datePublished":"2023-07-27T05:46:09+00:00","dateModified":"2023-07-27T06:51:50+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/"},"wordCount":1290,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","malware analysis","release"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/","name":"Release Notes. Digital Signatures, New Network rules, and More","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-07-27T05:46:09+00:00","dateModified":"2023-07-27T06:51:50+00:00","description":"In July, ANY.RUN's launched Digital Signatures, YARA rules for PureLoader, BanditStealer, as well as new signatures, and config extractors.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-july-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Digital Signatures, New Network rules, and More\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5482"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=5482"}],"version-history":[{"count":12,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5482\/revisions"}],"predecessor-version":[{"id":5506,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5482\/revisions\/5506"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/4099"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=5482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=5482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=5482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}