{"id":5876,"date":"2023-10-03T06:05:15","date_gmt":"2023-10-03T06:05:15","guid":{"rendered":"\/cybersecurity-blog\/?p=5876"},"modified":"2025-12-16T13:05:33","modified_gmt":"2025-12-16T13:05:33","slug":"release-notes-september-2023","status":"publish","type":"post","link":"\/cybersecurity-blog\/release-notes-september-2023\/","title":{"rendered":"Release Notes: Change to API Quotas, New Config Extractors and More"},"content":{"rendered":"\n<p>This is ANY.RUN&#8217;s monthly update, where we keep you posted on our progress.&nbsp;<\/p>\n\n\n\n<p>In September, we introduced multiple new features aimed at improving the identification of suspicious objects. <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotes0923&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> now can leverage AI for enhanced detection, fortifying the capabilities of our sandbox. Additionally, our analysts have expanded the threat coverage by implementing new rules and extractors.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product updates<\/h2>\n\n\n\n<p><strong>AI summaries<\/strong>: This major update lets you generate focused reports using AI. These reports can cover the entire task or zoom in on specific indicators like processes, command-line activities, or even triggered detection rules. This tool complements your existing behavioral and heuristic analysis methods. <a href=\"https:\/\/any.run\/cybersecurity-blog\/private-ai-for-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn more<\/a>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-1024x579.png\" alt=\"\" class=\"wp-image-9162\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-1024x579.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-300x170.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-768x434.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-1536x869.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-2048x1158.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-370x209.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-270x153.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-740x419.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI reviews inside ANY.RUN\u2019s sandbox analysis session<\/em><\/figcaption><\/figure><\/div>\n\n\n<p><strong>Team-based API usage quotas<\/strong>: Now, API quotas are set at the team level, not per team member. This lets any team member use the available quotas, making it easier for managers to monitor when you&#8217;re nearing the limit.<\/p>\n\n\n\n<p><strong>Modular Static Discovering<\/strong>: We&#8217;ve redesigned the architecture of the Static Discovery pop-up window to make it modular. This allows for rapid deployment of data extractors tailored to specific file types. The feature intelligently identifies which modules can best extract data, even from deeply nested structures. Initial modules available at launch are MSG\/Email, Office, OneNote, PDF, LNK, and ZIP.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"618\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-1024x618.png\" alt=\"\" class=\"wp-image-5886\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-1024x618.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-300x181.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-768x464.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-370x223.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-270x163.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static-740x447.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/static.png 1042w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Default browser selection for .html file analysis<\/strong>: When you upload .html files into the sandbox, you can now specify which default browser should open them. This flexibility allows for more accurate testing environments that mimic real-world user behavior. It helps you identify browser-specific vulnerabilities or exploits, thus improving the quality and scope of your analysis.<\/p>\n\n\n\n<p>Want to leverage the power of interactive analysis in the cloud?<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet started with a <span class=\"highlight\">free<\/span> ANY.RUN account now&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\" rel=\"noopener\" target=\"_blank\">\nSign up\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New malware config extractors and fixes<\/h2>\n\n\n\n<p>In September, we\u2019ve implemented detection capabilities and config extractors for new stealers and RATs:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Agniane<\/h3>\n\n\n\n<p>Agniane Stealer swipes credentials, system info, and session details from browsers, tokens, and file transfer tools, with a focus on cryptocurrency wallets. The stolen data is then shipped to C&amp;C servers for further exploitation. Tied to the Malware-as-a-Service platform Cinoshi Project, it&#8217;s sold on various dark web forums. The operators use packers to regularly update its capabilities and evasion tactics.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/29c2fdf3-bc19-4e43-bfc0-08afadf602b7\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze Agniane in ANY.RUN \u2192<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Bandook&nbsp;<\/h3>\n\n\n\n<p>Bandook is a commercial remote access trojan (RAT) with stealer features, coded in Delphi and C++. Closed-sourced before, its variants got leaked and are now publicly downloadable, which could make it a prominent threat in the coming months.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/82a56ab6-7816-4072-b1c4-78ecacf21f4e\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze Bandook in ANY.RUN \u2192<\/a>&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">DarkGate<\/h3>\n\n\n\n<p>DarkGate malware uses a custom base64 dictionary for string encryption, followed by a unique cipher. Beyond its stealer functions, this versatile threat may also function as a loader and keylogger.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/7f681ace-4eb0-4999-991c-51387ab55dd4\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze DarkGate in ANY.RUN \u2192<\/a>&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">MarsStealer<\/h3>\n\n\n\n<p>MarsStealer targets browser data, crypto wallets, and messenger sessions, pulling files from the victim&#8217;s machine. Part of a stealer family including Oski, Vidar, and Arkei, it shares a common codebase and is sold on forums alongside similar offerings like StealC and Racoon.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/4dab58dc-8e6d-4447-ba80-d81c18d51c86\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze MarsStealer in ANY.RUN \u2192<\/a>&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Stealc<\/h3>\n\n\n\n<p>The malware is coded in C and comes in two variations. The first encrypts C2 and strings using base64 and RC4, while the second uses a custom XTEA algorithm with stack obfuscation for C2 and XOR for string encryption. Both versions employ a grabber to snatch credentials from platforms like Telegram, Steam, and Chrome.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/1c8a314f-fcba-4f5b-b3ac-10eeb9d4b65a\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze Stealc in ANY.RUN \u2192<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">More YARA Rules&nbsp;<\/h2>\n\n\n\n<p>In addition, we\u2019ve added new YARA rules (without extractors) for the following malware families:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/85d7971d-2e2a-4776-9df5-1877cbfe3869\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Exela Stealer<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/33673ff4-4af7-4d91-ad1c-d27809e04a7d\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">EternityClipper<\/a> <\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/0abce316-22e7-478f-aa22-cdb7f56e1dcf\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Metamorfo<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/8497a9b0-79b6-46b0-8524-a3d480026155\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">hijackloader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New Network and Suricata Rules&nbsp;<\/h2>\n\n\n\n<p>We wrote <strong>305 new Suricata rules<\/strong>, with particular attention to the Lazarus and TAG74 groups.&nbsp;&nbsp;<\/p>\n\n\n\n<p>We&#8217;ve also updated signatures for <a href=\"https:\/\/app.any.run\/tasks\/ade6e13f-1ebe-4f96-968f-adfc1b2fdaaa\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">DarkCrystal<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/8497a9b0-79b6-46b0-8524-a3d480026155\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Lumma Stealer<\/a>, and <a href=\"https:\/\/app.any.run\/tasks\/711ea380-f3bc-43be-998e-e2e59f7df2bb\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Rhadamanthys<\/a>. Enhancements were made in detecting encrypted payloads and file-sharing services. Additionally, we improved the detection of specific malware families, including <a href=\"https:\/\/app.any.run\/tasks\/80d21d29-af9b-4005-a862-dd32109fd454\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Gh0stRAT<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/b79f578c-0fd9-47eb-8c31-aab25d13bb2c\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Amadey<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/d8906703-56da-446c-ad4c-a43c8885b666\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Grandoreiro<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/40c7e4af-fcb1-4995-8fb2-f119da3ab8a3\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Echida<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/92b09486-a45b-477b-93ba-7939e5a2676e\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">DBatLoader<\/a>, and <a href=\"https:\/\/app.any.run\/tasks\/6308f28d-e009-4ed5-a8da-2d400a6669dd\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">Mekotio<\/a>. &nbsp;<\/p>\n\n\n\n<p>We shared these updates with the ET (Emerging Threats) community at the following links:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/community.emergingthreats.net\/t\/theboxclipper\/904\" target=\"_blank\" rel=\"noreferrer noopener\">TheBoxClipper Update<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/community.emergingthreats.net\/t\/echida-botnet\/918\" target=\"_blank\" rel=\"noreferrer noopener\">Echida Botnet<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/community.emergingthreats.net\/t\/lumma-stealer-updates\/946\/2\" target=\"_blank\" rel=\"noreferrer noopener\">Lumma Stealer Updates<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/community.emergingthreats.net\/t\/darkcrystal-rat\/952\/5\" target=\"_blank\" rel=\"noreferrer noopener\">DarkCrystal RAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Wrapping up&nbsp;&nbsp;<\/h2>\n\n\n\n<p>This month, we&#8217;ve updated our threat intelligence and introduced additional sandbox features. These updates enable more effective malware analysis, including detailed behavioral reports and object investigation.&nbsp;<\/p>\n\n\n\n<p>We&#8217;ve integrated AI to assist in this process. Our team is also monitoring emerging threats to maintain the efficacy of ANY.RUN&#8217;s detection algorithms. To support broader cybersecurity efforts, we&#8217;re sharing our detection rules with the analyst community.\u00a0<\/p>\n\n\n\n<p>ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Request a demo today and enjoy 14 days of free access to our Enterprise plan.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=releasenotes0923&amp;utm_content=trial\" target=\"_blank\" rel=\"noreferrer noopener\">Request demo \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is ANY.RUN&#8217;s monthly update, where we keep you posted on our progress.&nbsp; In September, we introduced multiple new features aimed at improving the identification of suspicious objects. ANY.RUN now can leverage AI for enhanced detection, fortifying the capabilities of our sandbox. Additionally, our analysts have expanded the threat coverage by implementing new rules and [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":4099,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,55,56],"class_list":["post-5876","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: API Quotas, Config Extractors, and More<\/title>\n<meta name=\"description\" content=\"In September, ANY.RUN introduced AI for enhanced analysis and expanded the threat coverage by implementing new rules and extractors.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vlad Ananin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"Vlad Ananin\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"Release Notes: Change to API Quotas, New Config Extractors and More\",\n\t            \"datePublished\": \"2023-10-03T06:05:15+00:00\",\n\t            \"dateModified\": \"2025-12-16T13:05:33+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/\"\n\t            },\n\t            \"wordCount\": 837,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"release\",\n\t                \"update\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Service Updates\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/\",\n\t            \"name\": \"Release Notes: API Quotas, Config Extractors, and More\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2023-10-03T06:05:15+00:00\",\n\t            \"dateModified\": \"2025-12-16T13:05:33+00:00\",\n\t            \"description\": \"In September, ANY.RUN introduced AI for enhanced analysis and expanded the threat coverage by implementing new rules and extractors.\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Service Updates\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"Release Notes: Change to API Quotas, New Config Extractors and More\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"Vlad Ananin\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\n\t                \"caption\": \"Vlad Ananin\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: API Quotas, Config Extractors, and More","description":"In September, ANY.RUN introduced AI for enhanced analysis and expanded the threat coverage by implementing new rules and extractors.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/","twitter_misc":{"Written by":"Vlad Ananin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/"},"author":{"name":"Vlad Ananin","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Change to API Quotas, New Config Extractors and More","datePublished":"2023-10-03T06:05:15+00:00","dateModified":"2025-12-16T13:05:33+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/"},"wordCount":837,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/","name":"Release Notes: API Quotas, Config Extractors, and More","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-10-03T06:05:15+00:00","dateModified":"2025-12-16T13:05:33+00:00","description":"In September, ANY.RUN introduced AI for enhanced analysis and expanded the threat coverage by implementing new rules and extractors.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Change to API Quotas, New Config Extractors and More"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Vlad Ananin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","caption":"Vlad Ananin"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5876"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=5876"}],"version-history":[{"count":7,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5876\/revisions"}],"predecessor-version":[{"id":17382,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5876\/revisions\/17382"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/4099"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=5876"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=5876"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=5876"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}