{"id":6736,"date":"2024-01-24T09:29:17","date_gmt":"2024-01-24T09:29:17","guid":{"rendered":"\/cybersecurity-blog\/?p=6736"},"modified":"2024-01-24T09:29:21","modified_gmt":"2024-01-24T09:29:21","slug":"malware-trends-2023","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/","title":{"rendered":"Malware Trends Overview Report:\u00a02023\u00a0"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>Let&#8217;s take a moment to reflect on 2023. We&#8217;ve analyzed the most prevalent malware families, types, and TTPs of the year, and we&#8217;re bringing you the highlights in this article.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-1024x567.jpg\" alt=\"\" class=\"wp-image-6741\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-1024x567.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-300x166.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-768x425.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-370x205.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-270x149.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023-740x410.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Review-2023.jpg 1263w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>This report is based on the analysis of 2,991,551 public tasks created by our community in 2023. Out of these, 817,701 were tagged as malicious, and 148,124 as suspicious. Overall, <a href=\"http:\/\/any.run\/?utm_source=blog&amp;utm_medium=article&amp;utm_campaign=2023_stats&amp;utm_content=linktolanding&amp;utm_term=240124\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helped the cybersecurity community identify 640,158,713 IOCs in 2023. \u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Types in 2023&nbsp;<\/h2>\n\n\n\n<p>Let&#8217;s begin by taking a closer look at the most common types of malware identified by ANY.RUN&#8217;s sandbox. In 2023, loaders, stealers, and RATs took the lead with 24,136,\u00a018,290, and 17,431 detections respectively. Around 15,630 detections were attributed to trojans:\u00a0\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-1024x538.jpg\" alt=\"\" class=\"wp-image-6742\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Types.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Loader<\/strong>: 24,136&nbsp;<\/li>\n\n\n\n<li><strong>Stealer<\/strong>: 18,290&nbsp;<\/li>\n\n\n\n<li><strong>Remote Access Trojan (RAT)<\/strong>: 17,431&nbsp;<\/li>\n\n\n\n<li><strong>Trojan<\/strong>: 15,630&nbsp;<\/li>\n\n\n\n<li><strong>Ransomware<\/strong>: 12,820&nbsp;<\/li>\n\n\n\n<li><strong>Installer<\/strong>: 8,541&nbsp;<\/li>\n\n\n\n<li><strong>Keylogger<\/strong>: 4,049&nbsp;<\/li>\n\n\n\n<li><strong>Backdoor<\/strong>: 1,779&nbsp;<\/li>\n\n\n\n<li><strong>Miner<\/strong>: 1,043\u00a0<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAnalyze malware and collect IOCs in <span class=\"highlight\">ANY.RUN<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\/\" rel=\"noopener\" target=\"_blank\">\nRegister for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\"><br>Top Malware Families in 2023\u00a0\u00a0<\/h2>\n\n\n\n<p>In terms of malware families, Redline was by far the most popular (9205 detections), spotted more than twice as frequently as the second-most used malware Remcos (4407 detecitions). Redline is popular among cybercriminals because it\u2019s easy to buy online and it can evade detection through polymorphic code, rootkit functionalities, and intricate obfuscation methods.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/malware-trends\/redline?utm_source=blog&amp;utm_medium=article&amp;utm_campaign=2023_stats&amp;utm_content=linktomtt&amp;utm_term=240124\" target=\"_blank\" rel=\"noreferrer noopener\">Get the latest Redline IOCs and read more about this malware family in ANY.RUN\u2019s Malware Trends Tracker.<\/a>\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-1024x538.jpg\" alt=\"\" class=\"wp-image-6743\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Families.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/redline\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Redline<\/strong><\/a><strong>: <\/strong>9,205&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/remcos\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Remcos<\/strong><\/a><strong>: <\/strong>4,407&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/agenttesla\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Agent Tesla<\/strong><\/a>: 4,215&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/njrat\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>njRAT<\/strong><\/a>: 3,939&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/asyncrat\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>AsyncRAT<\/strong><\/a><strong>: <\/strong>2,733&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/formbook\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>FormBook<\/strong><\/a>: 2,098&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/amadey\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Amadey<\/strong><\/a>: 1,956&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/vidar\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Vidar<\/strong><\/a>: 1,569&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Top MITRE ATT&amp;CK techniques in 2023\u00a0<\/h2>\n\n\n\n<p>MITRE ATT&amp;CK is a widely recognized framework used globally. It categorizes various adversary actions into tactics and techniques. It&#8217;s an essential tool for malware analysts to identify, assess, and address threats more effectively.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-1024x538.jpg\" alt=\"\" class=\"wp-image-6744\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/01\/Top-Mitre.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>ANY.RUN has a MITRE ATT&amp;CK report that matches malware actions to specific techniques. In 2023, we made over\u00a01.2 million\u00a0matches, allowing us to put together this spreadsheet of TTPs adversaries employed most frequently in 2023:\u00a0<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-64\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"20\"\n           data-wpID=\"64\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        MITRE ATT&CK Technique \t\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Count\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1036.005 Masquerading: Match Legitimate Name or Location\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        486,058\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1518.001 Software Discovery: Security Software Discovery\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        235,295\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1569.002 System Services: Service Execution\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        119,695\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1114.001 Email Collection: Local Email Collection\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        87,962\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1218.011 System Binary Proxy Execution: Rundll32\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        79,501\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.003 Command and Scripting Interpreter: Windows Command Shell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        75,300\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1036.003 Masquerading: Rename System Utilities\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        62,078\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1497.003 Virtualization\/Sandbox Evasion: Time Based Evasion\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        51,394\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1204.002 User Execution: Malicious File\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        47,720\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1053.005 Scheduled Task\/Job: Scheduled Task\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        40,453\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A12\"\n                    data-col-index=\"0\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.001 Command and Scripting Interpreter: PowerShell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B12\"\n                    data-col-index=\"1\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        36,593\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A13\"\n                    data-col-index=\"0\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1547.001 Boot or Logon Autostart Execution: Registry Run Keys \/ Startup Folder\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B13\"\n                    data-col-index=\"1\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        27,761\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A14\"\n                    data-col-index=\"0\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.005 Command and Scripting Interpreter: Visual Basic\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B14\"\n                    data-col-index=\"1\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        23,188\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A15\"\n                    data-col-index=\"0\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1562.001 Impair Defenses: Disable or Modify Tools\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B15\"\n                    data-col-index=\"1\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        23,084\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A16\"\n                    data-col-index=\"0\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1555.003 Credentials from Password Stores: Credentials from Web Browsers\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B16\"\n                    data-col-index=\"1\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        21,194\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A17\"\n                    data-col-index=\"0\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1574.002 Hijack Execution Flow: DLL Side-Loading\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B17\"\n                    data-col-index=\"1\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        19,939\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A18\"\n                    data-col-index=\"0\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1222.001 File and Directory Permissions Modification: Windows File and Directory Permissions Modification\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B18\"\n                    data-col-index=\"1\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        12,492\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A19\"\n                    data-col-index=\"0\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.007 Command and Scripting Interpreter: JavaScript\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B19\"\n                    data-col-index=\"1\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        11,814\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A20\"\n                    data-col-index=\"0\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1564.001 Hide Artifacts: Hidden Files and Directories\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B20\"\n                    data-col-index=\"1\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        8,993\u00a0\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-64'>\ntable#wpdtSimpleTable-64{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-64 td, table.wpdtSimpleTable64 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Top TTPs: highlights:<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Masquerading Techniques (T1036.005): <\/strong>There&#8217;s a notable prelevance of Masquerading: Match Legitimate Name or Location technique. This indicates how common obfuscation via deceptive filenames and paths has been in 2023. This technique employs mimicry tactics to bypass heuristic detection. Effective countermeasures include behavioral analysis, focusing on anomaly detection in process tree execution and scrutinizing file path irregularities.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security Software Discovery (T1518.001)<\/strong>: Software Discovery: Security Software Discovery&nbsp;is indicative of sophisticated adversaries targeting security mechanisms. This method is a hallmark of APTs and targeted ransomware campaigns.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Increased Use of System Services for Execution (T1569.002)<\/strong>: We&#8217;re seeing a lot of malware use system services to stay hidden and live of the land. This is a common technique in rootkits and sophisticated malware. This approach exploits system services to execute code at elevated privileges.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Email Collection: Local Email Collection (T1114.001)<\/strong>:&nbsp;This technique takes place with malware that focuses on stealing sensitive information from emails, specifically from local email files such as cache or Outlook files.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Report methodology &nbsp;<\/h2>\n\n\n\n<p>In our report, we analyzed data from 2,991,551 tasks sent to our public threat database. This information is from researchers in our community who helped by running tasks in ANY.RUN.&nbsp;<\/p>\n\n\n\n<p><strong>About ANY.RUN <\/strong>&nbsp;<\/p>\n\n\n\n<p>ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp;&nbsp; &nbsp;<\/p>\n\n\n\n<p>Request a demo today and enjoy 14 days of free access to our Enterprise plan.&nbsp;&nbsp;&nbsp; &nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=blog&amp;utm_medium=article&amp;utm_campaign=2023_stats&amp;utm_content=trial&amp;utm_term=240124\" target=\"_blank\" rel=\"noreferrer noopener\">Request demo \u2192<\/a>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let&#8217;s take a moment to reflect on 2023. We&#8217;ve analyzed the most prevalent malware families, types, and TTPs of the year, and we&#8217;re bringing you the highlights in this article.\u00a0 This report is based on the analysis of 2,991,551 public tasks created by our community in 2023. Out of these, 817,701 were tagged as malicious, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":6746,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,34],"class_list":["post-6736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malware Trends Overview Report:\u00a02023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Explore the key malware trends in 2023. Discover the top malware types and families, as well as the most common MITRE ATT&amp;CK techniques.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Malware Trends Overview Report:\u00a02023\u00a0\",\"datePublished\":\"2024-01-24T09:29:17+00:00\",\"dateModified\":\"2024-01-24T09:29:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/\"},\"wordCount\":587,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/\",\"name\":\"Malware Trends Overview Report:\u00a02023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-01-24T09:29:17+00:00\",\"dateModified\":\"2024-01-24T09:29:21+00:00\",\"description\":\"Explore the key malware trends in 2023. Discover the top malware types and families, as well as the most common MITRE ATT&CK techniques.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malware Trends Overview Report:\u00a02023\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Trends Overview Report:\u00a02023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"Explore the key malware trends in 2023. Discover the top malware types and families, as well as the most common MITRE ATT&CK techniques.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Malware Trends Overview Report:\u00a02023\u00a0","datePublished":"2024-01-24T09:29:17+00:00","dateModified":"2024-01-24T09:29:21+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/"},"wordCount":587,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/","url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/","name":"Malware Trends Overview Report:\u00a02023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-01-24T09:29:17+00:00","dateModified":"2024-01-24T09:29:21+00:00","description":"Explore the key malware trends in 2023. Discover the top malware types and families, as well as the most common MITRE ATT&CK techniques.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"Malware Trends Overview Report:\u00a02023\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6736"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=6736"}],"version-history":[{"count":1,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6736\/revisions"}],"predecessor-version":[{"id":6748,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6736\/revisions\/6748"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/6746"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=6736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=6736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=6736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}