{"id":7205,"date":"2024-03-04T09:59:52","date_gmt":"2024-03-04T09:59:52","guid":{"rendered":"\/cybersecurity-blog\/?p=7205"},"modified":"2024-03-04T10:05:36","modified_gmt":"2024-03-04T10:05:36","slug":"release-notes-february-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/","title":{"rendered":"Release Notes: Threat Intelligence Lookup, RSPAMD, 26 New Signatures, and More"},"content":{"rendered":"\n<p>Welcome to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktolanding&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>\u2019s monthly update series, where we share what the team has been working on this past month.\u00a0\u00a0 \u00a0<\/p>\n\n\n\n<p>In February, we released our biggest Threat Intelligence product yet \u2014 the ANY.RUN Lookup portal. We also introduced a new email analysis workflow with an RSPAMD Static Discovering Module, expanded threat coverage in the sandbox to include malware like HAMAS, WhiteSnake, and KitStealer.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New features&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Threat Intelligence Lookup&nbsp;<\/h3>\n\n\n\n<p>Undoubtedly, the most significant release in February, Threat Intelligence Lookup, provides you with a portal to explore a centralized repository of millions of IOCs extracted from ANY.RUN\u2019s database of interactive malware analysis sessions (sandbox tasks).&nbsp;<\/p>\n\n\n\n<p>What makes our TI Lookup portal stand out? Because our data comes from sandbox tasks, we can connect all events that occurred within a single research session. You can search across all public sandbox tasks launched in ANY.RUN over the last 6 months and build precise queries using wildcards (*) and logical conditions (AND).\u00a0<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-1024x566.png\" alt=\"\" class=\"wp-image-7206\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-1024x566.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-768x424.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-1536x849.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1-740x409.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Use TI Lookup for threat hunting<\/figcaption><\/figure><\/div>\n\n\n<p>Analysis of linked processes, modules, files, network traffic, and registry activities helps a SOC team better understand encountered threats. Then, they can minimize potential damage to the infrastructure.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read more about Threat Intelligence Lookup \u2192<\/a>\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nBolster your security <br>Try ANY.RUN\u2019s <span class=\"highlight\">Threat Intelligence Lookup<\/span> platform&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">RSPAMD module&nbsp;<\/h3>\n\n\n\n<p>We\u2019ve added a new module to <a href=\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\" target=\"_blank\" rel=\"noreferrer noopener\">Static Discovering<\/a>. It integrates RSPAMD into ANY.RUN \u2014 an open-source email filtering system. RSPAMD is designed to detect and flag spam, phishing attempts, and other malicious content in emails.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-video aligncenter\"><video controls src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/02\/RSPAMD-edit-1.mp4\"><\/video><figcaption class=\"wp-element-caption\">RSPAMD extends ANY.RUN&#8217;s phishing detection capabilities<\/figcaption><\/figure>\n\n\n\n<p>With the RSPAMD module, analyzing emails becomes easier, helping you determine if you&#8217;re dealing with phishing. Features like Score, Content, and Header Descriptions allow you to gauge the email&#8217;s maliciousness even before opening it in the virtual machine, saving you time. However, it&#8217;s important to note that the information provided by this module is advisory.\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nStreamline analysis of phishing emails with <span class=\"highlight\">ANY.RUN<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\/\" rel=\"noopener\" target=\"_blank\">\nGet started with a free account\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>RSPAMD&#8217;s description covers both the entire email and specific suspicious parts, such as headers or content. This allows you to make your own decision about the email&#8217;s safety.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/rspamd-email-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read more about using RSPAMD in ANY.RUN (case-study) \u2192<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SSO Improvements &nbsp;<\/h3>\n\n\n\n<p>We&#8217;ve addressed several SSO issues and added new features: the logout feature is now working smoothly, we&#8217;ve resolved the setup problem with SSO, and we&#8217;ve introduced a new feature allowing users to log in not only through our authorization window but also via third-party services. Now, with our SSO service, you can simply click on the designated block with ANY.RUN and seamlessly proceed already authorized.&nbsp;<\/p>\n\n\n\n<p>Also, we&#8217;ve ensured compatibility with Azure and Okta, two of the most popular SSO providers, and tackled various other issues along the way.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Expanded threat coverage&nbsp;<\/h2>\n\n\n\n<p>In February, we implemented a new generic rule for <a href=\"https:\/\/app.any.run\/tasks\/9e3a667e-19a4-4a73-89f2-cd6ab0c06ddc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">Discord grabbers<\/a>. These grabbers are typically coded in JavaScript (using Electron) or Python, with Discord being their primary target. Typically, their objective is to steal payment data, although some are capable of also nabbing passwords and cookies from web browsers, capturing screenshots, and executing other typical actions associated with stealers.\u00a0<\/p>\n\n\n\n<p>ANY.RUN now also detects <a href=\"https:\/\/app.any.run\/tasks\/75252c53-1e7a-45d8-a920-cd20f7e4ce59\/\" target=\"_blank\" rel=\"noreferrer noopener\">KitStealer<\/a>. This malware functions as both a downloader and a stealer, targeting clipboard contents and taking screenshots, with a primary focus on pilfering cryptocurrency wallets. It communicates with the server via HTTP in JSON format and employs XOR encryption for data transmission. Note its unconventional communication pattern: the server issues configurations for all malware, and each specific malware variant either seeks its own configuration or employs a standard one. Sometimes, it also drops <a href=\"https:\/\/any.run\/malware-trends\/quasar\" target=\"_blank\" rel=\"noreferrer noopener\">QuasarRAT<\/a>.\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet a personal demo of <span class=\"highlight\">ANY.RUN<\/span> from our team&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" rel=\"noopener\" target=\"_blank\">\nGet demo\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New Yara Rules&nbsp;<\/h2>\n\n\n\n<p>In February, we\u2019ve added Yara rules that cover the following threat:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e359a1cc-7e44-4b29-ab42-1d9ed6ec6dc0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">HAMAS<\/a>\u00a0\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/67c9d51f-d684-4873-b814-e305a826ff76\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">WhiteSnake<\/a> stealer\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/dcdb2d28-91fd-4fb9-8f8c-7c1985de46ee\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">ZLoder<\/a> (we\u2019ve also fixed the exrtactor) \u00a0\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/9ea21e9b-5847-4d41-b3a9-d40ae5132ebe\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2017-0199<\/a>, an MS Office exploit\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/efb019e4-fbcd-44a5-aaa3-ddf43e44e45e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">RaspberryRobin<\/a>\u00a0\u00a0 \u00a0<\/li>\n<\/ul>\n\n\n\n<p>\u00a0The Yara rule covering <a href=\"https:\/\/app.any.run\/tasks\/08023ba2-522b-4f36-addc-d3c28982b5d8\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">XMRig<\/a> was fixed.\u00a0<\/p>\n\n\n\n<p>New Signatures&nbsp;<\/p>\n\n\n\n<p>In February, we\u2019ve added 26 new signatures to ANY.RUN. Here are the highlights:&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Phishing through the abuse of Squarespace Service (RGDA Domain Structure) has been <a href=\"https:\/\/app.any.run\/tasks\/efbbee8b-ff07-4e4d-ac11-6460dde4769a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">detected<\/a>.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We&#8217;ve also covered a Mirai-based botnet, <a href=\"https:\/\/app.any.run\/tasks\/a2047f1a-64dd-445c-b38d-53d4c173f9ad\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">Gafgyt.DDoS<\/a>, for which we&#8217;re developing rules specifically for Linux systems.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We found a new and rare backdoor called <a href=\"https:\/\/app.any.run\/tasks\/86c25e63-f182-490c-b253-427670ac65e0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">TheClient<\/a>. Additionally, we&#8217;ve detected the <a href=\"https:\/\/app.any.run\/tasks\/32e082ba-0664-4c89-a05f-b320c1001dc4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">CodRun<\/a> clicker, <a href=\"https:\/\/app.any.run\/tasks\/e605935d-44ff-4ee4-8849-a86660a23a61\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">KeyBonza SockClipper<\/a>, along with two stealers: <a href=\"https:\/\/app.any.run\/tasks\/1c90c840-33ec-4292-8081-3fe9931c879a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">KitStealer<\/a>, and <a href=\"https:\/\/app.any.run\/tasks\/a900d365-349e-403f-b886-2ea341210f00\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">StealIt<\/a>.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We&#8217;re closely monitoring the activities of the <a href=\"https:\/\/app.any.run\/tasks\/2a811706-dfb5-4271-8f5b-282aeeede417\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">Stegocampaign APT TA558<\/a> and the <a href=\"https:\/\/app.any.run\/tasks\/c4e22875-4add-4940-baf5-9d4daf9735f8\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">Dadsec<\/a> phishing kit.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We&#8217;ve expanded the set of rules covering the Meduza Stealer and shared them with the <a href=\"https:\/\/community.emergingthreats.net\/t\/medusa-stealer\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ET community<\/a>. \u00a0<\/li>\n<\/ul>\n\n\n\n<p>Additionally, we&#8217;ve clarified rules for the <a href=\"https:\/\/app.any.run\/tasks\/f72db5d6-660b-4f3c-a7cb-e3b61dc54948\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktoservice&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2017-11882 exploit<\/a>, specifically targeting obfuscated RTF documents with CLSID Equation Editor. We&#8217;ve also begun monitoring the SilentCryptoMiner miner with <a href=\"https:\/\/community.emergingthreats.net\/t\/silentcryptominer\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">rules<\/a> provided by the ET community.\u00a0<\/p>\n\n\n\n<p>And last but not least, attackers have been using the Impacket SmbServer to harvest data from victims during a mass malicious email campaign from February 23 to February 29:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-1024x576.png\" alt=\"\" class=\"wp-image-7207\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-2048x1152.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/2-740x416.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><a href=\"https:\/\/twitter.com\/anyrun_app\/status\/1762854550627561852\" target=\"_blank\" rel=\"noreferrer noopener\">Learn more about this threat<\/a><\/figcaption><\/figure><\/div>\n\n\n<p>We talked about this threat in <a href=\"https:\/\/twitter.com\/anyrun_app\/status\/1762854550627561852\" target=\"_blank\" rel=\"noreferrer noopener\">this tweet<\/a>.\u00a0<br>\u00a0<br><strong>About ANY.RUN\u00a0\u00a0 <\/strong>\u00a0<\/p>\n\n\n\n<p>&nbsp;ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 400,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/#register\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=releasenotesfeb2024&amp;utm_content=linktolanding&amp;utm_term=040324\" target=\"_blank\" rel=\"noreferrer noopener\">Try our sandbox with a free account \u2192\u00a0<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN\u2019s monthly update series, where we share what the team has been working on this past month.\u00a0\u00a0 \u00a0 In February, we released our biggest Threat Intelligence product yet \u2014 the ANY.RUN Lookup portal. We also introduced a new email analysis workflow with an RSPAMD Static Discovering Module, expanded threat coverage in the sandbox [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":7208,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34,56],"class_list":["post-7205","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: TI Lookup, RSPAMD, New Signatures, and More<\/title>\n<meta name=\"description\" content=\"In February, we released TI Lookup, introduced a new email analysis workflow with RSPAMD, and expanded threat coverage.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vlad Ananin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/\"},\"author\":{\"name\":\"Vlad Ananin\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: Threat Intelligence Lookup, RSPAMD, 26 New Signatures, and More\",\"datePublished\":\"2024-03-04T09:59:52+00:00\",\"dateModified\":\"2024-03-04T10:05:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/\"},\"wordCount\":920,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/\",\"name\":\"Release Notes: TI Lookup, RSPAMD, New Signatures, and More\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-03-04T09:59:52+00:00\",\"dateModified\":\"2024-03-04T10:05:36+00:00\",\"description\":\"In February, we released TI Lookup, introduced a new email analysis workflow with RSPAMD, and expanded threat coverage.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Threat Intelligence Lookup, RSPAMD, 26 New Signatures, and More\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Vlad Ananin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"caption\":\"Vlad Ananin\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: TI Lookup, RSPAMD, New Signatures, and More","description":"In February, we released TI Lookup, introduced a new email analysis workflow with RSPAMD, and expanded threat coverage.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/","twitter_misc":{"Written by":"Vlad Ananin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/"},"author":{"name":"Vlad Ananin","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Threat Intelligence Lookup, RSPAMD, 26 New Signatures, and More","datePublished":"2024-03-04T09:59:52+00:00","dateModified":"2024-03-04T10:05:36+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/"},"wordCount":920,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/","name":"Release Notes: TI Lookup, RSPAMD, New Signatures, and More","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-03-04T09:59:52+00:00","dateModified":"2024-03-04T10:05:36+00:00","description":"In February, we released TI Lookup, introduced a new email analysis workflow with RSPAMD, and expanded threat coverage.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-february-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Threat Intelligence Lookup, RSPAMD, 26 New Signatures, and More"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Vlad Ananin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","caption":"Vlad Ananin"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7205"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7205"}],"version-history":[{"count":3,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7205\/revisions"}],"predecessor-version":[{"id":7212,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7205\/revisions\/7212"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7208"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}