{"id":7506,"date":"2024-04-02T09:41:25","date_gmt":"2024-04-02T09:41:25","guid":{"rendered":"\/cybersecurity-blog\/?p=7506"},"modified":"2024-09-26T11:31:11","modified_gmt":"2024-09-26T11:31:11","slug":"release-notes-march-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/","title":{"rendered":"Release Notes: PowerShell Tracer, Browser Extensions, Integrations and More\u00a0"},"content":{"rendered":"\n<p>Welcome to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktolanding&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>\u2019s monthly update series, where we share what the team has been working on this past month.&nbsp;<\/p>\n\n\n\n<p>Last month, in March, we\u2019ve added PowerShell support to our Script Tracer, released browser extensions for Chrome and Edge that allow select enterprise customers to launch tasks directly from their browser&#8217;s top panel, integrated with multiple security vendors including OpenCTI, and expanded our threat coverage with new YARA and Suricata rules.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s cover these updates one-by-one.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New features&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-1024x589.png\" alt=\"\" class=\"wp-image-7507\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-1024x589.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-300x172.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-768x441.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-1536x883.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-2048x1177.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-370x213.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-270x155.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/1-min-740x425.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Example of PowerShell script in ANY.RUN\u2019s Tracer&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">PowerShell tracer&nbsp;<\/h3>\n\n\n\n<p>Now, in addition to JScript, VB Script, VBA, and Macro 4.0, Script Tracer also supports PowerShell. <\/p>\n\n\n\n<p>PowerShell is used by various malicious actors and APTs,&nbsp;including popular ones like TrickBot and REvil, for persistence, lateral movement, and payload execution. Trace PowerShell execution step by step to analyze and mitigate these \u2014 and other similar \u2014 threats.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ANY.RUN browser extensions&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN extensions are now available for both <a href=\"https:\/\/chromewebstore.google.com\/detail\/anyrun-sandbox\/lgklkhgljfifnnpgkblckolmaafmkikk\" target=\"_blank\" rel=\"noreferrer noopener\">Chrome and Edge<\/a> browsers. Here\u2019s how they work. For instance, if you encounter a suspicious webpage or are checking a link from a potential phishing email, you can simply open the extension and launch a task while remaining on that page, rather than navigating to the service separately.&nbsp;<\/p>\n\n\n\n<p>This not only saves you time but is also more convenient. You can view the task results directly within the extension or navigate to the completed task on ANY.RUN for a detailed study.&nbsp;<\/p>\n\n\n\n<p>Extensions are currently available for Hunter and Enterprise plans&#8217; users.\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTo inquire about <span class=\"highlight\">ANY.RUN browser extensions<\/span>, <br>reach out to our Sales team&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New integrations&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve integrated with multiple vendors to seamlessly incorporate ANY.RUN into your existing ecosystem of security products. Our latest integrations include:<\/p>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">\u2699\ufe0f ANY.RUN Integrations<\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <ul>\n      <li>OpenCTI<\/li>\n      <li>D3 Security<\/li>\n      <li>Threat Quotient<\/li>\n      <li>Threat Quotient<\/li>\n      <li>Blink<\/li>\n      <li>TheHive<\/li>\n    <\/ul>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"556\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-1024x556.png\" alt=\"\" class=\"wp-image-7508\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-1024x556.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-300x163.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-768x417.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-370x201.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-270x147.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2-740x402.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/2.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Enrich OpenCTI observations with data from ANY.RUN sandbox&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read about our integration with OpenCTI.<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New signatures&nbsp;<\/h2>\n\n\n\n<p>In March, we added 63 new malware signatures. Here are a few examples:<\/p>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">? Fresh Signatures<\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <ul>\n      <li><a href=\"https:\/\/app.any.run\/tasks\/f05028f9-4f31-40d5-bfb3-d96cea54fdad\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=march_release_notes&#038;utm_content=linktoservice&#038;utm_term=020424\" target=\"_blank\" rel=\"noopener\">Monoxide<\/a><\/li>\n      <li><a href=\"https:\/\/app.any.run\/tasks\/0449d710-3348-4694-8c62-c7127f62e2a7\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=march_release_notes&#038;utm_content=linktoservice&#038;utm_term=020424\" target=\"_blank\" rel=\"noopener\">Electronic<\/a><\/li>\n      <li><a href=\"https:\/\/app.any.run\/tasks\/da9db529-856e-4fd6-b00c-e139e6de18bd\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=march_release_notes&#038;utm_content=linktoservice&#038;utm_term=020424\" target=\"_blank\" rel=\"noopener\">Avos Locker<\/a><\/li>\n      <li><a href=\"https:\/\/app.any.run\/tasks\/e42f916e-d1b1-4921-9d75-ad81500f8046\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=march_release_notes&#038;utm_content=linktoservice&#038;utm_term=020424\" target=\"_blank\" rel=\"noopener\">WhiteSnake<\/a><\/li>\n    <\/ul>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n\n<p>We\u2019ve also added a YARA rule for <a href=\"https:\/\/app.any.run\/tasks\/95f52dce-2a31-4add-a800-ed88e9e97c75\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">Anatova ransomware,<\/a> updated configuration extractor for <a href=\"https:\/\/app.any.run\/tasks\/d38f99ed-2ac0-4a90-baad-0245a60a8523\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">Eternity stealer<\/a>, and fixed detection and config extraction for <a href=\"https:\/\/app.any.run\/tasks\/9f7dd34f-c699-4a4f-8404-184f08f3a55b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">Amadey<\/a>. We&#8217;ve also updated the Suricata prompt for ChatGPT to include more Suricata fields. This has made the AI analysis more useful.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New network rules&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"671\" height=\"1024\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-671x1024.png\" alt=\"\" class=\"wp-image-7509\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-671x1024.png 671w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-197x300.png 197w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-768x1172.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-1007x1536.png 1007w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-370x564.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-270x412.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3-740x1129.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/3.png 1252w\" sizes=\"(max-width: 671px) 100vw, 671px\" \/><figcaption class=\"wp-element-caption\">Read about <a href=\"https:\/\/x.com\/RussianPanda9xx\/status\/1764855507137749439?s=20\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">PlanetStealer on X<\/a>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PlanetStealer: <\/strong>Recently<strong>, <\/strong>our team of analysts has discovered a new malware called PlanetStealer. We&#8217;ve now added Suricata rules to detect it, which you can see in <a href=\"https:\/\/app.any.run\/tasks\/29a35c5b-ff81-41d9-8b62-090283f6c63a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">this task<\/a> in ANY.RUN. We&#8217;ve also <a href=\"https:\/\/community.emergingthreats.net\/t\/planetstealer\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">shared<\/a> these detection rules with the Emerging Threats (ET) open source community.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DARP<\/strong>: Our team has discovered a new Java-based malware loader that we&#8217;ve named DARP, short for <strong>DownloadAndRunPacket<\/strong> which is one of the classes it uses. You can find network signatures designed to detect this malware in <a href=\"https:\/\/app.any.run\/tasks\/643832d3-19e6-46b2-a77f-74ad48eb529a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">this ANY.RUN task<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AsukaStealer: <\/strong>We&#8217;ve published an in-depth analysis of this malware on our blog, which you can read <a href=\"https:\/\/app.any.run\/tasks\/f526f089-a878-4a0a-a381-140e1a9af567\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>. Additionally, we&#8217;ve <a href=\"https:\/\/app.any.run\/tasks\/f526f089-a878-4a0a-a381-140e1a9af567\/\" target=\"_blank\" rel=\"noreferrer noopener\">added<\/a> new rules to our sandbox environment that can detect this stealer&#8217;s network traffic signatures.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DarkGate<\/strong>: We have <a href=\"https:\/\/app.any.run\/tasks\/4437c29a-0bfc-40f2-84e5-9b51f7527289\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">implemented<\/a> a new rule to detect the latest version of the DarkGate malware. The rule, called&nbsp;<strong>LOADER [ANY.RUN] DarkGate Stager<\/strong>,&nbsp;is designed to identify the malware&#8217;s loader component.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We&#8217;ve also developed a set of network rules to identify suspicious activity patterns. These rules are based on a research article that we&#8217;ll publish on our blog soon. But for now, we&#8217;ll keep the details under wraps, although these rule names are spoilers enough:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>POLICY [ANY.RUN] Retrieves Properties of a Lnk file via WebDAV&nbsp;<\/li>\n\n\n\n<li>POLICY [ANY.RUN] A suspicious Lnk file was downloaded containing a command shell launch (cmd.exe)&nbsp;<\/li>\n\n\n\n<li>POLICY [ANY.RUN] A suspicious Lnk file was downloaded causing the exe file to be executed&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/744ff4f3-699a-4fb2-b11d-d403b4f6214d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">POLICY [ANY.RUN] A suspicious Lnk file leading to a WebDAV resource was downloaded<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/48f5b667-b814-488d-ac14-5f22f55b8676\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">POLICY [ANY.RUN] Possible NTLM Hash leak over SMB (NTLMSSP_AUTH)<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Last but not least, we&#8217;ve made phishing detection more accurate with new behavioral Suricata rules that aren&#8217;t tied to specific domains. This <a href=\"https:\/\/app.any.run\/tasks\/b92346f1-7bd8-44fd-8f8f-bde7ecd4148f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=march_release_notes&amp;utm_content=linktoservice&amp;utm_term=020424\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> task shows the improvement well in action.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN\u2019s flagship product is an interactive malware sandbox that helps security teams efficiently analyze malware.&nbsp;<\/p>\n\n\n\n<p>Every day, a community of 400,000 analysts and 3000 corporate clients use our cloud-based platform to analyze Windows and Linux threats.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIdentify malicious activity in <span class=\"highlight\">less than 40s<\/span> with ANY.RUN&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\/\" rel=\"noopener\" target=\"_blank\">\nGet started free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Key advantages of ANY.RUN for businesses:<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Interactive analysis: <\/strong>Analysts can \u201cplay with the sample\u201d in a VM to learn more about its behavior.&nbsp;<\/li>\n\n\n\n<li><strong>Fast and easy configuration. <\/strong>Launch VMs with different configurations in a matter of seconds.&nbsp;<\/li>\n\n\n\n<li><strong>Fast detection: <\/strong>Detects malware within roughly 40 seconds of uploading a file.&nbsp;<\/li>\n\n\n\n<li><strong>Cloud-based solution<\/strong> eliminates setup and maintenance costs.&nbsp;<\/li>\n\n\n\n<li><strong>Intuitive interface<\/strong>: Enables even junior SOC analysts to conduct malware analysis.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Learn how ANY.RUN can benefit you or your security team. Schedule a free demo with one of our sales representatives, and we&#8217;ll walk you through real-world examples.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Schedule a demo \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN\u2019s monthly update series, where we share what the team has been working on this past month.&nbsp; Last month, in March, we\u2019ve added PowerShell support to our Script Tracer, released browser extensions for Chrome and Edge that allow select enterprise customers to launch tasks directly from their browser&#8217;s top panel, integrated with multiple [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6408,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,56],"class_list":["post-7506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: PowerShell Tracer, Browser Extension, and More<\/title>\n<meta name=\"description\" content=\"In March 2024, ANY.RUN added PowerShell support to the Script Tracer tool, released a Chrome browser extension, and integrated with OpenCTI.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"y.shvetsov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/\"},\"author\":{\"name\":\"y.shvetsov\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: PowerShell Tracer, Browser Extensions, Integrations and More\u00a0\",\"datePublished\":\"2024-04-02T09:41:25+00:00\",\"dateModified\":\"2024-09-26T11:31:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/\"},\"wordCount\":902,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/\",\"name\":\"Release Notes: PowerShell Tracer, Browser Extension, and More\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-04-02T09:41:25+00:00\",\"dateModified\":\"2024-09-26T11:31:11+00:00\",\"description\":\"In March 2024, ANY.RUN added PowerShell support to the Script Tracer tool, released a Chrome browser extension, and integrated with OpenCTI.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: PowerShell Tracer, Browser Extensions, Integrations and More\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"y.shvetsov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\"caption\":\"y.shvetsov\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: PowerShell Tracer, Browser Extension, and More","description":"In March 2024, ANY.RUN added PowerShell support to the Script Tracer tool, released a Chrome browser extension, and integrated with OpenCTI.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/","twitter_misc":{"Written by":"y.shvetsov","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/"},"author":{"name":"y.shvetsov","@id":"https:\/\/any.run\/"},"headline":"Release Notes: PowerShell Tracer, Browser Extensions, Integrations and More\u00a0","datePublished":"2024-04-02T09:41:25+00:00","dateModified":"2024-09-26T11:31:11+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/"},"wordCount":902,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/","name":"Release Notes: PowerShell Tracer, Browser Extension, and More","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-04-02T09:41:25+00:00","dateModified":"2024-09-26T11:31:11+00:00","description":"In March 2024, ANY.RUN added PowerShell support to the Script Tracer tool, released a Chrome browser extension, and integrated with OpenCTI.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-march-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: PowerShell Tracer, Browser Extensions, Integrations and More\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"y.shvetsov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","caption":"y.shvetsov"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7506"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7506"}],"version-history":[{"count":8,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7506\/revisions"}],"predecessor-version":[{"id":9005,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7506\/revisions\/9005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/6408"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}