{"id":7634,"date":"2024-04-16T07:10:24","date_gmt":"2024-04-16T07:10:24","guid":{"rendered":"\/cybersecurity-blog\/?p=7634"},"modified":"2025-07-21T09:03:56","modified_gmt":"2025-07-21T09:03:56","slug":"malware-trends-q1-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/","title":{"rendered":"Malware Trends Report: Q1, 2024"},"content":{"rendered":"\n<p>We&#8217;re excited to share <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_q1_24=160424&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&#8216;s latest malware trends analysis for Q1 2024! Our quarterly update provides insights into the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary&nbsp;<\/h2>\n\n\n\n<p>In Q1 2024, ANY.RUN users ran 877,212 public interactive analysis sessions, which is a 17.2% increase from <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q4-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">Q4 2023<\/a>. Out of these, our data marks 156,623 (17.8%) as malicious, and 30,958 (3.5%) \u2014 suspicious.&nbsp;<\/p>\n\n\n\n<p>Compared to last quarter, the percentage of malicious tasks dropped slightly from 22.7% in Q4 2023 to 17.2% in Q1 2024. The share of suspicious tasks stayed about the same (4.5% to 3.5%).&nbsp;<\/p>\n\n\n\n<p>As for <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">Indicators of Compromise<\/a> (IOCs), users collected a total of 238,178,511 IOCs this quarter, and 63,681,137 (26.7%) of them were unique.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-1024x567.jpg\" alt=\"\" class=\"wp-image-7635\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-1024x567.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-300x166.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-768x425.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-370x205.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-270x149.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024-740x410.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Review-Statistics-Q1-2024.jpg 1263w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>In today&#8217;s report, we&#8217;ll:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Explore the most common malware types and families in Q1 2024, using data from ANY.RUN&nbsp;<\/li>\n\n\n\n<li>Investigate the top <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE ATT&amp;CK TTPs<\/a> employed during this quarter&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Let&#8217;s dive in and see what we uncover!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Types in Q4 2023 &nbsp;<\/h2>\n\n\n\n<p>Let&#8217;s take a closer look at the most common malware types identified by ANY.RUN&#8217;s sandbox.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-1024x538.jpg\" alt=\"\" class=\"wp-image-7636\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Types.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/stealer\" target=\"_blank\" rel=\"noreferrer noopener\">Stealer<\/a>: 5799&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/RAT\/\" target=\"_blank\" rel=\"noreferrer noopener\">RAT<\/a>: 4956&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/loader\/\" target=\"_blank\" rel=\"noreferrer noopener\">Loader<\/a>: 4770&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ransomware<\/a>: 4065&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/keylogger\/\" target=\"_blank\" rel=\"noreferrer noopener\">Keylogger<\/a>: 1682&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/trojan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Trojan<\/a>: 972&nbsp;<\/li>\n\n\n\n<li>Backdoor: 587&nbsp;<\/li>\n\n\n\n<li>Miner: 277&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Top malware types: highlights&nbsp;<\/h3>\n\n\n\n<p>In Q1 2024, Stealers remained the most widely detected category, with 5,799 detections. This is a slight decrease from the previous quarter&#8217;s 6,662 detections.&nbsp;<\/p>\n\n\n\n<p>Loader detections remained stable, with 4,770 detections in Q1 2024 compared to 4,752 in <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">Q3 2023<\/a>. However, there appears to have been a vermin infestation in Q1 2024 cyberspace, as RAT detections doubled from 2,444 in Q3 2023 to 4,956 in Q1 2024, making it the second most prevalent threat type.&nbsp;<\/p>\n\n\n\n<p>Ransomware moved into fourth place with 4,065 detections, up from 3,333 in the previous quarter, representing a 21.9% increase in detections. This indicates that ransomware is gaining popularity as a threat type. Keylogger detections also doubled, with 1,682 instances in Q1 2024 compared to 837 in Q3 2023.&nbsp;<\/p>\n\n\n\n<p>The differences in miner and backdoor detections are negligible and can be attributed to statistical noise, indicating that the popularity of these threats has remained relatively unchanged.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAnalyze malware and collect IOCs in <span class=\"highlight\">ANY.RUN<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=malware_trends_q1_24=160424&#038;utm_content=linktoregistration#register\/\" rel=\"noopener\" target=\"_blank\">\nRegister for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Families in Q1 2024&nbsp;<\/h2>\n\n\n\n<p>Let&#8217;s now take a look at which malware families have been used the most in the first quarter of 2024.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-1024x538.jpg\" alt=\"\" class=\"wp-image-7637\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Families.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/remcos\/\" target=\"_blank\" rel=\"noreferrer noopener\">Remcos<\/a>: 1817&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/agenttesla\/\" target=\"_blank\" rel=\"noreferrer noopener\">Agent Tesla<\/a>: 1739&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/njrat\/\" target=\"_blank\" rel=\"noreferrer noopener\">NjRAT<\/a>: 1219&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/asyncrat\/\" target=\"_blank\" rel=\"noreferrer noopener\">AsyncRAT<\/a>: 1155&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/redline\/\" target=\"_blank\" rel=\"noreferrer noopener\">RedLine<\/a>: 712&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/amadey\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amadey<\/a>: 400&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/dcrat\/\" target=\"_blank\" rel=\"noreferrer noopener\">DCRat<\/a>: 388&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/formbook\/\" target=\"_blank\" rel=\"noreferrer noopener\">Formbook<\/a>: 359&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/emotet\/\" target=\"_blank\" rel=\"noreferrer noopener\">Emotet<\/a>: 355&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/vidar\/\" target=\"_blank\" rel=\"noreferrer noopener\">Vidar<\/a>: 227&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Top malware families: highlights&nbsp;<\/h3>\n\n\n\n<p>In Q1 2024, Remcos took the lead, replacing Agent Tesla as the most prevalent malware, while NjRAT and AsyncRAT made significant jumps in the rankings.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Remcos<\/strong> climbed to the top spot with 1817 instances, which is a 68.1% increase from 1081 in Q4 2023.&nbsp;<\/li>\n\n\n\n<li><strong>RedLine<\/strong> dropped from second to fifth place with 712 instances, a decrease of 55.1% from 1586 in Q4 2023.&nbsp;<\/li>\n\n\n\n<li><strong>Agent Tesla<\/strong> slipped to second place with 1739 instances, a slight decrease of 1.7% from 1769 in Q4 2023.&nbsp;<\/li>\n\n\n\n<li><strong>NjRAT<\/strong> jumped to the third position with 1219 instances, an increase of 96.6% from 620 in Q4 2023.&nbsp;<\/li>\n\n\n\n<li><strong>DCRat<\/strong> is a new addition to the top 10 list, claiming the seventh spot with 388 instances.&nbsp;<\/li>\n\n\n\n<li><strong>AsyncRAT <\/strong>moved up to fourth place with 1155 instances, a significant increase of 116.7% from 533 in Q4 2023.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Top MITRE ATT&amp;CK techniques in Q1 2024&nbsp;<\/h2>\n\n\n\n<p>The MITRE ATT&amp;CK framework categorizes adversary behavior into tactics and techniques, helping malware analysts more efficiently identify, assess, and respond to threats.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-1024x538.jpg\" alt=\"\" class=\"wp-image-7638\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/Top-Mitre.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-94\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"3\"\n           data-rows=\"21\"\n           data-wpID=\"94\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:13.419913419913%;                    padding:10px;\n                    \"\n                    >\n                                        #\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:43.290043290043%;                    padding:10px;\n                    \"\n                    >\n                                        MITRE ATT&CK Technique\u00a0 \u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:43.290043290043%;                    padding:10px;\n                    \"\n                    >\n                                        \u2116 of detections\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Email Collection: Local Email Collection, T1114.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        32,967\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Virtualization\/Sandbox Evasion: Time Based Evasion, T1497.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        24,949\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        System Binary Proxy Execution: Rundll32, Sub-technique, T1218.011\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        24,526\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        4\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: Windows Command Shell, T1059.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        22,515\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Masquerading: Rename System Utilities, T1036.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C6\"\n                    data-col-index=\"2\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        21,392\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        6\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: PowerShell, T1059.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C7\"\n                    data-col-index=\"2\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        12,164\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        7\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Boot or Logon Autostart Execution: Registry Run Keys \/ Startup Folder, T1547.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C8\"\n                    data-col-index=\"2\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        10,209\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        8\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Masquerading: Match Legitimate Name or Location, T1036.005\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C9\"\n                    data-col-index=\"2\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        9469\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        9\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        System Services: Service Execution, T1569.002\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C10\"\n                    data-col-index=\"2\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        7758\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        10\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: Visual Basic, T1059.005\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C11\"\n                    data-col-index=\"2\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        6105\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A12\"\n                    data-col-index=\"0\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        11\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B12\"\n                    data-col-index=\"1\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Scheduled Task\/Job: Scheduled Task, T1053.005\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C12\"\n                    data-col-index=\"2\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5025\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A13\"\n                    data-col-index=\"0\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        12\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B13\"\n                    data-col-index=\"1\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        File and Directory Permissions Modification: Windows File and Directory Permissions Modification, T1222.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C13\"\n                    data-col-index=\"2\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3470\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A14\"\n                    data-col-index=\"0\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        13\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B14\"\n                    data-col-index=\"1\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: JavaScript, T1059.007\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C14\"\n                    data-col-index=\"2\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3347\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A15\"\n                    data-col-index=\"0\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        14\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B15\"\n                    data-col-index=\"1\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Virtualization\/Sandbox Evasion: System Checks, T1497.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C15\"\n                    data-col-index=\"2\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3129\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A16\"\n                    data-col-index=\"0\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        15\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B16\"\n                    data-col-index=\"1\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Impair Defenses: Disable or Modify Tools, T1562.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C16\"\n                    data-col-index=\"2\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2970\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A17\"\n                    data-col-index=\"0\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        16\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B17\"\n                    data-col-index=\"1\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Hide Artifacts: Hidden Files and Directories, T1564.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C17\"\n                    data-col-index=\"2\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2800\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A18\"\n                    data-col-index=\"0\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        17\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B18\"\n                    data-col-index=\"1\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Software Discovery: Security Software Discovery, T1518.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C18\"\n                    data-col-index=\"2\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2573\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A19\"\n                    data-col-index=\"0\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        18\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B19\"\n                    data-col-index=\"1\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        User Execution: Malicious File, T1204.002\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C19\"\n                    data-col-index=\"2\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2505\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A20\"\n                    data-col-index=\"0\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        19\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B20\"\n                    data-col-index=\"1\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: Unix Shell, T1059.004\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C20\"\n                    data-col-index=\"2\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2464\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A21\"\n                    data-col-index=\"0\"\n                    data-row-index=\"20\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        20\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B21\"\n                    data-col-index=\"1\"\n                    data-row-index=\"20\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Hide Artifacts: Hidden Window, Sub-technique T1564.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C21\"\n                    data-col-index=\"2\"\n                    data-row-index=\"20\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2411\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-94'>\ntable#wpdtSimpleTable-94{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-94 td, table.wpdtSimpleTable94 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h3 class=\"wp-block-heading\">Top TTPs: Q4 2023 vs Q1 2024 highlights&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>T1036.005, Masquerading: Match Legitimate Name or Location<\/strong>, saw a dramatic decrease, dropping from 98,578 detections in Q4 2023 to just 9,469 in Q1 2024 &#8211; a whopping 90.4% reduction.&nbsp;<\/li>\n\n\n\n<li><strong>T1114.001, Email Collection: Local Email Collection<\/strong>, moved up to the top spot in Q1 2024 with 32,967 detections, a 21.0% increase from the previous quarter.&nbsp;<\/li>\n\n\n\n<li><strong>T1497.003, Virtualization\/Sandbox Evasion: Time Based Evasion<\/strong>, jumped from 8th place in Q4 2023 to 2nd place in Q1 2024, with detections nearly tripling from 8,943 to 24,949 (a 179.0% increase).&nbsp;<\/li>\n\n\n\n<li><strong>T1218.011, System Binary Proxy Execution: Rundll32<\/strong>, moved up one spot to 3rd place, with detections increasing by 14.5% from 21,426 to 24,526.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">ANY.RUN<\/span> automatically maps malicious behavior <br>to the <span class=\"highlight\">MITRE matrix<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=malware_trends_q1_24=160424&#038;utm_content=linktoregistration#register\/\" rel=\"noopener\" target=\"_blank\">\nTry it for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Report methodology &nbsp;<\/h2>\n\n\n\n<p>For our report, we looked at data from 877,212 interactive analysis sessions. This information comes from researchers in our community who contributed by running <a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=encryption_in_malware&amp;utm_term=110424&amp;utm_content=linktopublicsubmissions\/\" target=\"_blank\" rel=\"noreferrer noopener\">public tasks<\/a> in ANY.RUN.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN is a trusted partner for more than 400,000 cybersecurity professionals around the world. Our interactive sandbox simplifies malware analysis of threats targeting both Windows and Linux systems, providing analysts with an advanced tool for investigations. Our threat intelligence products, Lookup and Feeds, offer refined indicators of compromise and context that lets users detect threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Advantages of ANY.RUN&nbsp;&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN helps you analyze threats faster while improving detection rates. The platform detects common malware families with YARA and Suricata rules and identifies malware behavior with signatures when detection by family is not possible.&nbsp;<\/p>\n\n\n\n<p>With ANY.RUN you can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detect malware in under 40s<\/strong>: ANY.RUN detects malware within about 40 seconds of a file upload. It identifies prevalent malware families using YARA and Suricata rules and uses behavioral signatures to detect malicious actions when you encounter a new threat.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Interact with samples in real time<\/strong>: ANY.RUN is an interactive cloud sandbox powered by VNC, which means that you can do everything you could on a real system: browse webpages, click through installers, open password-protected archives.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Save time and money on sandbox setup and maintenance<\/strong>: ANY.RUN\u2019s cloud-based nature eliminates the need for setup or maintenance by your DevOps team, making it a cost-effective solution for businesses.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Record and study all aspects of malware behavior<\/strong>: ANY.RUN provides a detailed analysis of malware behavior, including network traffic, system calls, and file system changes.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Collaborate with your team<\/strong>: easily share analysis results, or, as a senior team member, check work of junior analysts by viewing recordings of their analysis sessions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scale as you need<\/strong>: as a cloud service, you can easily scale your team, simply by adding more licenses.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We&#8217;ll show you in an interactive presentation how ANY.RUN can help your security team.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Get a demo \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;re excited to share ANY.RUN&#8216;s latest malware trends analysis for Q1 2024! Our quarterly update provides insights into the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year.&nbsp; Summary&nbsp; In Q1 2024, ANY.RUN users ran 877,212 public interactive analysis sessions, which is a 17.2% increase from [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":7640,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[80],"tags":[10,34],"class_list":["post-7634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reports","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malware Trends Report: Q1, 2024 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Read ANY.RUN&#039;s quarterly update on the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jack Zalesskiy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/\"},\"author\":{\"name\":\"Jack Zalesskiy\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Malware Trends Report: Q1, 2024\",\"datePublished\":\"2024-04-16T07:10:24+00:00\",\"dateModified\":\"2025-07-21T09:03:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/\"},\"wordCount\":357,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Reports\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/\",\"name\":\"Malware Trends Report: Q1, 2024 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-04-16T07:10:24+00:00\",\"dateModified\":\"2025-07-21T09:03:56+00:00\",\"description\":\"Read ANY.RUN's quarterly update on the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reports\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/reports\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malware Trends Report: Q1, 2024\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Jack Zalesskiy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp\",\"caption\":\"Jack Zalesskiy\"},\"description\":\"Jack Zalesskiy is a technology writer with five years of experience under his belt. He closely follows malware incidents, data breaches, and the way in which cyber threats manifest in our day-to-day lives.\",\"url\":\"#molongui-disabled-link\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Trends Report: Q1, 2024 - ANY.RUN&#039;s Cybersecurity Blog","description":"Read ANY.RUN's quarterly update on the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/","twitter_misc":{"Written by":"Jack Zalesskiy","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/"},"author":{"name":"Jack Zalesskiy","@id":"https:\/\/any.run\/"},"headline":"Malware Trends Report: Q1, 2024","datePublished":"2024-04-16T07:10:24+00:00","dateModified":"2025-07-21T09:03:56+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/"},"wordCount":357,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["cybersecurity","malware analysis"],"articleSection":["Reports"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/","name":"Malware Trends Report: Q1, 2024 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-04-16T07:10:24+00:00","dateModified":"2025-07-21T09:03:56+00:00","description":"Read ANY.RUN's quarterly update on the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year.\u00a0","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q1-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Reports","item":"https:\/\/any.run\/cybersecurity-blog\/category\/reports\/"},{"@type":"ListItem","position":3,"name":"Malware Trends Report: Q1, 2024"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Jack Zalesskiy","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp","caption":"Jack Zalesskiy"},"description":"Jack Zalesskiy is a technology writer with five years of experience under his belt. He closely follows malware incidents, data breaches, and the way in which cyber threats manifest in our day-to-day lives.","url":"#molongui-disabled-link"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7634"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7634"}],"version-history":[{"count":6,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7634\/revisions"}],"predecessor-version":[{"id":7650,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7634\/revisions\/7650"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7640"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}