{"id":7719,"date":"2024-05-02T05:39:25","date_gmt":"2024-05-02T05:39:25","guid":{"rendered":"\/cybersecurity-blog\/?p=7719"},"modified":"2024-05-02T05:39:26","modified_gmt":"2024-05-02T05:39:26","slug":"release-notes-april-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/","title":{"rendered":"Release Notes: YARA Search, New Rules, Config Extractors, and More"},"content":{"rendered":"\n<p>Welcome to <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&#8216;s monthly updates, where we share what our team has been working on over the past month.&nbsp;<\/p>\n\n\n\n<p>In April, we released <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, a new threat intelligence service that allows you to find files, threats, and malware by YARA in 2TB of real-world threat data collected by the ANY.RUN sandbox community and our team.&nbsp;&nbsp;<\/p>\n\n\n\n<p>We&#8217;ve also made several updates to the existing features: our RSPAMD module has been improved to reduce false positives even further, and we&#8217;ve increased the amount of data supplied based on the results of traffic checking using Suricata rules.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>We&#8217;ve also enhanced the mechanism for adding tags to sandbox tasks, and, as always, we&#8217;ve expanded our threat coverage with new YARA and Suricata rules.&nbsp;<\/p>\n\n\n\n<p>Let&#8217;s dive into these updates one by one.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"565\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-1024x565.png\" alt=\"\" class=\"wp-image-7720\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-1024x565.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-768x424.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1-740x408.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/yara1.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">YARA Search interface, showing the text editor and search results<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">New features&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">YARA Search&nbsp;<\/h3>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/yara\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoyarasearch\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a> allows you to find files, malware, and threats using YARA rules, which analyze the contents of files themselves. This is a massive update to ANY.RUN&#8217;s threat intelligence capabilities \u2014 it provides a new way to search for threat data in our growing database, supplied by over 400,000 sandbox users who analyze real malware on a daily basis.&nbsp;<\/p>\n\n\n\n<p>The service also lets you write, edit, test, download, and manage your rules seamlessly within ANY.RUN using a powerful online text editor with syntax highlighting. And, like all our products, it&#8217;s incredibly fast, delivering initial search results in under 5 seconds.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet started with <span class=\"highlight\">YARA Search<\/span> today <br>and unlock its full potential!&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_april&#038;utm_term=020524&#038;utm_content=linktotipricing\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Various improvements&nbsp;&nbsp;<\/h2>\n\n\n\n<p>This month, we didn&#8217;t just push out new features. We also focused heavily on improving existing ones.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We&#8217;ve updated the <a href=\"https:\/\/any.run\/cybersecurity-blog\/rspamd-email-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">RSPAMD module<\/a> script, further reducing the occurrence of false positives.&nbsp;<\/li>\n\n\n\n<li>The data from checking traffic against <a href=\"https:\/\/any.run\/cybersecurity-blog\/new-threat-details-window\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata rules<\/a> is now richer in the network tab.&nbsp;<\/li>\n\n\n\n<li>We&#8217;ve refined the mechanism that assigns tags (such as &#8220;phishing&#8221; to an analysis session where phishing was detected) for improved precision.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New YARA rules and fixes&nbsp;<\/h2>\n\n\n\n<p>We\u2019ve updated detection and config extraction of <a href=\"https:\/\/app.any.run\/tasks\/0ae14d0c-9b01-409c-82c1-4600f00de88c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">GuLoader<\/a>. It now extracts not only C2 but also other strings. We\u2019ve also updated the config extractor and the YARA rule covering <a href=\"https:\/\/app.any.run\/tasks\/12347d5c-6116-4e12-bb1d-f771ffbec611\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Vidar.<\/a> This stealer, based on Arkei, collects information about 2FA and Tor. Its configuration extracts Telegram API and Steam account or group used for data exfiltration, as well as decoded strings.&nbsp;<\/p>\n\n\n\n<p>Other new rules added in April include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/288ee6d7-2288-4264-9723-88edbf715dad\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Blackwood<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/4914a2bc-38a2-4c70-8b3b-6a48a145004a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">PlanetStealer<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/e107d749-bc23-42e2-a9b3-f600aacb68a2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">INC ransomware<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/c4a713c1-c773-46cf-b7df-8ac12468af96\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">SideTwist<\/a>&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/113c9ee8-03d9-4dc1-80a9-4c17e110bcdc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Blister loader<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/43b4cccf-d0b8-4a1a-a061-0e125caa5f5c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Carbanak<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/69004e0e-bcb1-4924-bd39-a3deb08b4cbc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">ReverseSSH<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/278a6397-1b01-4209-9164-416e8e1c29d3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Donex ransomware<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/9db5bc74-7911-42a9-be31-11f317ca0f85\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">RaspberryRobin<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We\u2019ve also made several fixes to existing rules.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We\u2019ve implemented a fix to <a href=\"https:\/\/any.run\/malware-trends\/laplas\" target=\"_blank\" rel=\"noreferrer noopener\">LaplasClipper<\/a> rule.&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/amadey\" target=\"_blank\" rel=\"noreferrer noopener\">Amadey<\/a> detection and extractor was fixed.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAnalyze Redline and other malware in <span class=\"highlight\">ANY.RUN<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_april&#038;utm_term=020524&#038;utm_content=linktoregistration#register\/\" rel=\"noopener\" target=\"_blank\">\nRegister for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New signatures&nbsp;<\/h2>\n\n\n\n<p>In total, we\u2019ve added 16 signatures in April. Here are the standout ones:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7974952c-842c-43b2-bbf6-d1658c60addf\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">APT44, Sandworm<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/38becc09-6d7e-460f-9940-9eb2c2578d3f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">OfflRouter<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/73818b55-bd9f-464f-a1e6-77fb9c0f311e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Conti ransomware<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/7b8b82eb-2975-496a-b676-0c9494b6d324?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microp ransomware<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/0b7bfd41-c4e0-4193-9149-098cd0637dfe\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Latrodectus<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/359a8a21-4431-49b5-b45b-8ed2097f6f5a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sapphire ransomware<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New network rules&nbsp;<\/h2>\n\n\n\n<p>In April, we\u2019ve released the following new network rules:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5eb3ee45-694e-4697-818c-aaaebe59c81d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Phishing<\/a> which directs victims to Telegram.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/724516e8-d0bf-4167-bf87-6d38d6988253\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Phisihing<\/a> with tracking.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/4ecefeef-1402-45f3-b28f-5d4d05ac7c77\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">MadMxShell,&nbsp;<\/a> a Windows backdoor distributed through Google Ads malwertising campaign, which we\u2019ve written about <a href=\"https:\/\/any.run\/cybersecurity-blog\/attackers-exploit-google-ads\/\" target=\"_blank\" rel=\"noreferrer noopener\">here.<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/824f08eb-edc5-48c4-9495-301c8f51eb3b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mirai Generic Botnet<\/a> \u2014 which made a comeback \u2014 and <a href=\"https:\/\/app.any.run\/tasks\/df5eacef-99e1-4bb5-b392-853ae1d88b32\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Miori<\/a>.&nbsp;<\/li>\n\n\n\n<li>A cross-platform, post-exploit, red teaming framework Mythic \u04212 with Apollo and Poseidon agents in HTTP setting \u2014 rules both for <a href=\"https:\/\/app.any.run\/tasks\/270bb0df-cd14-4063-8d3b-a08747029884\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows<\/a> and <a href=\"https:\/\/app.any.run\/tasks\/bed7996e-a582-448a-93ea-a4f23a05c5d6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>&nbsp;<\/li>\n\n\n\n<li>A <a href=\"https:\/\/app.any.run\/tasks\/f7512f5c-7d6f-45f2-bc71-4f518ce2d5ff\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata detection for DinodasRat<\/a> on Linux has been added.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We\u2019ve also added new rules that cover <a href=\"https:\/\/app.any.run\/tasks\/1337aa28-a6d5-4536-9ff4-22acd55957dd\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Botnet Kinsing<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/5c2ee44f-701f-4257-8c65-ebb41b8368c9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">Adwind<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/1abc6349-2fbf-4d7d-aa15-935752e16e19\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">StreamBot<\/a>, and <a href=\"https:\/\/app.any.run\/tasks\/58f2003c-5e05-46e1-b9b7-ceaa3e37eb4d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">GCleaner Loader<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktolookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">Yara Search<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIdentify malicious activity in less than 40s with <span class=\"highlight\">ANY.RUN<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_april&#038;utm_term=020524&#038;utm_content=linktoregistration#register\/\" rel=\"noopener\" target=\"_blank\">\nGet started free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">Advantages of ANY.RUN&nbsp;&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN helps you analyze threats faster while improving detection rates. The platform detects common malware families with YARA and Suricata rules and identifies malware behavior with signatures when detection by family is not possible.&nbsp;<\/p>\n\n\n\n<p>With ANY.RUN you can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detect malware in under 40s<\/strong>: ANY.RUN detects malware within about 40 seconds of a file upload. It identifies prevalent malware families using YARA and Suricata rules and uses behavioral signatures to detect malicious actions when you encounter a new threat.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Interact with samples in real time<\/strong>: ANY.RUN is an interactive cloud sandbox powered by VNC, which means that you can do everything you could on a real system: browse webpages, click through installers, open password-protected archives.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Save time and money on sandbox setup and maintenance<\/strong>: ANY.RUN\u2019s cloud-based nature eliminates the need for setup or maintenance by your DevOps team, making it a cost-effective solution for businesses.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Record and study all aspects of malware behavior<\/strong>: ANY.RUN provides a detailed analysis of malware behavior, including network traffic, system calls, and file system changes.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Collaborate with your team<\/strong>: easily share analysis results, or, as a senior team member, check work of junior analysts by viewing recordings of their analysis sessions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scale as you need<\/strong>: as a cloud service, you can easily scale your team, simply by adding more licenses.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Let us give you an interactive presentation of ANY.RUN and show you how it can help your security team.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_april&amp;utm_term=020524&amp;utm_content=linktocontactus\/\" target=\"_blank\" rel=\"noreferrer noopener\">Get in touch with us \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN&#8216;s monthly updates, where we share what our team has been working on over the past month.&nbsp; In April, we released YARA Search, a new threat intelligence service that allows you to find files, threats, and malware by YARA in 2TB of real-world threat data collected by the ANY.RUN sandbox community and our [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,55,56],"class_list":["post-7719","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: YARA Search, New Rules, and Config Extractors<\/title>\n<meta name=\"description\" content=\"In April, ANY.RUN released YARA Search, updated the RSPAMD module, expanded threat coverage with new YARA and Suricata rules, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jack Zalesskiy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/\"},\"author\":{\"name\":\"Jack Zalesskiy\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: YARA Search, New Rules, Config Extractors, and More\",\"datePublished\":\"2024-05-02T05:39:25+00:00\",\"dateModified\":\"2024-05-02T05:39:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/\"},\"wordCount\":973,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/\",\"name\":\"Release Notes: YARA Search, New Rules, and Config Extractors\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-05-02T05:39:25+00:00\",\"dateModified\":\"2024-05-02T05:39:26+00:00\",\"description\":\"In April, ANY.RUN released YARA Search, updated the RSPAMD module, expanded threat coverage with new YARA and Suricata rules, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: YARA Search, New Rules, Config Extractors, and More\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Jack Zalesskiy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp\",\"caption\":\"Jack Zalesskiy\"},\"description\":\"Jack Zalesskiy is a technology writer with five years of experience under his belt. He closely follows malware incidents, data breaches, and the way in which cyber threats manifest in our day-to-day lives.\",\"url\":\"#molongui-disabled-link\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: YARA Search, New Rules, and Config Extractors","description":"In April, ANY.RUN released YARA Search, updated the RSPAMD module, expanded threat coverage with new YARA and Suricata rules, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/","twitter_misc":{"Written by":"Jack Zalesskiy","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/"},"author":{"name":"Jack Zalesskiy","@id":"https:\/\/any.run\/"},"headline":"Release Notes: YARA Search, New Rules, Config Extractors, and More","datePublished":"2024-05-02T05:39:25+00:00","dateModified":"2024-05-02T05:39:26+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/"},"wordCount":973,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/","name":"Release Notes: YARA Search, New Rules, and Config Extractors","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-05-02T05:39:25+00:00","dateModified":"2024-05-02T05:39:26+00:00","description":"In April, ANY.RUN released YARA Search, updated the RSPAMD module, expanded threat coverage with new YARA and Suricata rules, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: YARA Search, New Rules, Config Extractors, and More"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Jack Zalesskiy","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp","caption":"Jack Zalesskiy"},"description":"Jack Zalesskiy is a technology writer with five years of experience under his belt. He closely follows malware incidents, data breaches, and the way in which cyber threats manifest in our day-to-day lives.","url":"#molongui-disabled-link"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7719"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7719"}],"version-history":[{"count":5,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7719\/revisions"}],"predecessor-version":[{"id":7741,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7719\/revisions\/7741"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}