{"id":8156,"date":"2024-07-03T07:53:52","date_gmt":"2024-07-03T07:53:52","guid":{"rendered":"\/cybersecurity-blog\/?p=8156"},"modified":"2024-09-03T09:41:43","modified_gmt":"2024-09-03T09:41:43","slug":"release-notes-june-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/","title":{"rendered":"Release notes: Mutexes in TI Lookup, new YARA rules, extractors, and more"},"content":{"rendered":"\n<p>Welcome to <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_july_24&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&#8216;s monthly updates, where we share what our team has been working on over the past month.\u00a0<\/p>\n\n\n\n<p>In June, we introduced new search capabilities for mutexes, added numerous YARA rules and config extractors, implemented <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-packers-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">packer<\/a> detection, and expanded our Suricata ruleset. We also added several new signatures for enhanced threat detection.&nbsp;<\/p>\n\n\n\n<p>Here&#8217;s a closer look at what we&#8217;ve done.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"563\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-1024x563.png\" alt=\"\" class=\"wp-image-8158\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-1024x563.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-768x422.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-1536x844.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-370x203.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-270x148.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1-740x406.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-1.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Mutex Search in TI Lookup&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve released an update that allows you to <a href=\"https:\/\/any.run\/cybersecurity-blog\/mutex-search-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">search for mutexes in TI Lookup<\/a> and add them to your <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOC<\/a>s. The search results now make it easier to distinguish between malicious and legitimate mutexes, significantly speeding up your threat investigations.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New YARA Rules and Config Extractors&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve added a substantial number of new YARA rules and updated existing ones, many with config extractors. Here are some highlights:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7dadd4c0-343d-4dab-88e6-64b163eba2fc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Rhadamanthys<\/a> (shellcode detection)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c5fad29e-e57c-400c-a7f8-1658b727d674\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">VectorStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/72557029-9fd1-4290-beb3-20d850aadc5d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DarkTortilla<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9ba7f6d2-1626-4627-8f21-cfcb0ff482a5\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">WarmCookie<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ca9e3b4c-caaa-4a7d-ad96-3d65a52bb476\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BadJoke<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c7c8add0-31e5-4b27-bb1a-577955c1c77d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SapphireWerewolf<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fe7178a2-ed84-4cfd-81c0-05a804b282fd\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MoonstoneSleet<\/a> (may drop SplitLoader and YouieLoad)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2cd9d375-6fd0-4ab5-999c-4405a2d3c2ca\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">GhostLocker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ec77a5c3-c0ca-43cf-a665-0d695992cf85\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MassLogger<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f09621f3-b235-4a7f-897e-84c2c139da23\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">UmbralStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/36374c05-1b7f-4721-ba1a-aed57edbd9e2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ObserverStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/daeb0d79-76ef-46ce-9eb0-b6e78428d786\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SSLoad<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9ca90767-ef1e-4eda-9f91-cb2f9c1eb59f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PhantomDL<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9150c845-a113-4dd7-bbc2-d29e1b1b2453\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SweetSpecter<\/a> (RAT) and <a href=\"https:\/\/app.any.run\/tasks\/9150c845-a113-4dd7-bbc2-d29e1b1b2453\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">T9000<\/a> (backdoor)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/da693e93-6192-4e93-8ef7-49ecbb308dc7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Allasenha<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/12da65c5-f914-4fb4-982f-ae31690264a9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Embargo<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f2c6e2ca-1051-4fbc-ab1c-065f528b656c\/\" target=\"_blank\" rel=\"noreferrer noopener\">Synap<\/a><a href=\"https:\/\/app.any.run\/tasks\/f2c6e2ca-1051-4fbc-ab1c-065f528b656c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">s<\/a><a href=\"https:\/\/app.any.run\/tasks\/f2c6e2ca-1051-4fbc-ab1c-065f528b656c\/\" target=\"_blank\" rel=\"noreferrer noopener\">e<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5ee45955-c43d-43a3-a52d-a4060f415bd3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">AngryStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/beacba81-85ce-41cc-b7c7-a5eeb6fb7952\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Chaos<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4cd275f4-3bde-4017-813e-24a8c603f5f0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Akira<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We&#8217;ve also updated the config extractor for <a href=\"https:\/\/app.any.run\/tasks\/df431fe7-ec7c-4e84-af8d-e72353f806f3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Danabot<\/a>: implemented a fix and added C2 verification.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nLet us help you integrate <span class=\"highlight\">ANY.RUN solutions<\/span> <br>in your organization&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_june_24&#038;utm_term=030724&#038;utm_content=linktocontactus\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New Packer Detection&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve implemented detection for various packers, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/63fa4735-8257-45b8-8265-812c714a3cec\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">UPX<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/46e2c183-38df-4a66-b35b-3f36da87d3b3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">KoiVM<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e677c46a-df36-4523-a483-d591a68b5881\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">NETreactor<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/55e15417-0bb4-4db1-8896-5a13e181e72b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Aspack<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d8d71da8-9ede-4567-9c33-4ac2ace06212\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">VMProtect<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e43842b6-c83d-4a87-8aa9-ed50248de207\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Themida<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/053882f7-0d66-4696-b9ba-d9e7c1a4702b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">NsPack<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c9d6c9b2-68ec-4dbd-8abe-78e5af68e9ac\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Pepack<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8e4fc382-b1bc-4dcc-9f83-d1d743a540a1\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">TSULoader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b24ffd5f-ad22-4272-bbe6-1b33d060b72f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Neolite<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/00481963-6d6e-4b77-b0f6-6979c02d1064\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Mpress<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Expanded Suricata Ruleset&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve significantly expanded our Suricata ruleset, adding 127 new rules:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>101 rules for various phishing detection&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Additional auxiliary rules&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/611f7c94-500a-4b84-a55d-ea446e19804c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Creal Stealer<\/a> detection&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/64c5e761-aca2-4171-883e-9f65048b31b5\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Detection<\/a> for abuse of Telegram\/Steam websites as dead drop resolvers (DDR)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/community.emergingthreats.net\/t\/njrat-variant-txrat-v-2-3r\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">NjRat<\/a> variant (2.3R tXRAT) detection&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New Signatures&nbsp;<\/h2>\n\n\n\n<p>In June, we added a total of 11 new signatures. Here are some highlights:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multiple phishing detection signatures (<a href=\"https:\/\/app.any.run\/tasks\/3c255871-661c-4cce-a1bc-f8a964652d16\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">example one<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/16217856-c5bc-49f0-b753-4e1b1fdbf4a2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">example two<\/a>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/191eeb00-2638-4e8d-ad45-e82634298a9a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Shinra<\/a> signatures&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GuLoader signatures: <a href=\"https:\/\/app.any.run\/tasks\/6381ea5f-e9f8-413a-83df-68ab3a5d5bc8\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">one<\/a> and <a href=\"https:\/\/app.any.run\/tasks\/66374fd0-db2f-4416-bcf3-65e9ca3fec62\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">two<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Additional behavioral signatures&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">Yara Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Advantages of ANY.RUN&nbsp;&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN helps you analyze threats faster while improving detection rates. The platform detects common malware families with YARA and Suricata rules and identifies malware behavior with signatures when detection by family is not possible.&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in under 40s.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Interact with samples in real time.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save time and money on sandbox setup and maintenance&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Record and study all aspects of malware behavior.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Collaborate with your team&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scale as you need.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Try the full power of ANY.RUN for free&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_24&amp;utm_term=030724&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN&#8216;s monthly updates, where we share what our team has been working on over the past month.\u00a0 In June, we introduced new search capabilities for mutexes, added numerous YARA rules and config extractors, implemented packer detection, and expanded our Suricata ruleset. We also added several new signatures for enhanced threat detection.&nbsp; Here&#8217;s a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34],"class_list":["post-8156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release notes: Mutexes in TI Lookup, new YARA rules, extractors<\/title>\n<meta name=\"description\" content=\"In June, ANY.RUN introduced new search capabilities for mutexes, added numerous YARA rules and config extractors, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release notes: Mutexes in TI Lookup, new YARA rules, extractors, and more\",\"datePublished\":\"2024-07-03T07:53:52+00:00\",\"dateModified\":\"2024-09-03T09:41:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/\"},\"wordCount\":523,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/\",\"name\":\"Release notes: Mutexes in TI Lookup, new YARA rules, extractors\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-07-03T07:53:52+00:00\",\"dateModified\":\"2024-09-03T09:41:43+00:00\",\"description\":\"In June, ANY.RUN introduced new search capabilities for mutexes, added numerous YARA rules and config extractors, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release notes: Mutexes in TI Lookup, new YARA rules, extractors, and more\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release notes: Mutexes in TI Lookup, new YARA rules, extractors","description":"In June, ANY.RUN introduced new search capabilities for mutexes, added numerous YARA rules and config extractors, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release notes: Mutexes in TI Lookup, new YARA rules, extractors, and more","datePublished":"2024-07-03T07:53:52+00:00","dateModified":"2024-09-03T09:41:43+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/"},"wordCount":523,"commentCount":2,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/","name":"Release notes: Mutexes in TI Lookup, new YARA rules, extractors","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-07-03T07:53:52+00:00","dateModified":"2024-09-03T09:41:43+00:00","description":"In June, ANY.RUN introduced new search capabilities for mutexes, added numerous YARA rules and config extractors, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release notes: Mutexes in TI Lookup, new YARA rules, extractors, and more"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8156"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=8156"}],"version-history":[{"count":10,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8156\/revisions"}],"predecessor-version":[{"id":8758,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8156\/revisions\/8758"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=8156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=8156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=8156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}