{"id":8756,"date":"2024-09-03T10:27:01","date_gmt":"2024-09-03T10:27:01","guid":{"rendered":"\/cybersecurity-blog\/?p=8756"},"modified":"2025-03-11T12:22:39","modified_gmt":"2025-03-11T12:22:39","slug":"release-notes-august-2024","status":"publish","type":"post","link":"\/cybersecurity-blog\/release-notes-august-2024\/","title":{"rendered":"Release Notes: New YARA Rules, Signatures, Config Extractors, and More\u00a0"},"content":{"rendered":"\n<p>Welcome to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&#8216;s monthly update, where we share what our team has been working on.&nbsp;<\/p>\n\n\n\n<p>In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved <a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">network detection rules<\/a>. &nbsp;<\/p>\n\n\n\n<p>Here\u2019s a closer look at what we\u2019ve done in August:&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New YARA rules&nbsp;<\/h2>\n\n\n\n<p>Our YARA rules have been refined and updated to improve detection accuracy for various malware families.&nbsp;<\/p>\n\n\n\n<p>The newly added and updated rules now cover a broader spectrum of threats, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/79ca0a73-24e4-4460-ae7a-e91db02cf4d9?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">GoInjector<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/2dc53220-7d5a-4e16-b367-fa29ffed07f8?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Luder<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/878edf29-ddcd-4ca2-a257-09d325da4b09?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Xdspyloader<\/a>&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/581f2cff-6e83-494b-8541-55b296eb331f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Guloader<\/a> (with fixes)&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/86ccc0dc-9a8c-4220-a57a-9a91cf2b9c09?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DarkRoad<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/e6f43ed1-0561-4f8a-8cba-cdeb0a02dbd6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PyInstaller<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/80d8884e-6a1d-4b02-8aea-fc830f9615ff\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">WannaCry<\/a> (take a look at <a href=\"https:\/\/any.run\/malware-trends\/wannacry\">WannaCry<\/a> ransomware in our Malware Trends Tracker to get more IOCs)<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/e3612b97-00ba-426b-a5e9-519e3c84f02a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MuddyRot<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/9fea1c5a-3099-416c-bca0-6eca8240c342\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Phorpiex<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/3754d88b-a40d-4304-9049-328cce88faad\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Onlineclipper<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/bf3439d9-614a-4cb9-ab7b-e25bbea6a898\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MeshAgent<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/1e15e2f8-0a03-47ec-934f-7e502f582347\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Prince<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/6a4be23d-0c71-49c5-be9f-0cda10a83894\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Razr<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/34ef8bdb-f642-4808-b551-fe87df07d0f7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Snake Keylogger<\/a> &nbsp;(updated)&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/7f9431a5-dde4-42bf-b06c-207f24834eda?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Zusy<\/a> Ransomware&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/327f8a88-bdc4-4c6c-b0f0-45b84b11cce8?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Luke<\/a> Ransomware&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/96af15e9-ac52-4555-8a14-8cb3073088ad?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Smert<\/a> Ransomware&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nLet us help you integrate <span class=\"highlight\">ANY.RUN solutions<\/span> <br>in your organization&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_august_24&#038;utm_term=030924&#038;utm_content=linktocontactus\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New Signatures&nbsp;<\/h2>\n\n\n\n<p>We\u2019ve added new signatures to enhance the detection of specific malware families, including Gamarue, Peristeronic, RobotDropper, and MouseLoader. These signatures are important for recognizing the unique behaviors and <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">indicators of compromise<\/a> (IOCs) associated with specific threats.&nbsp;<\/p>\n\n\n\n<p><strong>This month, we\u2019ve added a total of 63 new signatures, including:&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7f25d3d0-8ee3-4abe-bbcb-a39bc70883b2?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Gamarue<\/a>&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/10e4cbdd-b82d-40f0-81f1-579274ff4faf?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Peristeronic<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/97419be9-2c6a-42e9-9e85-536c60ad8341?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Robotdropper<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/59412b55-cde9-44b5-94fe-955f44a2fb3b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Mouseloader<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/66a09116-5e05-417f-ad0d-ba74612b3cdc\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Astaroth<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/43497b93-bd25-4329-9a25-6b9754b1d345\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Casbaneiro<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/c036ed8c-5c79-41d4-9bac-2d48f42aa06b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Hawkeye<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/757f4c51-21a8-4b78-b96a-96285519e322?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Blackbasta<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/4c5b06da-9e4f-4bf9-8f22-9f079334db64?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Document phishing<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/6d487281-7b8b-413c-8448-ea44038f4b0d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Brand_apple<\/a> &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/da48b430-3b92-4b41-81af-16797c7157a6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Brand_docusign<\/a> &nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/5d5e8c4a-61b0-4480-a11a-818a2df6a76e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Brand_adobe<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New malware config extractors added and fixed&nbsp;<\/h2>\n\n\n\n<p>In August, we added a new <a href=\"https:\/\/app.any.run\/tasks\/198364b3-2114-4b24-9106-b9913c6c019a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">XOR-URL extractor<\/a> to the <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN platform<\/a>, designed to help decode XOR-obfuscated URLs used by malware to hide its command-and-control servers or other endpoints.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"285\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-1024x285.png\" alt=\"XOR-URL in ANY.RUN sandbox\u00a0\" class=\"wp-image-8765\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-1024x285.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-300x83.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-768x213.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-1536x427.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-370x103.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-270x75.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1-740x206.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/XOR-URL-in-ANY.RUN-sandbox-1-1.png 1958w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">XOR-URL in ANY.RUN sandbox&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>We have also refined and updated extractors for <a href=\"https:\/\/app.any.run\/tasks\/34ef8bdb-f642-4808-b551-fe87df07d0f7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Snake Keylogger<\/a> and <a href=\"https:\/\/app.any.run\/tasks\/804fcd8e-b8c3-4102-99bd-40e850e7211a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august24&amp;utm_term=030924&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CryptBot<\/a>. These updates improve the accuracy and effectiveness of detecting and analyzing configurations related to these specific malware families.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"518\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-1024x518.png\" alt=\"Snake Keylogger in ANY.RUN sandbox\u00a0\" class=\"wp-image-8763\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-1024x518.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-300x152.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-768x389.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-1536x777.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-370x187.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-270x137.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake-740x375.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/Snake.png 1948w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Snake Keylogger in ANY.RUN sandbox&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Network detections&nbsp;<\/h2>\n\n\n\n<p>In August, our primary focus for network detection rules remained on identifying <a href=\"https:\/\/any.run\/cybersecurity-blog\/phising-types-of-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">phishing activities <\/a>by malicious actors. Throughout the month, we flagged <strong>11,316 public submissions<\/strong> as phishing, which is a significant increase of 2,162 from July.&nbsp;<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Let us show you how ANY.RUN can help your SOC team &#8211; book a call with us<\/strong> \u2b07\ufe0f<\/p>\n\n\n\n<!-- Calendly inline widget begin -->\n<div class=\"calendly-inline-widget\" data-url=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog?hide_event_type_details=1&#038;hide_gdpr_banner=1&#038;primary_color=00b0e8\" style=\"min-width:320px;height:700px;\"><\/div>\n<script type=\"text\/javascript\" src=\"https:\/\/assets.calendly.com\/assets\/external\/widget.js\" async><\/script>\n<!-- Calendly inline widget end -->\n\n\n\n<h2 class=\"wp-block-heading\">New Suricata rules&nbsp;<\/h2>\n\n\n\n<p>Over the past month, we&#8217;ve added <strong>69 new Suricata rules<\/strong>, expanding our phishing detection capabilities to 562. The latter can be categorized into several types, each targeting different aspects of phishing activities:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>31 domains identified as phishing and added to our rule base&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>17 proactive rules that focus on the behavioral patterns of phishing mechanisms&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>6 sites identified for redirecting users through domain chains to a final phishing endpoint&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>15 informational rules that provide critical insights and assist in phishing hunts&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">&nbsp;About ANY.RUN&nbsp;&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our&nbsp;interactive sandbox&nbsp;simplifies malware analysis of threats that target both Windows and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>&nbsp;systems. Our threat intelligence products,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">Yara Search<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>&nbsp;or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:&nbsp;&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Interact with samples in real time.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save time and money on sandbox setup and maintenance&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Record and study all aspects of malware behavior.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Collaborate with your team&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scale as you need.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_august_24&amp;utm_term=030924&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Try the full power of ANY.RUN with a free trial<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN&#8216;s monthly update, where we share what our team has been working on.&nbsp; In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved network detection rules. &nbsp; Here\u2019s a closer look at what we\u2019ve done in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34],"class_list":["post-8756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: New YARA rules, Signatures, Config Extractors<\/title>\n<meta name=\"description\" content=\"In August, ANY.RUN added YARA rules and config extractors, and 69 new Suricata rules, expanding our phishing detection capabilities to 562.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"y.shvetsov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"y.shvetsov\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"Release Notes: New YARA Rules, Signatures, Config Extractors, and More\u00a0\",\n\t            \"datePublished\": \"2024-09-03T10:27:01+00:00\",\n\t            \"dateModified\": \"2025-03-11T12:22:39+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/\"\n\t            },\n\t            \"wordCount\": 619,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"cybersecurity\",\n\t                \"malware analysis\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Service Updates\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/\",\n\t            \"name\": \"Release Notes: New YARA rules, Signatures, Config Extractors\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2024-09-03T10:27:01+00:00\",\n\t            \"dateModified\": \"2025-03-11T12:22:39+00:00\",\n\t            \"description\": \"In August, ANY.RUN added YARA rules and config extractors, and 69 new Suricata rules, expanding our phishing detection capabilities to 562.\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Service Updates\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"Release Notes: New YARA Rules, Signatures, Config Extractors, and More\u00a0\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"y.shvetsov\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\n\t                \"caption\": \"y.shvetsov\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: New YARA rules, Signatures, Config Extractors","description":"In August, ANY.RUN added YARA rules and config extractors, and 69 new Suricata rules, expanding our phishing detection capabilities to 562.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/","twitter_misc":{"Written by":"y.shvetsov","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/"},"author":{"name":"y.shvetsov","@id":"https:\/\/any.run\/"},"headline":"Release Notes: New YARA Rules, Signatures, Config Extractors, and More\u00a0","datePublished":"2024-09-03T10:27:01+00:00","dateModified":"2025-03-11T12:22:39+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/"},"wordCount":619,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/","name":"Release Notes: New YARA rules, Signatures, Config Extractors","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-09-03T10:27:01+00:00","dateModified":"2025-03-11T12:22:39+00:00","description":"In August, ANY.RUN added YARA rules and config extractors, and 69 new Suricata rules, expanding our phishing detection capabilities to 562.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-august-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: New YARA Rules, Signatures, Config Extractors, and More\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"y.shvetsov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","caption":"y.shvetsov"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8756"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=8756"}],"version-history":[{"count":4,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8756\/revisions"}],"predecessor-version":[{"id":12063,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8756\/revisions\/12063"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=8756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=8756"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=8756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}