{"id":9889,"date":"2024-11-14T09:46:37","date_gmt":"2024-11-14T09:46:37","guid":{"rendered":"\/cybersecurity-blog\/?p=9889"},"modified":"2026-03-19T12:14:13","modified_gmt":"2026-03-19T12:14:13","slug":"automated-interactivity-stage-two","status":"publish","type":"post","link":"\/cybersecurity-blog\/automated-interactivity-stage-two\/","title":{"rendered":"Automated Interactivity: Stage 2"},"content":{"rendered":"\n<p>Last year, we introduced <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Automated Interactivity<\/a> \u2014 a feature that simulates user behavior inside the <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN sandbox<\/a> to automatically force cyber attack execution.&nbsp;<\/p>\n\n\n\n<p>The first stage of Automated Interactivity focused on basic user interactions like clicking buttons and completing CAPTCHA challenges. This allowed many analysts to simplify their investigations and streamline the sandbox use via API.&nbsp;<\/p>\n\n\n\n<p>Today, we are excited to announce the release of the next stage of Automated Interactivity \u2014 the Smart Content Analysis mechanism that takes its threat detection capabilities to a new level, delivering better and more in-depth examination of the most complex attacks.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s what you need to know about this exciting upgrade.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is Smart Content Analysis&nbsp;<\/h2>\n\n\n\n<p>Smart content analysis is a mechanism that enables Automated Interactivity to execute malware and phishing attacks by identifying and detonating their key components at each stage of the kill chain.&nbsp;<\/p>\n\n\n\n<p>It works in three steps:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Content Identification:<\/strong> It scans uploaded samples for notable content, such as URLs and email attachments.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Content Extraction:<\/strong> It extracts the content that needs to be detonated to force the attack to move forward like URLs from QR codes and phishing links that were rewritten by security tools.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Simulated User Interactions:<\/strong> It then simulates user interactions with the extracted content, for instance, by opening URLs in a browser and launching malware payloads inside archives.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How Smart Content Analysis Adapts to New Threats&nbsp;<\/h2>\n\n\n\n<p>Unlike traditional automated solutions that are limited by pre-programmed algorithms, ANY.RUN&#8217;s Smart Content Analysis is built to continuously evolve with the current threat landscape.&nbsp;<\/p>\n\n\n\n<p>Our team of threat analysts update it with new attack scenarios as soon as they are detected. This ensures nearly instant adaptability to the latest threats and techniques.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Use It&nbsp;<\/h2>\n\n\n\n<p>The upgraded version of Automated Interactivity is an excellent addition to your security workflow, as it:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improves threat detection for sandbox sessions launched via API&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Helps security specialists with analysis by automating complex tasks, providing them with valuable insights and reducing the learning curve&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automates repetitive tasks, reducing the manual effort required for threat analysis and allowing analysts to focus on more strategic activities&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Speeds up analysis by quickly identifying and analyzing threats, enabling faster response and remediation&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTry <span class=\"highlight\">Automated Interactivity<\/span> and other PRO features <br>of the ANY.RUN Sandbox for free&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=automated_interactivity_stage_two&#038;utm_term=141124&#038;utm_content=linktodemo\/\" rel=\"noopener\" target=\"_blank\">\nRequest 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Types of Content It Can Detonate&nbsp;<\/h2>\n\n\n\n<p>Smart Content Analysis can automatically identify and detonate different types of content when moving along the kill chain, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>URLs inside QR codes:<\/strong> It can automatically extract and open URLs embedded within QR codes, a common tactic for phishing attempts or malware distribution.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Modified Links:<\/strong> Security solutions and spam filters can often rewrite malicious URLs to prevent them from reaching users. This can prevent automated sandboxes from forcing the attack execution beyond the safe link. Smart Content Analysis easily removes the security layer and detonates the original malicious URL.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Multi-Stage Redirects:<\/strong> Many cyber attacks employ complex chains of redirects to obfuscate their final destination. Smart Content Analysis quickly locates the hidden page by bypassing the redirect ones.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Email Attachments:<\/strong> Email attachments are a popular method for attackers to deliver malware. Smart Content Analysis can automatically process and detonate these attachments, as well as their contents.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Payloads within Archives:<\/strong> Modern attacks often utilize archives (ZIP, RAR, etc.) to bundle malicious payloads. Smart Content Analysis executes these payloads with no problem.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Use Cases for Upgraded Automated Interactivity&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Extracting URL from QR and Solving a CAPTCHA<\/h3>\n\n\n\n<figure class=\"wp-block-video aligncenter\"><video controls src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/qr_1.mp4\"><\/video><figcaption class=\"wp-element-caption\"><em>See a video recording of the analysis performed by Automated Interactivity<\/em><\/figcaption><\/figure>\n\n\n\n<p>Let\u2019s demonstrate how Automated interactivity works using a <a href=\"https:\/\/app.any.run\/tasks\/86760f6e-5b34-4d27-aa1d-03a73540c520\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">multi-stage phishing attack<\/a> that starts with an email:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-1024x579.png\" alt=\"\" class=\"wp-image-9890\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-1024x579.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-300x170.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-768x434.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-370x209.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-270x153.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1-740x418.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image1-1.png 1431w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The initial email with a PDF attachment opened in the ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Step 1: <\/strong>We upload the email file to the ANY.RUN sandbox, switch on Automated Interactivity, and start analysis.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-1024x576.jpg\" alt=\"\" class=\"wp-image-9891\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-1024x576.jpg 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-300x169.jpg 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-768x432.jpg 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-370x208.jpg 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-270x152.jpg 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-740x416.jpg 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The pdf file containing a QR code<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Step 2:<\/strong> Automated Interactivity launches the .eml file via Outlook, identifies a PDF attachment, and opens it.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"618\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-1024x618.png\" alt=\"\" class=\"wp-image-9892\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-1024x618.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-300x181.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-768x464.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-1536x927.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-370x223.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-270x163.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5-740x447.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-5.png 1569w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The static analysis module in ANY.RUN lets you see the link hidden in the QR<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Step 3:<\/strong> After scanning the PDF, it detects a QR code, automatically extracts its embedded URL, and opens it inside a browser.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-1024x576.jpg\" alt=\"\" class=\"wp-image-9893\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-1024x576.jpg 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-300x169.jpg 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-768x432.jpg 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-370x208.jpg 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-270x152.jpg 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-740x416.jpg 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The sandbox automatically solves CAPTCHA challenges<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Step 4: <\/strong>The opened page has a CAPTCHA challenge, a common method for evading detection. Thanks to Automated Interactivity, the sandbox successfully solves the CAPTCHA and proceeds to the next stage.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-1024x576.jpg\" alt=\"\" class=\"wp-image-9894\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-1024x576.jpg 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-300x169.jpg 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-768x432.jpg 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-370x208.jpg 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-270x152.jpg 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-740x416.jpg 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The final phishing page reached via Automated Interactivity<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Step 5: <\/strong>Once the final phishing page is loaded, the sandbox instantly assigns the \u201cphish-url\u201d tag to the session and marks it with the \u201cmalicious activity\u201d label.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Forcing Formbook Execution from an Archive Attachment&nbsp;<\/h3>\n\n\n\n<figure class=\"wp-block-video aligncenter\"><video controls src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/formbook_2.mp4\"><\/video><figcaption class=\"wp-element-caption\"><em>Automated Interactivity<\/em> <em>quickly<\/em> <em>identifies and detonates Formbook inside an archive attached to an email<\/em><\/figcaption><\/figure>\n\n\n\n<p>Automated Interactivity is also excellent for analyzing malware attacks.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-1024x576.jpg\" alt=\"\" class=\"wp-image-9896\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-1024x576.jpg 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-300x169.jpg 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-768x432.jpg 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-370x208.jpg 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-270x152.jpg 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-740x416.jpg 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The malicious email with a .zip attachment<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Consider the <a href=\"https:\/\/app.any.run\/tasks\/01a1a5f6-39ab-4166-b7ef-48a2d45f32fe\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">following analysis session<\/a> where the feature was used to detonate a sample of Formbook distributed via a phishing email.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"726\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-1024x726.png\" alt=\"\" class=\"wp-image-9935\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-1024x726.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-300x213.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-768x545.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-370x262.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-270x191.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4-740x525.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-4.png 1165w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Suricata rule used for detecting Formbook activity<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The service was able to automatically extract the ZIP file found in the email. It then identified a Formbook executable inside the archive and ran it to observe its behavior. <\/p>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"Learn to analyze malware in a sandbox\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Learn to analyze cyber threats<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nSee a detailed guide to using ANY.RUN&#8217;s <span class=\"highlight\">Interactive Sandbox<\/span> for malware and phishing analysis\n<br \/>\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\"><div class=\"cta__split-link\">Read full guide<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">Extracting Rewritten URL&nbsp;<\/h3>\n\n\n\n<p>Modern email systems are equipped with spam filtering. While it protects users against threats, it complicates the work of security analysts by blocking their access to the actual malicious content that they wish to examine.&nbsp;<\/p>\n\n\n\n<p>Automated Interactivity bypasses such filters and quickly reaches the resources controlled by the threat actors, saving analysts\u2019 time.&nbsp;<\/p>\n\n\n\n<p>Here is <a href=\"https:\/\/app.any.run\/tasks\/ed8d174f-c3af-4f0e-ba08-6257f2e35aa1\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">a sandbox session<\/a> featuring a blocked phishing URL. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-1024x567.png\" alt=\"\" class=\"wp-image-9898\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-1024x567.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-300x166.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-768x426.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-1536x851.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-370x205.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-270x150.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3-740x410.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-3.png 1859w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Attack analysis stops at Microsoft\u2019s scam filtering page<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The phishing link inside the analyzed email is rewritten to Microsoft\u2019s domain <code>safelinks[.]protection[.]outlook[.]com<\/code> and now contains a warning. <\/p>\n\n\n\n<p>While it indicates that the link is malicious, it prevents us from learning more about the threat we\u2019re facing.&nbsp;<\/p>\n\n\n\n<p>To go beyond the block, we can simply enable Automated Interactivity and rerun the analysis.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"573\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-1024x573.png\" alt=\"\" class=\"wp-image-9899\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-1024x573.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-300x168.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-768x430.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-1536x860.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-370x207.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-270x151.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1-740x414.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image9-1.png 1858w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>With Automated Interactivity, the attack is executed quickly and with ease<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>In <a href=\"https:\/\/app.any.run\/tasks\/bd5d02b5-08aa-4440-bfd7-f3c0b3123819\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">the new sandbox session<\/a>, the rewritten URL is skipped, and all the stages of the attack, including those requiring solving a CAPTCHA, are detonated automatically and as intended.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"528\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-1024x528.png\" alt=\"\" class=\"wp-image-9900\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-1024x528.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-300x155.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-768x396.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-370x191.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-270x139.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1-740x382.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image10-1.png 1171w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Tags provide information on the threat at hand<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>This allows us to go further and discover that the attack is carried out by the Storm-1575 threat actor using the DadSec phishing platform, as shown by the corresponding tags.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What\u2019s Next for Automated Interactivity&nbsp;<\/h2>\n\n\n\n<p>Smart Content Analysis is not the final chapter of Automated Interactivity. &nbsp;<\/p>\n\n\n\n<p>We are already working on Stage 3 \u2014 another mechanism that will further improve the detection rate and make the sandbox even better at automatically detonating attacks.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Stay tuned for updates!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Try It Now<\/h2>\n\n\n\n<p>See how you can speed up your analysis of the latest cyber attacks with Automated Interactivity. The feature is available to Hunter and Enterprise Suite plan users. It is also activated by default for all sandbox sessions launched via API.\u00a0<\/p>\n\n\n\n<p>To manually enable Automated Interactivity:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-1024x576.png\" alt=\"\" class=\"wp-image-9903\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-1024x576.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-300x169.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-768x432.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-1536x864.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-370x208.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-270x152.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1-740x416.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/1-1.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Submit File or URL<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>1. Navigate to ANY.RUN&#8217;s <a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">home screen<\/a> and submit your sample<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-1024x576.png\" alt=\"\" class=\"wp-image-9905\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-1024x576.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-300x169.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-768x432.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-1536x864.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-370x208.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-270x152.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2-740x416.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/2-2.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Enable Automated Interactivity and start analysis<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>2. Switch on the <em>Automated Interactivity<\/em> <em>(ML)<\/em> toggle&nbsp;<\/p>\n\n\n\n<p>3. Run analysis&nbsp;<\/p>\n\n\n\n<p>You can get a <a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">14-day free trial of ANY.RUN\u2019s Interactive Sandbox<\/a> to try Automated Interactivity along with other PRO features like private and teamwork mode, as well as integration via API and SDK.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds<\/li>\n\n\n\n<li>Interact with samples in real time<\/li>\n\n\n\n<li>Save time and money on sandbox setup and maintenance<\/li>\n\n\n\n<li>Record and study all aspects of malware behavior<\/li>\n\n\n\n<li>Collaborate with your team&nbsp;<\/li>\n\n\n\n<li>Scale as you need<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=automated_interactivity_stage_two&amp;utm_term=141124&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial of ANY.RUN&#8217;s products \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last year, we introduced Automated Interactivity \u2014 a feature that simulates user behavior inside the ANY.RUN sandbox to automatically force cyber attack execution.&nbsp; The first stage of Automated Interactivity focused on basic user interactions like clicking buttons and completing CAPTCHA challenges. This allowed many analysts to simplify their investigations and streamline the sandbox use via [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":9909,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,34,40,55,56],"class_list":["post-9889","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-malware-analysis","tag-malware-behavior","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Automated Interactivity: Stage 2 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how the ANY.RUN sandbox automatically detonates common cyber attack chains without any user involvement, including via API.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"ANY.RUN\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"Automated Interactivity: Stage 2\",\n\t            \"datePublished\": \"2024-11-14T09:46:37+00:00\",\n\t            \"dateModified\": \"2026-03-19T12:14:13+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\"\n\t            },\n\t            \"wordCount\": 1424,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"cybersecurity\",\n\t                \"features\",\n\t                \"malware analysis\",\n\t                \"malware behavior\",\n\t                \"release\",\n\t                \"update\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Service Updates\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\",\n\t            \"name\": \"Automated Interactivity: Stage 2 - ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2024-11-14T09:46:37+00:00\",\n\t            \"dateModified\": \"2026-03-19T12:14:13+00:00\",\n\t            \"description\": \"See how the ANY.RUN sandbox automatically detonates common cyber attack chains without any user involvement, including via API.\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Service Updates\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"Automated Interactivity: Stage 2\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automated Interactivity: Stage 2 - ANY.RUN&#039;s Cybersecurity Blog","description":"See how the ANY.RUN sandbox automatically detonates common cyber attack chains without any user involvement, including via API.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Automated Interactivity: Stage 2","datePublished":"2024-11-14T09:46:37+00:00","dateModified":"2026-03-19T12:14:13+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/"},"wordCount":1424,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","malware analysis","malware behavior","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/","url":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/","name":"Automated Interactivity: Stage 2 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-11-14T09:46:37+00:00","dateModified":"2026-03-19T12:14:13+00:00","description":"See how the ANY.RUN sandbox automatically detonates common cyber attack chains without any user involvement, including via API.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Automated Interactivity: Stage 2"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/9889"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=9889"}],"version-history":[{"count":23,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/9889\/revisions"}],"predecessor-version":[{"id":19374,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/9889\/revisions\/19374"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/9909"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=9889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=9889"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=9889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}