Category: Malware Analysis

AI, ANYRUN, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Malware Analysis, malware behavior, Risk Management

Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes

February 11, 2026

How long would it take your team to realize ransomware is already running? The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack. Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before…

Enterprise Phishing: How Attackers Abuse Microsoft & Google Platforms

February 3, 2026

ANY.RUN observes a growing trend of phishing kit infrastructure being hosted on legitimate cloud and CDN platforms, rather than on newly registered domains. These campaigns often target enterprise users specifically, creating a global threat to businesses. The shift createsserious visibility challenges for security teams, as trusted platforms and valid indicators shield malicious activity from detection. For a deeper dive, read on and see the breakdown of such cases, along with tips…

Attackers Taking Over a Real Enterprise Email Thread to Deliver Phishing

January 28, 2026

Think you can trust every email that comes from a business partner? Unfortunately, that’s no longer guaranteed; attackers now slip into legitimate threads and send messages that look fully authentic. That’s exactly what happened in a new case uncovered by ANY.RUN researchers; a trust takeover inside a real executive discussion about a document awaiting final approval. By detonating the suspicious message, the investigation exposed the…

Fix Staff Shortage & Burnout in Your SOC with Better Threat Intelligence

January 26, 2026

In cybersecurity, humans occupy both ends of the vulnerability spectrum. They click what should never be clicked, reuse passwords like heirlooms, and generously donate credentials to phishing pages that look “kind of legit.” Yet the same species becomes the strongest link once you step inside a SOC. Cybersecurity professionals don’t fail because they are careless…

From Forgotten Tool to Powerful Pivot: Using JA3 to Expose Attackers’ Infrastructure

January 21, 2026

A growing skepticism around JA3 is evident, and quite understandable as well. Public lists are rarely updated, and initiatives like JA3-fingerprints have been effectively frozen since 2021, creating the impression that this is a “yesterday’s technology.” However, JA3 fingerprints have not disappeared. Sensors continue to collect them, they appear in reports and threat intelligence interfaces; it’s just that many teams treat them formally, as just another field in logs without meaningful…

ANY.RUN & Tines: Scale SOC and Meet SLAs with Powerful Automation

January 15, 2026

In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The ANY.RUN integration with Tines delivers trusted verdicts and enriched context in seconds to cut mean time to respond (MTTR) and keep investigations flowing without delays. ANY.RUN X Tines Integration: Faster Triage with Behavior-Driven Context The new integration lets your SOC team pull actionable verdicts and…

German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRATCampaign

January 14, 2026

Manufacturing companies have quietly become one of the most hunted species in the modern threat landscape. Not because they are careless, but because they are operationally critical, geographically distributed, and often rely on complex IT and OT environments that attackers love to probe. Key Takeaways Manufacturing is among the top industries targeted by ransomware groups and advanced campaigns, often with…

CastleLoader: A Deep Dive into Stealthy Loader Targeting Government Sector

January 13, 2026

ANY.RUN’s team conducted an extensive malware analysis of CastleLoader, the first link in the chain of attacks impacting various industries, including government agencies and critical infrastructures. It’s a unique walkthrough of its entire execution path, from a packaged installer to C2 server connection, as well as an overview of a parser developed to extract initialized local variables and automatically decode indicators of compromise (IOCs) featured in them. Key Takeways CastleLoader is a stealthy malware loader used as the first stage…

Malware Trends Q4 2025: Inside ANY.RUN’s Latest Threat Landscape Report

December 29, 2025

We’re glad to present our regular quarterly report highlighting the most prominent malicious trends of the last three months of 2025, as observed by ANY.RUN’s community. Following the release of our annual report on key threats and milestones, this report offers a closer look at the threat landscape of the final chapter of 2025. The Malware Trends report Q4 features top malware types, families, phishing kits, TTPs, APTs, and other notable insights. You can turn to the previous Q3 report for reference. Key Takeaways Threat activity remained steady,…

Year in Review by ANY.RUN: Key Threats, Solutions, and Breakthroughs of 2025

December 18, 2025

It’s December — that time of year when we take a pause and look back at how much we’ve achieved. If you’re reading this, chances are you’ve shared these wins with us. Maybe you’ve launched one analysis, maybe thousands. Maybe you’ve browsed our Threat Intelligence Lookup daily or just joined us. Anyhow, thanks for being here! 2025 kept all of us busy for sure. But it also brought a ton of breakthrough studies, insights, and improvements. Let’s glance back…

5 Ways Threat Intelligence Drives SOC ROI: Board-Ready Cases for CISOs

December 17, 2025

When CISOs ask for budget, they are rarely competing against “no security.” They are competing against growth initiatives, product launches, and cost optimization. Technical jargon and security metrics often fall flat here. To win the conversation, threat intelligence cannot be framed as more data for analysts. It must be positioned as a business enabler that reduces…

SOC Leader’s Playbook: 3 Practical Steps to Faster MTTR

December 16, 2025

If you’ve ever looked at a SOC queue and thought, “Where do we even start?” you’re not alone. Most teams face more alerts than they can realistically investigate, tools that don’t always connect, and investigations that take longer than they should. In a recent webinar, we shared a simple framework for speeding up detection and response without overloading teams. You can watch the full…

AI Sigma Rules: Scale Threat Detection, Drive Down MTTR

December 11, 2025

Security teams face thousands of alerts every single day. Many of them don’t clearly show whether there’s a true threat behind them. Investigation slows down, analysts lose time on low-value signals, and important findings are often buried in noise. AI Sigma Rules change this routine. With this new capability in ANY.RUN’s Interactive Sandbox, SOC teams can not only see the source of malicious activity…

Phishing Kit Attacks 101: Everything SOC Analysts Should Know

December 10, 2025

Phishing used to be easy to spot. Now it looks clean, trusted, and almost perfect. Behind it are phishkits; ready-made attack platforms built to steal credentials, bypass MFA, and hijack live sessions in seconds. For SOC teams, one click starts the countdown. What looks like a routine alert can already be a live account takeover. Here’s how these attacks actually…

Phishing Kit Attacks 101: Everything SOC Analysts Should Know

December 10, 2025

Track Evolving Cyber Threat Landscape for Your Industry & Country in Real Time

December 9, 2025

Effective cyber security depends on knowing which risks matter most. ANY.RUN’s Threat Intelligence Lookup provides industry and geographic context, powered by live attack investigations from 15,000+ companies, that SOC teams need to prioritize alerts, IOCs, and threats with confidence and build their defense strategy for maximum ROI. Here’s how. Challenge: Context-free TI Wastes SOC Time Most threat intelligence sources return long lists of IPs, domains,…

Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme

December 4, 2025

Editor’s note: This work is a collaboration between members of ANY.RUN, the leading sandbox and malware analysis solution, NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and BCA LTD, a company dedicated to threat intelligence and hunting. In this article, we’ll uncover an entire North Korean infiltration operation aimed at deploying remote IT workers across different companies in the American financial and crypto/Web3 sectors, with the objective of…

Salty2FA & Tycoon2FA Hybrid: A New Phishing Threat to Enterprises

December 2, 2025

Phishing kits usually have distinct signatures in their delivery methods, infrastructure, and client-side code, which makes attribution fairly predictable. But recent samples began showing traits from two different kits at once, blurring those distinctions. That’s exactly what ANY.RUN analysts saw with Salty2FA and Tycoon2FA: a sudden drop in Salty activity, the appearance of Tycoon indicators inside Salty-linked chains, and eventually single…

Salty2FA & Tycoon2FA Hybrid: A New Phishing Threat to Enterprises

December 2, 2025

Threat Coverage Digest: New Malware Reports and 5K+ Detection Rules

December 1, 2025

November was a packed month for detection coverage. We rolled out new behavioral insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report. Let’s walk through…

Threat Coverage Digest: New Malware, Fresh Behavior Insights, and 5K+ Detection Rules

December 1, 2025

Major Cyber Attacks in November 2025: XWorm, JSGuLdr Loader, Phoenix Backdoor, Mobile Threats, and More

November 26, 2025

Stealers, loaders, and targeted campaigns dominated November’s activity. ANY.RUN analysts examined cases ranging from PNG-based in-memory loading used to deploy XWorm to JSGuLdr, a three-stage JavaScript-to-PowerShell loader pushing PhantomStealer. Alongside these public cases, three Threat Intelligence Reports detailed new activity across Windows, Linux, and Android, including loader-enabled hijackers, Tor-based cryptotrojan communication, Linux ransomware in Go, MaaS stealers, and a WhatsApp-propagating campaign…

Major Cyber Attacks in November 2025: XWorm, JSGuLdr Loader, Phoenix Backdoor, Mobile Threats, and More

November 26, 2025

How to See Critical Incidents in Alert Overload: A Guide for SOCs and MSSPs

November 25, 2025

Alert overload is one of the hardest ongoing challenges for a Tier 1 SOC analyst. Every day brings hundreds, sometimes thousands of alerts waiting to be triaged, categorized, and escalated. Many of them are false positives, duplicates, or low-value notifications that muddy the signal. When the queue never stops growing, even experienced analysts start losing clarity, missing…

How to See Critical Incidents in Alert Overload: A Guide for SOCs and MSSPs

November 25, 2025

Detected in 60 Seconds: How to Identify Phishing with a Malware Sandbox

November 20, 2025

In many SOCs, phishing analysis still follows the same old pattern: manually pull apart URLs, inspect attachments by hand, take screenshots, collect indicators one by one… and hope nothing slips through in the process. It’s careful work, but slow. A sandbox flips that workflow on its head. Every step analysts normally handle themselves is condensed into…

Detected in 60 Seconds: How to Identify Phishing with a Malware Sandbox

November 20, 2025

LOLBin Attacks Explained with Examples: Everything SOC Teams Need to Know

November 19, 2025

Some attacks smash the door open. LOLBins just borrow your keys and walk right in. They’re tricky because tools everyone trusts suddenly start doing things that don’t match their usual job; loading odd-looking modules, decoding files that shouldn’t need decoding, or quietly handing work off to hidden PowerShell scripts. At first glance it all feels…

LOLBin Attacks Explained with Examples: Everything SOC Teams Need to Know

November 19, 2025

Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN

November 18, 2025

Scaling as a managed security provider can be a mixed blessing. Growth comes with more revenue, but also with increasingly high demands related to maintaining SLAs, quality, and compliance. For MSSPs in healthcare, this pressure is intensified by regulations like HIPAA and NIS2, along with the striking cost of a single mistake. This was a…

Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN

November 18, 2025

Solve Alert Fatigue, Focus on High-Risk Incidents: An Action Plan for CISOs

November 13, 2025

How many real threats hide behind the noise your SOC faces every day? When hundreds of alerts demand attention at once, even the best analysts start to lose focus. The nonstop pressure to react to everything drains energy, clouds judgment, and opens the door to real risk. Teams using ANY.RUN have already flipped that script: …

Solve Alert Fatigue, Focus on High-Risk Incidents: An Action Plan for CISOs

November 13, 2025

ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers

November 12, 2025

Eric Parker, a recognized cybersecurity expert, has recently released a video on ClickFix attacks, their detection, analysis, and gathering threat intelligence. Here is our recap highlighting the key points and practical advice. ClickFix as the Signature Threat of 2025 In 2025 the internet saw a sharp surge in a deceptively simple but highly effective social-engineering…

ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers

November 12, 2025

Deeper Network Promo Deeper Network Promo

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, News

ANY.RUN Wins Trailblazing Threat Intelligence at the 2025 Top InfoSec Innovators Awards

November 6, 2025

Big news from the ANY.RUN team; we’ve just been named the 2025 “Trailblazing Threat Intelligence” winner at the Top InfoSec Innovators Awards! This recognition means a lot to us because it celebrates what we care about most: helping analysts, SOC teams, and researchers access live, actionable threat intelligence that makes a real difference in investigations…

ANY.RUN Wins Trailblazing Threat Intelligence at the 2025 Top InfoSec Innovators Awards

November 6, 2025

Unified Security for Fast Response: All ANY.RUN Integrations for SIEM, SOAR, EDR, and More

November 5, 2025

ANY.RUN’s malware analysis and threat intelligence products are used by 15K SOCs and 500K analysts. Thanks to flexible API/SDK and read-made connectors, they seamlessly integrate with security teams’ existing software to expand threat coverage, reduce MTTR, and streamline performance. Here’s how ANY.RUN’s solutions can transform your security. Interactive Sandbox: Detect Evasive Phishing & Malware Interactive…

Release Notes: ANY.RUN & ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage

November 1, 2025

October brought another strong round of updates to ANY.RUN, from a new ThreatQ integration that connects our real-time Threat Intelligence Feeds directly into one of the industry’s leading TIPs, to hundreds of new signatures and rules that sharpen network and behavioral detection. With 125 new behavior signatures, 17 YARA rules, and 3,264 Suricata rules, analysts can now spot emerging threats…

What is a Malware Sandbox? Everything SOC Analysts and CISOs Need to Know

October 30, 2025

Each cyberattack leaves behavioral evidence. A malware sandbox provides the secure environment analysts need to study that activity and uncover hidden tactics. Teams using sandbox analysis report measurable gains: 90% faster detection of unknown malware Up to 3× improvement in investigation speed 60% fewer false positives in automated alerts Behavior-based visibility gives SOCs the upper…

Major Cyber Attacks in October 2025: Phishing via Google Careers & ClickUp, Figma Abuse, LockBit 5.0, and TyKit

October 29, 2025

Phishing campaigns and ransomware families evolved rapidly this October, from fake Google Careers pages and ClickUp redirect chains to Figma-hosted credential theft and LockBit’s move into ESXi and Linux systems. ANY.RUN analysts also uncovered TyKit, a reusable phishing kit hiding JavaScript inside SVG files to steal Microsoft 365 credentials across multiple sectors. Each of these…

5 SOC Challenges and How Threat Intelligence Solves Them

October 28, 2025

No SOC is perfect, but it’s possible to overcome frequent shortcomings and achieve measurable results by introducing one essential component of modern cybersecurity operations: threat intelligence. Organizations using ANY.RUN’s TI solutions report the following results: 94% experience faster triage Up to 58% more threats get detected 3x improvement in overall SOC performance Quality, real-time…

ANY.RUN Recognized as Threat Intelligence Company of the Year 2025

October 24, 2025

Here at ANY.RUN, we know how crucial threat intelligence is for ensuring strong cybersecurity, especially in organizations. This year, our efforts in promoting this data-driven approach to solving the needs of businesses were praised at CyberSecurity Breakthrough Awards. ANY.RUN was recognized as the Threat Intelligence Company of the Year 2025. New Milestone on the Way…

ANY.RUN & ThreatQ: Boost Detection Rate, Turbocharge Response Speed

October 23, 2025

Fresh, actionable IOCs from the latest malware attacks are now available to all security teams using the ThreatQ TIP. ANY.RUN’s Threat Intelligence Feeds integrate seamlessly with the platform, enabling SOCs and MSSPs to boost detection rates, expand threat coverage, and streamline response. Here’s how you can benefit from it. Real-Time Visibility of the Current Threat…

No Threats Left Behind: SOC Analyst’s Guide to Expert Triage

October 22, 2025

A SOC is where every second counts. Amidst a flood of alerts, false positives, and ever-short time, analysts face the daily challenge of identifying what truly matters — before attackers gain ground. That’s where alert triage comes in: the essential first step in detecting, prioritizing, and responding to threats efficiently. Done right, it defines the…

Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance & Construction

October 21, 2025

Not long ago we reported a spike in phishing attacks that use an SVG file as the delivery vector. One striking detail was how the SVG embeds JavaScript that rebuilds the payload with XOR and then executes it directly via eval() to redirect victims to a phishing page. A quick look at the indicators we…

New Malware Tactics: Cases & Detection Tips for SOCs and MSSPs

October 14, 2025

Recently, we have hosted a webinar exploring some of the latest malware and phishing techniques to show how interactive analysis and fresh threat intelligence can help SOC teams stay ahead. ANY.RUN’s experts depicted the evolving landscape of malware tactics, highlighted real-world examples of sophisticated attacks, and provided practical detection tips for analysts. You can watch…

Phishing, Cloud Abuse, and Evasion: Advanced OSINT Investigation with ANY.RUN Threat Intelligence

October 7, 2025

Editor’s note: The current article is authored by Clandestine, threat researcher and threat hunter. You can find Clandestine on X. ANY.RUN’s Threat Intelligence (TI) Lookup is a powerful service for Open Source Intelligence (OSINT) and Threat Intelligence investigations. In this research, we shall analyze 5 specific queries, each targeting different aspects of the threat landscape, to better…

FunkSec’s FunkLocker: How AI Is Powering the Next Wave of Ransomware

October 1, 2025

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X. AI is part of our lives whether we like it or not. Even if you are not quite a fan, or not a user at all, you probably came across multiple AI-generated avatars, pictures,…

ANY.RUN Sandbox & Microsoft Sentinel: Less Noise, More Speed for Your SOC

September 25, 2025

SOC teams may waste hours daily manually enriching alerts and switching between tools, delaying response. ANY.RUN’s Microsoft Sentinel Connector fixes this by introducing fast, accurate, and interactive sandbox analysis into Sentinel’s workflow, so alerts get auto-processed, enriched with IOCs, and prioritized in seconds. Here’s how you can speed up response times, filter out false positives,…

Fighting Telecom Cyberattacks: Investigating a Campaign Against UK Companies

September 24, 2025

Telecommunications companies are the digital arteries of modern civilization. Compromise a major telecom operator, and you don’t just steal data — you gain the power to intercept communications, manipulate network traffic, and bring entire regions offline. Every day, ANY.RUN’s solutions process thousands of threat samples, and hidden within them are patterns of activity targeting telecom operators.…

Efficient SOC: How to Detect and Solve Incidents Faster

September 17, 2025

SOCs face constant pressure. Heavy workloads, poor threat visibility, and disconnected tools introduce delays in detection and response, which may lead to financial loss and operational disruptions for the business. ANY.RUN helps over 15K security teams to solve this challenge by empowering them to quickly detect, analyze, and understand threats, so they can respond faster…

Efficient SOC: How to Detect and Solve Incidents Faster

September 17, 2025

ANY.RUN & Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance

September 16, 2025

Swamped by incident alerts, Security Operations Centers (SOCs) struggle to quickly identify and prioritize high-risk attacks, leaving critical infrastructure exposed to ransomware and data theft. ANY.RUN’s integration with Palo Alto Networks Cortex XSOAR solves this by automating proactive sandbox analysis and threat intelligence correlation to beat alert fatigue, boost detection rates, and accelerate security workflows. …

ANY.RUN & Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance

September 16, 2025

Lazarus Group Attacks in 2025: Here’s Everything SOC Teams Need to Know

September 10, 2025

The Lazarus Group, North Korea’s state-sponsored hacking collective, has held the title of the most notorious advanced persistent threat (APT) for almost two decades now. In 2025, it escalated its cyber operations, targeting tech industries with fake IT workers, fraudulent job interviews, and hijacked open-source software. It’s time to take a closer look at its…

Lazarus Group Attacks in 2025: Here’s Everything SOC Teams Need to Know

September 10, 2025

ANY.RYN x IBM QRadar SIEM: Real-Time Intelligence for Wider Threat Coverage

September 9, 2025

ANY.RUN’s Threat Intelligence Feeds are designed to power SOAR, SIEM, EDR/XDR, TIP, and other security systems. Our goal is simple: to fit naturally into a customer’s security ecosystem so analysts can investigate incidents faster, improve detection quality, and spend less time on repetitive tasks. Now, IBM QRadar SIEM users can directly consolidate ANY.RUN’s Threat Intelligence…

Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules

September 4, 2025

August was a busy month at ANY.RUN. We expanded our list of connectors with Microsoft Sentinel and OpenCTI, added Linux Debian (ARM) support to the SDK, and strengthened detection across hundreds of new malware families and techniques. With fresh signatures, rules, and product updates, your SOC can now investigate faster, detect more threats in real time, and keep defenses sharp…

Streamline Your SOC: All-in-One Threat Detection with ANY.RUN

September 2, 2025

Running a SOC means living in a world of alerts. Every day, thousands of signals pour in; some urgent, many irrelevant. Analysts need to separate noise from real threats, investigate quickly, and keep the organization safe without letting cases pile up. The challenge isn’t only about detecting threats but doing it fast enough to reduce escalations,…

Streamline Your SOC: All-in-One Threat Detection with ANY.RUN

September 2, 2025

Major Cyber Attacks in August 2025: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA

August 26, 2025

Phishing kits and stealers didn’t slow down this August, and neither did we. ANY.RUN analysts tracked some of the month’s most dangerous campaigns, from a 7-stage Tycoon2FA phishing chain to Rhadamanthys delivered via ClickFix, and the discovery of Salty2FA, a brand-new PhaaS framework linked to Storm-1575. All were analyzed inside ANY.RUN’s Interactive Sandbox, revealing full…

Major Cyber Attacks in August 2025: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA

August 26, 2025

Major Cyber Attacks in August 2025: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA

August 26, 2025

Major Cyber Attacks in August 2025: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA

August 26, 2025

Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries

August 19, 2025

Today, phishing accounts for the majority of all cyberattacks. The availability of low-cost, easy-to-use Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, EvilProxy, and Sneaky2FA only makes the problem worse. These services are actively maintained by their operators; new evasion techniques are regularly added, and the multi-layered infrastructure behind the phishing kits continues to evolve and expand. But…

Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries

August 19, 2025

Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries

August 19, 2025

Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries

August 19, 2025

ANY.RUN & OpenCTI: Transform SOC for Maximum Performance

August 14, 2025

Editor’s note: The current article was originally published on March 11, 2024, and updated on August 14, 2025. Security Operations Centers (SOCs) face an overwhelming volume of threat alerts, making it difficult to separate real threats from false positives without heavy resource use. For teams already working with, or planning to adopt Filigran’s OpenCTI, ANY.RUN now…

Deeper Network Promo Deeper Network Promo

ANYRUN, Cybersecurity, features, Global Security News, Integrations & connectors, Malware Analysis

ANY.RUN & OpenCTI: Transform SOC for Maximum Performance

August 14, 2025

ANY.RUN & OpenCTI: Transform SOC for Maximum Performance

August 14, 2025

ANY.RUN & OpenCTI: Transform SOC for Maximum Performance

August 14, 2025

Bridging the Threat Intelligence Gap in Your SOC: A Guide for Security Leaders

August 13, 2025

As we highlighted in our article on building threat resilience in enterprises, one of the key challenges that stand before CISOs is ensuring proactive security. Reacting to incidents is no longer enough; you need to anticipate upcoming threats. To achieve this, your team needs powerful solutions that meet your criteria and deliver fast results. Explore…

Bridging the Threat Intelligence Gap in Your SOC: A Guide for Security Leaders

August 13, 2025

Bridging the Threat Intelligence Gap in Your SOC: A Guide for Security Leaders

August 13, 2025

Bridging the Threat Intelligence Gap in Your SOC: A Guide for Security Leaders

August 13, 2025

PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology

August 6, 2025

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X. North Korean state-sponsored groups, such as Lazarus, continue to target the financial and cryptocurrency sectors with a variety of custom malware families. In previous research, we examined strains like InvisibleFerret, Beavertail, and OtterCookie, often…

PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology

August 6, 2025

PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology

August 6, 2025

PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology

August 6, 2025

ANY.RUN & Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence

August 5, 2025

ANY.RUN now delivers Threat Intelligence (TI) Feeds directly to Microsoft Sentinel via the built-in STIX/TAXII connector. No complicated setups. No custom scripts. Only high-quality indicators of compromise (IOCs) to fortify your SOC and catch attacks early, keeping your business secure. About the TI Feeds Connector for Microsoft Sentinel ANY.RUN’s TI Feeds support a seamless, out-of-the-box…

ANY.RUN & Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence

August 5, 2025

ANY.RUN & Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence

August 5, 2025

CISO Blueprint: 5 Steps to Enterprise Cyber Threat Resilience

July 30, 2025

Why are SOC teams still struggling to keep up despite heavy investments in security tools? False positives pile up, evasive threats slip through, and critical alerts often get buried under noise. For CISOs, the challenge is giving teams the visibility and speed they need to respond before damage is done. ANY.RUN helps close that gap. 95% of…

Major Cyber Attacks in July 2025: Obfuscated .LNK‑Delivered DeerStealer, Fake 7‑Zip, and More

July 29, 2025

While cybercriminals were working overtime this July, so were we at ANY.RUN — and, dare we say, with better results. As always, we’ve picked the most dangerous and intriguing attacks of the month. But this time, there’s more. Alongside the monthly top, we are highlighting a key trend that’s been powering campaigns throughout 2025: the…

Top Email Security Risks for Businesses and How to Catch Them Before They Cause Damage

July 24, 2025

Even with all the new ways we stay in touch, Slack, Teams, DMs, email is still the backbone of business communication. That also makes it one of the easiest ways in for attackers. A single message with the right subject line or attachment can lead to stolen logins, malware infections, or even full network access.…

Beating Supply Chain Attacks: DHL Impersonation Case Study

July 23, 2025

ANY.RUN’s services processes data on current threats daily, including attacks affecting supply chains. In this case study, we analyze examples of DHL brand abuse. The company is a leading global logistic operator, and attackers exploit its recognition to send phishing emails, potentially targeting its partners. We will demonstrate how ANY.RUN’s solutions can be used to…

Technical Analysis of Ducex: Packer of Triada Android Malware

July 8, 2025

Many have probably heard of the modular malware for mobile devices called Triada. Even nine years after its first mention in 2016, it remains one of the most advanced Android trojans out there. Recently, our team at ANY.RUN came across an interesting sample of this malicious software. The sample in question was embedded in a…

A Guide to Developing Security-First Culture Powered by Threat Intelligence

July 2, 2025

Security-First Culture (SFC) is an organization-wide commitment where security considerations influence decision-making at every level, from strategic planning to daily operational tasks. It’s not just about having fancy tech or a dedicated IT team; it’s about making security a core part of how the company thinks and acts. A mindset where every decision, from coding…

DEVMAN Ransomware: Analysis of New DragonForce Variant

July 1, 2025

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X. New ransomware strains continue to surface frequently, and many of them are loosely built on or repackaged from existing families. One such case involves a sample resembling DragonForce ransomware, yet bearing several…

Top 3 Cyber Attacks in June 2025: GitHub Abuse, Control Flow Flattening, and More

June 25, 2025

June 2025 saw several sophisticated and stealthy cyber attacks that relied heavily on obfuscated scripts, abuse of legitimate services, and multi-stage delivery techniques. Among the key threats observed by ANY.RUN’s analysts were malware campaigns using GitHub for payload hosting, JavaScript employing control-flow flattening to drop Remcos, and obfuscated BAT scripts delivering NetSupport RAT. Let’s see…

Top 3 Cyber Attacks in June 2025: GitHub Abuse, Control Flow Flattening, and More

June 25, 2025

Top 3 Cyber Attacks in June 2025: GitHub Abuse, Control Flow Flattening, and More

June 25, 2025

Top 3 Cyber Attacks in June 2025: GitHub Abuse, Control Flow Flattening, and More

June 25, 2025

How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox

June 24, 2025

When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry. In this article, we’ll walk…

How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox

June 24, 2025

How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox

June 24, 2025

How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox

June 24, 2025

Threat Hunting: Hands-on Tips for SOC Analysts and MSSPs

June 18, 2025

Editor’s note: The current article is authored by Clandestine, threat researcher and threat hunter. You can find Clandestine on X. Threat actors today are continuously developing sophisticated techniques to evade traditional detection methods. ANY.RUN’s Threat Intelligence Lookup offers advanced capabilities for threat data gathering and analysis. As a specialized search engine, it allows security analysts to query…

AI, ANYRUN, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Malware Analysis, malware behavior, Risk Management

ANYRUN, Cybersecurity, Global Security News, Malware Analysis

Cybersecurity, Exploits, Global Security News, Malware Analysis, malware behavior

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, malware, Malware Analysis

ANYRUN, Cybersecurity, cybersecurity training, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Integrations & connectors, Malware Analysis

ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis, Reports

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, News

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, Service Updates

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, Service Updates

ANYRUN, Cybersecurity, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior, Service Updates

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior, News

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Emerging Tech, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, News

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, News

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Integrations & connectors, Malware Analysis

ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, release, Service Updates

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, News

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, News, update

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, Malware Analysis

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, North America

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, malware behavior

ANYRUN, Cybersecurity, Global Security News, Guest Posts, Malware Analysis, malware behavior

ANYRUN, Cybersecurity, Global Security News, Malware Analysis, malware behavior, North America

ANYRUN, Cybersecurity, Global Security News, Integrations & connectors, Malware Analysis