The security system received a comprehensive malware detection and configuration extraction upgrade. The new YARA rules target specific malware families, including Sliver, Growtopia, Phobos, and PureHVNC.
Network rules were implemented to identify BlackMoon, CoinIMP Miner, and phishing attacks. Significantly, configuration extraction capabilities were bolstered, and a dedicated extractor for DarkCrystal RAT, encompassing its plugins, was created.
Two new extractors were introduced for RisePro, while existing extractors and YARA rules for AsyncRAT, Lumma, Stealc, Vidar, and Formbook were also improved, which significantly strengthen your system’s ability to detect and gather valuable intel from diverse malware threats.
They detected signatures for financially motivated malware (Cash.INC) and Remote Access Trojans (RATs) like BlackBasta and Latrodectus.
The presence of signatures named after mythological figures (Zeus and Trinity) suggests attackers may be attempting to leverage brand recognition for intimidation purposes, and the ongoing signature collection efforts aim to proactively protect users from these evolving threats.
It simplifies malware analysis by automatically detecting common threats and identifying malware behavior, which allows analysts to quickly understand how malware works and respond to incidents faster.
It offers features like real-time interaction with samples, collaboration tools, and scalable infrastructure, saving time and resources compared to traditional sandbox setups.
What is ANY.RUN?
Advantages of ANY.RUN
-
Best for onboarding new security team members : ANY. RUN’s easy-to-use interface allows even new SOC researchers to quickly learn to examine malware and identify signs of compromise (IOCs).
