Malware

OpenCTI With ANY.RUN: OSINT Platform to SOC & MDR Teams for Malware Analysis

ANY.RUN integrates with OpenCTI to streamline threat analysis, which allows enriching OpenCTI observations with data directly from ANY.RUN analysis. OpenCTI is a central hub that collects threat data from various sources, like ANY.RUN, through connectors, stores this data as “observations,” includin...

S ShomoySoft Editorial
· Aug 26, 2025 · 4 min read · 👁 0 views
OpenCTI With ANY.RUN: OSINT Platform to SOC & MDR Teams for Malware Analysis

opencti

OpenCTI interface

It allows analysts to bypass automated malware techniques and delve deeper into analyzing sophisticated threats and its cloud-based nature also eliminates setup and maintenance burdens for security teams.

The new integration offers two main functionalities:

  2. Interactive analysis and enrichment: Its sandbox connector allows enriching observations with data from malware execution in a sandbox environment that includes malware labels, malicious scores, and indicators like tactics, techniques, and procedures (TTPs) used by the malware.

This integration combines and analyzes data from different sources to provide SOCs and MDR teams with a centralized platform for faster and more comprehensive threat analysis.

google

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection

  • Interactive Malware Analysis

  • Easy to Learn by New Security Team members

  • Get detailed reports with maximum data

  • Set Up Virtual Machine in Linux & all Windows OS Versions

  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

The user aims to enrich an observable (indicator) within the OpenCTI platform, navigates to the list of observables, and selects one by observing the empty malware analysis details and references they choose to leverage an enrichment connector.

opencti

Functionality can be accessed via a button on the top right corner, enables fetching additional information from external sources, potentially including malware analysis reports and related references.

Image

Clicking the refresh button triggers the connector to work in the background and can establish connections between the observable and known tactics, techniques, and procedures (TTPs) used by adversaries.

opencti

Image

What is ANY.RUN?

Advantages of ANY.RUN

  • Best for onboarding new security team members : ANY. RUN’s easy-to-use interface allows even new SOC researchers to quickly learn to examine malware and identify signs of compromise (IOCs).

Source: CybersecurityNews.com

Tags: #Malware #Vulnerability #Zero-Day #Exploit #Cloud Security #Windows
Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you