Welcome to ANY.RUN‘s monthly update, where we share what our team has been working on. 

In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved network detection rules.  

Here’s a closer look at what we’ve done in August: 

New YARA rules 

Our YARA rules have been refined and updated to improve detection accuracy for various malware families. 

The newly added and updated rules now cover a broader spectrum of threats, including: 

GoInjector 
Luder 
Xdspyloader  
Guloader (with fixes) 
DarkRoad 
PyInstaller  
WannaCry  
MuddyRot  
Phorpiex  
Onlineclipper  
MeshAgent  
Prince  
Razr 
Snake Keylogger  (updated) 
Zusy Ransomware  
Luke Ransomware 
Smert Ransomware  

Let us help you integrate ANY.RUN solutions
in your organization 


Contact Sales

New Signatures 

We’ve added new signatures to enhance the detection of specific malware families, including Gamarue, Peristeronic, RobotDropper, and MouseLoader. These signatures are important for recognizing the unique behaviors and indicators of compromise (IOCs) associated with specific threats. 

This month, we’ve added a total of 63 new signatures, including: 

Gamarue  
Peristeronic 
Robotdropper 
Mouseloader 
Astaroth
Casbaneiro
Hawkeye
Blackbasta
Document phishing  
Brand_apple  
Brand_docusign   
Brand_adobe 

New malware config extractors added and fixed 

In August, we added a new XOR-URL extractor to the ANY.RUN platform, designed to help decode XOR-obfuscated URLs used by malware to hide its command-and-control servers or other endpoints. 

XOR-URL in ANY.RUN sandbox 

We have also refined and updated extractors for Snake Keylogger and CryptBot. These updates improve the accuracy and effectiveness of detecting and analyzing configurations related to these specific malware families. 

Snake Keylogger in ANY.RUN sandbox 

Network detections 

In August, our primary focus for network detection rules remained on identifying phishing activities by malicious actors. Throughout the month, we flagged 11,316 public submissions as phishing, which is a significant increase of 2,162 from July. 

Let us show you how ANY.RUN can help your SOC team – book a call with us

New Suricata rules 

Over the past month, we’ve added 69 new Suricata rules, expanding our phishing detection capabilities to 562. The latter can be categorized into several types, each targeting different aspects of phishing activities: 

31 domains identified as phishing and added to our rule base 

17 proactive rules that focus on the behavioral patterns of phishing mechanisms 

6 sites identified for redirecting users through domain chains to a final phishing endpoint 

15 informational rules that provide critical insights and assist in phishing hunts 

 About ANY.RUN   

ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI LookupYara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.   

With ANY.RUN you can:  

Detect malware in seconds.  

Interact with samples in real time.  

Save time and money on sandbox setup and maintenance  

Record and study all aspects of malware behavior.  

Collaborate with your team  

Scale as you need. 

Try the full power of ANY.RUN with a free trial 

The post Release Notes: New YARA Rules, Signatures, Config Extractors, and More  appeared first on ANY.RUN’s Cybersecurity Blog.

Article Link: https://any.run/cybersecurity-blog/release-notes-august-2024/

1 post – 1 participant

Read full topic

​Welcome to ANY.RUN‘s monthly update, where we share what our team has been working on. 
In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved network detection rules.  
Here’s a closer look at what we’ve done in August: 
New YARA rules 
Our YARA rules have been refined and updated to improve detection accuracy for various malware families. 
The newly added and updated rules now cover a broader spectrum of threats, including: 

GoInjector 
Luder 
Xdspyloader  
Guloader (with fixes) 
DarkRoad 
PyInstaller  
WannaCry  
MuddyRot  
Phorpiex  
Onlineclipper  
MeshAgent  
Prince  
Razr 
Snake Keylogger  (updated) 
Zusy Ransomware  
Luke Ransomware 
Smert Ransomware  

Let us help you integrate ANY.RUN solutions in your organization 

Contact Sales

New Signatures 
We’ve added new signatures to enhance the detection of specific malware families, including Gamarue, Peristeronic, RobotDropper, and MouseLoader. These signatures are important for recognizing the unique behaviors and indicators of compromise (IOCs) associated with specific threats. 
This month, we’ve added a total of 63 new signatures, including: 

Gamarue  
Peristeronic 
Robotdropper 
Mouseloader 
Astaroth
Casbaneiro
Hawkeye
Blackbasta
Document phishing  
Brand_apple  
Brand_docusign   
Brand_adobe 

New malware config extractors added and fixed 
In August, we added a new XOR-URL extractor to the ANY.RUN platform, designed to help decode XOR-obfuscated URLs used by malware to hide its command-and-control servers or other endpoints. 

XOR-URL in ANY.RUN sandbox 

We have also refined and updated extractors for Snake Keylogger and CryptBot. These updates improve the accuracy and effectiveness of detecting and analyzing configurations related to these specific malware families. 

Snake Keylogger in ANY.RUN sandbox 
Network detections 
In August, our primary focus for network detection rules remained on identifying phishing activities by malicious actors. Throughout the month, we flagged 11,316 public submissions as phishing, which is a significant increase of 2,162 from July. 

Let us show you how ANY.RUN can help your SOC team – book a call with us

New Suricata rules 
Over the past month, we’ve added 69 new Suricata rules, expanding our phishing detection capabilities to 562. The latter can be categorized into several types, each targeting different aspects of phishing activities: 

31 domains identified as phishing and added to our rule base 

17 proactive rules that focus on the behavioral patterns of phishing mechanisms 

6 sites identified for redirecting users through domain chains to a final phishing endpoint 

15 informational rules that provide critical insights and assist in phishing hunts 

 About ANY.RUN   
ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.   
With ANY.RUN you can:  

Detect malware in seconds.  

Interact with samples in real time.  

Save time and money on sandbox setup and maintenance  

Record and study all aspects of malware behavior.  

Collaborate with your team  

Scale as you need. 

Try the full power of ANY.RUN with a free trial 
The post Release Notes: New YARA Rules, Signatures, Config Extractors, and More  appeared first on ANY.RUN’s Cybersecurity Blog.
Article Link: https://any.run/cybersecurity-blog/release-notes-august-2024/
1 post – 1 participant
Read full topic