Welcome to ANY.RUN‘s monthly update, where we share what our team has been working on.
In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved network detection rules.
Here’s a closer look at what we’ve done in August:
New YARA rules
Our YARA rules have been refined and updated to improve detection accuracy for various malware families.
The newly added and updated rules now cover a broader spectrum of threats, including:
GoInjector
Luder
Xdspyloader
Guloader (with fixes)
DarkRoad
PyInstaller
WannaCry
MuddyRot
Phorpiex
Onlineclipper
MeshAgent
Prince
Razr
Snake Keylogger (updated)
Zusy Ransomware
Luke Ransomware
Smert Ransomware
Let us help you integrate ANY.RUN solutions
in your organization
New Signatures
We’ve added new signatures to enhance the detection of specific malware families, including Gamarue, Peristeronic, RobotDropper, and MouseLoader. These signatures are important for recognizing the unique behaviors and indicators of compromise (IOCs) associated with specific threats.
This month, we’ve added a total of 63 new signatures, including:
Gamarue
Peristeronic
Robotdropper
Mouseloader
Astaroth
Casbaneiro
Hawkeye
Blackbasta
Document phishing
Brand_apple
Brand_docusign
Brand_adobe
New malware config extractors added and fixed
In August, we added a new XOR-URL extractor to the ANY.RUN platform, designed to help decode XOR-obfuscated URLs used by malware to hide its command-and-control servers or other endpoints.
We have also refined and updated extractors for Snake Keylogger and CryptBot. These updates improve the accuracy and effectiveness of detecting and analyzing configurations related to these specific malware families.
Network detections
In August, our primary focus for network detection rules remained on identifying phishing activities by malicious actors. Throughout the month, we flagged 11,316 public submissions as phishing, which is a significant increase of 2,162 from July.
Let us show you how ANY.RUN can help your SOC team – book a call with us
New Suricata rules
Over the past month, we’ve added 69 new Suricata rules, expanding our phishing detection capabilities to 562. The latter can be categorized into several types, each targeting different aspects of phishing activities:
31 domains identified as phishing and added to our rule base
17 proactive rules that focus on the behavioral patterns of phishing mechanisms
6 sites identified for redirecting users through domain chains to a final phishing endpoint
15 informational rules that provide critical insights and assist in phishing hunts
About ANY.RUN
ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.
With ANY.RUN you can:
Detect malware in seconds.
Interact with samples in real time.
Save time and money on sandbox setup and maintenance
Record and study all aspects of malware behavior.
Collaborate with your team
Scale as you need.
Try the full power of ANY.RUN with a free trial
The post Release Notes: New YARA Rules, Signatures, Config Extractors, and More appeared first on ANY.RUN’s Cybersecurity Blog.
Article Link: https://any.run/cybersecurity-blog/release-notes-august-2024/
1 post – 1 participant
Welcome to ANY.RUN‘s monthly update, where we share what our team has been working on.
In August, we focused on enhancing our detection tools and improving your experience. We added the new XOR-URL extractor, updated YARA rules, added new signatures, and improved network detection rules.
Here’s a closer look at what we’ve done in August:
New YARA rules
Our YARA rules have been refined and updated to improve detection accuracy for various malware families.
The newly added and updated rules now cover a broader spectrum of threats, including:
GoInjector
Luder
Xdspyloader
Guloader (with fixes)
DarkRoad
PyInstaller
WannaCry
MuddyRot
Phorpiex
Onlineclipper
MeshAgent
Prince
Razr
Snake Keylogger (updated)
Zusy Ransomware
Luke Ransomware
Smert Ransomware
Let us help you integrate ANY.RUN solutions in your organization
Contact Sales
New Signatures
We’ve added new signatures to enhance the detection of specific malware families, including Gamarue, Peristeronic, RobotDropper, and MouseLoader. These signatures are important for recognizing the unique behaviors and indicators of compromise (IOCs) associated with specific threats.
This month, we’ve added a total of 63 new signatures, including:
Gamarue
Peristeronic
Robotdropper
Mouseloader
Astaroth
Casbaneiro
Hawkeye
Blackbasta
Document phishing
Brand_apple
Brand_docusign
Brand_adobe
New malware config extractors added and fixed
In August, we added a new XOR-URL extractor to the ANY.RUN platform, designed to help decode XOR-obfuscated URLs used by malware to hide its command-and-control servers or other endpoints.
XOR-URL in ANY.RUN sandbox
We have also refined and updated extractors for Snake Keylogger and CryptBot. These updates improve the accuracy and effectiveness of detecting and analyzing configurations related to these specific malware families.
Snake Keylogger in ANY.RUN sandbox
Network detections
In August, our primary focus for network detection rules remained on identifying phishing activities by malicious actors. Throughout the month, we flagged 11,316 public submissions as phishing, which is a significant increase of 2,162 from July.
Let us show you how ANY.RUN can help your SOC team – book a call with us
New Suricata rules
Over the past month, we’ve added 69 new Suricata rules, expanding our phishing detection capabilities to 562. The latter can be categorized into several types, each targeting different aspects of phishing activities:
31 domains identified as phishing and added to our rule base
17 proactive rules that focus on the behavioral patterns of phishing mechanisms
6 sites identified for redirecting users through domain chains to a final phishing endpoint
15 informational rules that provide critical insights and assist in phishing hunts
About ANY.RUN
ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.
With ANY.RUN you can:
Detect malware in seconds.
Interact with samples in real time.
Save time and money on sandbox setup and maintenance
Record and study all aspects of malware behavior.
Collaborate with your team
Scale as you need.
Try the full power of ANY.RUN with a free trial
The post Release Notes: New YARA Rules, Signatures, Config Extractors, and More appeared first on ANY.RUN’s Cybersecurity Blog.
Article Link: https://any.run/cybersecurity-blog/release-notes-august-2024/
1 post – 1 participant
Read full topic