Welcome to ANY.RUN’s monthly update series, where we share what the team has been working on this past month.
In January, we expanded ANY.RUN’s capabilities, with the support of Linux, improved phishing coverage, detected new threats like Bitter-wmRAT and MustangPanda-Toneshell, introduced over 17 new signatures, including Linux ones, and added multiple new Yara rules.
We’ve expanded our capabilities to include support for analyzing Linux-based malware. Now, you can research malware samples targeting Linux right in your browser!
Linux VM running in ANY.RUN — a miner is detected on Linux
This is a significant step for ANY.RUN as we extend our interactive analysis capabilities to the Linux platform, specifically Ubuntu 22.04.2. Our service offers real-time monitoring of suspicious activities and provides access to IOCs even before task completion. Additionally, you will receive detailed reports like MITTRE ATT&CK Matrix, Process Graph, and IOCs Report to help you extract actionable information quickly.
MITRE ATT&CK Matrix is available for Linux tasks in ANY.RUN
Ready to analyze Linux-based malware in ANY.RUN? Get started todayRegister for free
Improved phishing coverage
In January, we enhanced our network detection capabilities by introducing new phishing rules. These rules not only include specific domains, but also domain correlations but also address the RDGA threat associated with MageCart. We gave particular attention to monitoring the Caffeine phishing kit.
New threats detected in January
Additionally, we’ve identified a new remote access tool called RadX. Learn more about it here
New Signatures and Yara Rules
We have introduced 17 new signatures for our production system, along with approximately 14 new Linux signatures. We have also added a Yara rule for BazaLoader, which we’ve shared with the community in our GitHub repository here— feel free to use it for your own work.
Other updated and added rules include:
We’ve also shared detection rules with The ET community, including ZharkBot, RadX, and Xeno-RAT.
Easily analyze emerging malware with ANY.RUN cloud malware sandboxRegister for free
We’ve implemented multiple fixes, including one related to BazaLoader and another for RADX. Issues with SystemBC Yara and the extractor were resolved. We’ve also implemented fixes for PrivateLoader and GCleaner, regarding their detection and C2 extraction.
ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.
Request a demo today and enjoy 14 days of free access to our Enterprise plan.
The post Release Notes: Linux Support, New Signatures, and Coverage of Emerging Threats appeared first on ANY.RUN's Cybersecurity Blog.