ANY.RUN monthly updates: New Detection Rules, Increased Threat Coverage, and More

DUBAI, UAE, July 5, 2023/EINPresswire.com/ — ANY.RUN, a cloud interactive sandbox for malware analysis, has released a Monthly Updates: New Detection Rules, Increased Threat Coverage in their blog.

??????? ???????

1. ??????????? ?????. Users can now assign a home user’s IP to virtual machines and change the location, making it easier to work with geo-targeted samples and evade detection.
2. ??????? ??????? ????????. On Windows 10 and 11 machines, ANY.RUN changed the default web browser to Edge, instead of the previously used Internet Explorer.
3. ???????????? ?????? ?????. Users can now download memory dumps and analyze them locally. This option is available under the “Advanced details” section of the process window.

??????? ?????? ??????????

ANY.RUN has added 4 new extractors to the sandbox: PrivateLoader, Typhon, LaplasClipper and LummaStealer. Also, ANY.RUN has completely updated AgentTesla’s config extractors.

???? ?????

ANY.RUN released YARA rules that detect ????????? and ?????.

??? ??????? ??? ?????? ????????? ?????

• 367 new detection rules added.
• QuasarRAT connection detection.
• Added 9 rules to detect suspicious PowerShell scripts.
• Gh0stCringe tool detection.
• Exfiltration to Discord and Telegram.

????????? ?????? ????????

• Bibleoteka backdoor discovery.
• PseudoManuscrypt access.
• Malware on file-sharing services.
• Faster Xworm detection.
• Response to Medusa Stealer.

???.??? ​​??????????? ???? ?? ????

Now ANY.RUN shares their rules with the community, ObserverStealer, Medusa Stealer, RisePro TCP v.0.1, Lumma Stealer Configuration, StatusRecorder, and DynamicRAT signatures have been added.

The ANY.RUN team works hard to keep up with emerging threats.

Read more with examples in the article at ANY.RUN.

Vlada Belousova
ANYRUN FZCO
2027889264
email us here
Visit us on social media:
Twitter
YouTube