ANY.RUN Unveils Automated Interactivity and Updated YARA Rules

Off Uncategorized,

DUBAI, UNITED ARAB EMIRATES, December 28, 2023 /EINPresswire.com/ — ANY.RUN, a cloud-based malware analysis sandbox, today announced the release of new features and updates for December 2023. The most notable addition is Automated Interactivity (AI), which employs machine learning to automate repetitive tasks and enhance malware analysis operations.

๐๐ž๐ฐ ๐…๐ž๐š๐ญ๐ฎ๐ซ๐ž๐ฌ

๐ด๐‘ข๐‘ก๐‘œ๐‘š๐‘Ž๐‘ก๐‘’๐‘‘ ๐ผ๐‘›๐‘ก๐‘’๐‘Ÿ๐‘Ž๐‘๐‘ก๐‘–๐‘ฃ๐‘–๐‘ก๐‘ฆ (๐ด๐ผ)
ANY.RUNโ€™s new AI capability mimics human actions during malware analysis. It automatically navigates through setup forms, CAPTCHAs, installation windows, and other scenarios requiring human intervention, allowing users to reduce their involvement in the analysis process. The feature is enabled by default for API tasks and can be turned on or off for web-based tasks.

๐ธ๐‘ฅ๐‘๐‘Ž๐‘›๐‘‘๐‘’๐‘‘ ๐‘†๐‘ข๐‘Ÿ๐‘–๐‘๐‘Ž๐‘ก๐‘Ž ๐‘Ÿ๐‘ข๐‘™๐‘’๐‘ 
ANY.RUNโ€™s Suricata rules have been expanded, providing users with more granular information when a detection occurs. This includes identifying the affected traffic segment, detailing the relevant fields, and often viewing the rule itself within the interface.

This enhanced transparency allows users to better understand each detection and apply the rules in their own incident investigations.

๐๐ž๐ฐ ๐˜๐€๐‘๐€ ๐‘๐ฎ๐ฅ๐ž๐ฌ

ANY.RUN has added new signatures to detect various activities within the task. These rules cover the following malware families:
โ€ข W4SP Stealer
โ€ข Klippr
โ€ข OriginBotnet
โ€ข DarkGate
โ€ข IcedId

๐๐ž๐ฐ ๐’๐ฎ๐ซ๐ข๐œ๐š๐ญ๐š ๐ซ๐ฎ๐ฅ๐ž๐ฌ ๐š๐ง๐ ๐ฎ๐ฉ๐๐š๐ญ๐ž๐ฌ

In addition to the new YARA rules, ANY.RUN has also added multiple new Suricata signatures. Hereโ€™s a breakdown of the additions:
โ€ข Stealers: Detection for AxileStealer, an updated version of Vidar, and AlbumStealer.
โ€ข Backdoors: Detection for Gh0stRatโ€™s encrypted DLL, which can be hidden within JPEG files.
โ€ข Loaders: Updated signature for DarkGate, which altered its activities following ANY.RUNโ€™s Twitter post on its new techniques. Additionally, signatures for Pikabot and QakBot have been added.
โ€ข Proxy: Detection for GoProxy.
โ€ข Ransomware: Detection for DirCrypt.

Learn more details in ANY.RUNโ€™s blog post.

Veronika Trifonova
ANYRUN FZCO
+1 2027889264
email us here
Visit us on social media:
Twitter
YouTube

About The Author

Privacy Policy