DUBAI, DUBAI, UAE, July 27, 2023/EINPresswire.com/ — ANY.RUN, a cloud interactive sandbox for malware analysis, has released a Monthly Updates: Digital Signatures, New Network rules in their blog.
𝐏𝐫𝐨𝐝𝐮𝐜𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬
Digital signatures. Digital signature data is now accessible in ANY.RUN both for processes and modules.
𝐍𝐞𝐰 𝐘𝐀𝐑𝐀 𝐫𝐮𝐥𝐞𝐬 𝐚𝐧𝐝 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞𝐬
We’ve added a signature for lu0bot as well as new YARA rules for the following families: PureLoader, Revil\Sodinokibi, BanditStealer,Redosdru.
𝐂𝐨𝐧𝐟𝐢𝐠 𝐞𝐱𝐭𝐫𝐚𝐜𝐭𝐨𝐫 𝐚𝐝𝐝𝐢𝐭𝐢𝐨𝐧𝐬 𝐚𝐧𝐝 𝐟𝐢𝐱𝐞𝐬
ANY.RUN can automatically extract and decrypt the configuration for over 60 malware families, giving you quick access to encrypted strings.
𝐍𝐞𝐰 𝐌𝐐𝐬𝐓𝐓𝐮𝐛𝐨 𝐦𝐚𝐥𝐰𝐚𝐫𝐞 𝐟𝐨𝐮𝐧𝐝.
The Internet of Things (IoT) is all around us, and it has its own lightweight protocols, such as MQTT. Malicious actors decided to exploit this and have created yet another malware based on MQTT.
𝐈𝐧𝐜𝐫𝐞𝐚𝐬𝐞𝐝 𝐚𝐜𝐭𝐢𝐯𝐢𝐭𝐲 𝐨𝐟 𝐀𝐏𝐓 𝐠𝐫𝐨𝐮𝐩𝐬 𝐝𝐞𝐭𝐞𝐜𝐭𝐞𝐝 𝐢𝐧 𝐉𝐮𝐥𝐲
This month, ANY.RUN observed a surge in activity from APT groups such as APT37, Storm-0978, and Lazarus.
𝐍𝐞𝐰 𝐧𝐞𝐭𝐰𝐨𝐫𝐤 𝐚𝐧𝐝 𝐝𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐫𝐮𝐥𝐞𝐬
In July, ANY.RUN wrote 74 new network rules in the Suricata format.
• Minimal_PC_Miner, Repl.it Miner coverage added.
• A new rule created to mark Hydrochasma reverse proxy.
• Improved Danabot coverage.
• Two new phishing rules added.
• Fabookie, Stealc, Formbook, and GuLoader have also received additional rules for detecting network activity.for loading shellcode.
The ANY.RUN team works hard to keep up with emerging threats.
Read more with examples in the article at ANY.RUN.
Vlada Belousova
ANYRUN FZCO
email us here
Visit us on social media:
Twitter
YouTube
