ANY.RUN

ANY.RUN was created in 2016 by Aleksey Lapshin and a small team of developers. The platform allowed users to manually interact with virtual environments and observe how malware operates in real time.

In 2018, ANY.RUN opened its free community version to the public. Over time, the platform has introduced new features such as malware configuration extraction, improving its ability to detect malware families such as AsyncRAT, Lumma, Stealc, Vidar, and Formbook.{{Cite web |last=Ragupathy |first=Kaaviya |date=2024-06-04 |title=ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware |url=https://cybersecuritynews.com/any-run-sandbox-added-new-features-to-analyse/ |access-date=2024-11-13 |website=Cyber Security News |language=en-US}}

In late 2023, the company expanded its services by launching Threat Intelligence Feeds, which provide streams of malicious indicators (IPs, domains, and URLs) collected and pre-processed from public sessions launched in the ANY.RUN sandbox.{{Cite web |date=2024-03-19 |title=How ANY.RUN Process IOCs for Threat Intelligence Lookup? |url=https://gbhackers.com/process-iocs-for-threat-intelligence-lookup/ |access-date=2024-11-13 |website=GBHackers Security |language=en}}

In early 2024, ANY.RUN introduced Threat Intelligence Lookup, a tool that offers access to an up-to-date threat database.{{Cite web |date=2024-02-13 |title=ANY.RUN Threat Intelligence Lookup Tool - A Repository of Millions of Malware IOCs |url=https://cybersecuritynews.com/any-run-threat-intelligence-lookup/ |access-date=2024-11-13 |website=Cyber Security News |language=en}} The same year, ANY.RUN made Windows 10 virtual environments available to all users, including those on the free plan.{{Cite web |last=N |first=Balaji |date=2024-07-03 |title=Free Malware Research with ANY.RUN Sandbox: Now Windows 10 Access for All Users |url=https://cybersecuritynews.com/any-run-sandbox-now-open-windows-10-access-for-all-users/ |access-date=2024-11-13 |website=Cyber Security News |language=en-US}}

The main feature of ANY.RUN is its interactive malware analysis, which allows users to manually interact with a virtual machine in real time while monitoring malicious activity. This includes interacting with malware that requires user actions, such as clicking prompts or enabling macros. The platform records all actions, providing reports that include network requests, process creation, file modifications, and registry changes.{{Cite book |last=Kleymenov |first=Alexey |title=Mastering Malware Analysis: A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks |last2=Thabet |first2=Amr |date=2022-09-30 |publisher=Packt Publishing Ltd |isbn=978-1-80323-081-8 |language=en}}{{Cite journal |last=Muñoz |first=Diego |last2=Cordero |first2=David |last3=Barría Huidobro |first3=Cristian |date=2019 |editor-last=Mata-Rivera |editor-first=Miguel Felix |editor2-last=Zagal-Flores |editor2-first=Roberto |editor3-last=Barría-Huidobro |editor3-first=Cristian |title=Methodology for Malware Scripting Analysis in Controlled Environments Based on Open Source Tools |journal=Telematics and Computing |language=en |location=Cham |publisher=Springer International Publishing |pages=345–354 |doi=10.1007/978-3-030-33229-7_29 |isbn=978-3-030-33229-7}}{{Cite web |date=2024-02-22 |title=How to Analyse Crypto Malware in ANY.RUN Sandbox ? |url=https://cybersecuritynews.com/how-to-analyse-crypto-malware/ |access-date=2024-11-13 |website=Cyber Security News |language=en-US}}

The platform is cloud-based and accessible from any web browser. The platform also supports collaboration, allowing users to share their findings through public or private links.{{Cite book |last=Dahj |first=Jean Nestor M. |title=Mastering Cyber Intelligence: Gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense |date=2022-04-29 |publisher=Packt Publishing Ltd |isbn=978-1-80020-828-5 |language=en}}{{Cite book |last=Davidoff |first=Sherri |title=Ransomware and Cyber Extortion: Response and Prevention |last2=Durrin |first2=Matt |last3=Sprenger |first3=Karen |date=2022-10-18 |publisher=Addison-Wesley Professional |isbn=978-0-13-745043-5 |language=en}} Reports are generated with process graphs, indicators of compromise (IOCs), and visual analysis, allowing tracking of malware behavior step by step.

Threat Intelligence Lookup allows security analysts to collect data and gain context related to various malware and phishing threats using over 40 parameters, including IP addresses, domains, ASNs, registry keys, and other indicators. It also offers built-in YARA Search, enabling users to find samples of malware that match their custom detection rules.{{Cite web |title=5 Techniques for Collecting Cyber Threat Intelligence |url=https://thehackernews.com/2024/10/5-techniques-for-collecting-cyber.html |access-date=2024-11-13 |website=The Hacker News |language=en}}

ANY.RUN is used by 500,000 cybersecurity operators globally, including large enterprises and independent researchers.{{Cite web |last=N |first=Balaji |date=2024-10-24 |title=DarkComet RAT - A Remote Access Tool Lets Attackers Remotely Control Windows |url=https://cybersecuritynews.com/darkcomet-rat/ |access-date=2024-11-13 |website=Cyber Security News |language=en-US}} The platform is used for malware research, threat intelligence, and incident response, providing insights into malware behavior and attack vectors.{{Cite web |last=Fadilpašić |first=Sead |date=2024-07-22 |title=Hackers are already targeting users with fake CrowdStrike fixes — here's what we've seen so far |url=https://www.techradar.com/pro/security/hackers-are-already-targeting-users-with-fake-crowdstrike-fixes-heres-what-weve-seen-so-far |access-date=2024-11-13 |website=TechRadar |language=en}}{{Cite web |title=Google Search Ads Show Malware Again, This Time for Fake Authenticator |url=https://www.pcmag.com/news/google-search-ads-show-malware-again-this-time-for-fake-authenticator |access-date=2024-11-13 |website=PCMAG |language=en}}{{Cite web |title=CISA warns of notable increase in LokiBot malware |url=https://www.zdnet.com/article/cisa-warns-of-notable-increase-in-lokibot-malware/ |access-date=2024-11-13 |website=ZDNET |language=en}}{{Cite web |title=Emotet hijacks email conversation threads to insert links to malware |url=https://www.zdnet.com/article/emotet-hijacks-email-conversation-threads-to-insert-links-to-malware/ |access-date=2024-11-13 |website=ZDNET |language=en}} The sandbox offers a free version with limited resources, and its paid plans include Hunter and Enterprise, which provide private mode, teamworking, and API access. TI Lookup is a separate product and requires an additional license.

ANY.RUN integrates with several cybersecurity tools, including Splunk and OpenCTI. The platform also offers an API for enterprise customers to incorporate ANY.RUN’s analysis capabilities into their existing security workflows.

• Malware analysis
• Cybersecurity
• Sandbox (computer security)
• VirusTotal

• [https://any.run/ ANY.RUN official website]

Category:2016 software

Category:Computer security companies