ANY.RUN

ANY.RUN

Developer(s)	Aleksey Lapshin
Initial release	2016
Operating system	Windows 7, Windows 10, Windows 11, Linux
Platform	Web-based
Type	Cybersecurity
Website	Official website

ANY.RUN is a vendor of interactive malware analysis sandbox and threat intelligence services for real-time analysis of suspicious files and URLs.^[1][2] The platform is designed for use by cybersecurity professionals, researchers, and IT specialists, providing tools for interactive analysis of malicious software and behavior and threat intelligence services.^[3][4]

History

ANY.RUN was created in 2016 by Aleksey Lapshin and a small team of developers. The platform allowed users to manually interact with virtual environments and observe how malware operates in real time​.^[3]

In 2018, ANY.RUN opened its free community version to the public. Over time, the platform has introduced new features such as malware configuration extraction, improving its ability to detect malware families such as AsyncRAT, Lumma, Stealc, Vidar, and Formbook.^[5]

In late 2023, the company expanded its services by launching Threat Intelligence Feeds, which provide streams of malicious indicators (IPs, domains, and URLs) collected and pre-processed from public sessions launched in the ANY.RUN sandbox.^[6]

In early 2024, ANY.RUN introduced Threat Intelligence Lookup, a tool that offers access to an up-to-date threat database.^[7] The same year, ANY.RUN made Windows 10 virtual environments available to all users, including those on the free plan.^[8]

Sandbox features

The main feature of ANY.RUN is its interactive malware analysis, which allows users to manually interact with a virtual machine in real time while monitoring malicious activity. This includes interacting with malware that requires user actions, such as clicking prompts or enabling macros. The platform records all actions, providing reports that include network requests, process creation, file modifications, and registry changes.^[9][10][11]

The platform is cloud-based and accessible from any web browser. The platform also supports collaboration, allowing users to share their findings through public or private links.^[12][13] Reports are generated with process graphs, indicators of compromise (IOCs), and visual analysis, allowing tracking of malware behavior step by step.^[4]

TI Lookup features

Threat Intelligence Lookup allows security analysts to collect data and gain context related to various malware and phishing threats using over 40 parameters, including IP addresses, domains, ASNs, registry keys, and other indicators. It also offers built-in YARA Search, enabling users to find samples of malware that match their custom detection rules.^[14][7]

Usage

ANY.RUN is used by 500,000 cybersecurity operators globally, including large enterprises and independent researchers.^[15] The platform is used for malware research, threat intelligence, and incident response, providing insights into malware behavior and attack vectors.^{[5][16][17][18][19]} The sandbox offers a free version with limited resources, and its paid plans include Hunter and Enterprise, which provide private mode, teamworking, and API access. TI Lookup is a separate product and requires an additional license.^[3]

Integrations

ANY.RUN integrates with several cybersecurity tools, including Splunk and OpenCTI. The platform also offers an API for enterprise customers to incorporate ANY.RUN’s analysis capabilities into their existing security workflows.^[3][4]

See also

• Malware analysis
• Cybersecurity
• Sandbox (computer security)
• VirusTotal

References

1. Yahia, Mostafa (2023-08-25). Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs. Packt Publishing Ltd. ISBN 978-1-83763-875-8.
2. Ahmed, Mohiuddin; Moustafa, Nour; Barkat, Abu; Haskell-Dowland, Paul (2022-04-19). Next-Generation Enterprise Security and Governance. CRC Press. ISBN 978-1-000-56979-7.
3. "Any.Run - An Interactive Malware Analysis Tool - Is Now Open To The Public". BleepingComputer. Retrieved 2024-11-13.
4. "ANY.RUN: Interactive Malware Analysis Sandbox Platform". TheSecMaster. Retrieved 2024-11-13.
5. Ragupathy, Kaaviya (2024-06-04). "ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware". Cyber Security News. Retrieved 2024-11-13.
6. "How ANY.RUN Process IOCs for Threat Intelligence Lookup?". GBHackers Security. 2024-03-19. Retrieved 2024-11-13.
7. "ANY.RUN Threat Intelligence Lookup Tool - A Repository of Millions of Malware IOCs". Cyber Security News. 2024-02-13. Retrieved 2024-11-13.
8. N, Balaji (2024-07-03). "Free Malware Research with ANY.RUN Sandbox: Now Windows 10 Access for All Users". Cyber Security News. Retrieved 2024-11-13.
9. Kleymenov, Alexey; Thabet, Amr (2022-09-30). Mastering Malware Analysis: A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks. Packt Publishing Ltd. ISBN 978-1-80323-081-8.
10. Muñoz, Diego; Cordero, David; Barría Huidobro, Cristian (2019). Mata-Rivera, Miguel Felix; Zagal-Flores, Roberto; Barría-Huidobro, Cristian (eds.). "Methodology for Malware Scripting Analysis in Controlled Environments Based on Open Source Tools". Telematics and Computing. Cham: Springer International Publishing: 345–354. doi:10.1007/978-3-030-33229-7_29. ISBN 978-3-030-33229-7.
11. "How to Analyse Crypto Malware in ANY.RUN Sandbox ?". Cyber Security News. 2024-02-22. Retrieved 2024-11-13.
12. Dahj, Jean Nestor M. (2022-04-29). Mastering Cyber Intelligence: Gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense. Packt Publishing Ltd. ISBN 978-1-80020-828-5.
13. Davidoff, Sherri; Durrin, Matt; Sprenger, Karen (2022-10-18). Ransomware and Cyber Extortion: Response and Prevention. Addison-Wesley Professional. ISBN 978-0-13-745043-5.
14. "5 Techniques for Collecting Cyber Threat Intelligence". The Hacker News. Retrieved 2024-11-13.
15. N, Balaji (2024-10-24). "DarkComet RAT - A Remote Access Tool Lets Attackers Remotely Control Windows". Cyber Security News. Retrieved 2024-11-13.
16. Fadilpašić, Sead (2024-07-22). "Hackers are already targeting users with fake CrowdStrike fixes — here's what we've seen so far". TechRadar. Retrieved 2024-11-13.
17. "Google Search Ads Show Malware Again, This Time for Fake Authenticator". PCMAG. Retrieved 2024-11-13.
18. "CISA warns of notable increase in LokiBot malware". ZDNET. Retrieved 2024-11-13.
19. "Emotet hijacks email conversation threads to insert links to malware". ZDNET. Retrieved 2024-11-13.

External links

• ANY.RUN official website