Here is How We Improved ANY.RUN's Threat Coverage in December

As we wrap up 2024, we’re excited to share the final release notes of the year, and they’re packed with updates you’re going to love!??

This December, we’ve shared some great news with our?ANY.RUN?community. From new wildcards and search operators in?TI Lookup?to the launch of our MISP instance and an upgraded?Teamwork?feature, we’ve been working to make your workflows smoother and more collaborative.???

And of course, we’ve expanded our threat coverage to improve the precision and efficiency of your organization's security response. Let’s dive in!??

Threat Coverage Updates?

In December, we expanded our detection capabilities, adding 58 new malware signatures, introducing advanced YARA rules, and further improving our machine learning (ML) models, helping organizations quickly identify and evaluate potential threats. This enables faster incident response, reduces risk, and ensures the protection of sensitive information and systems.?

?? Signatures??

We’ve introduced 58 new signatures targeting a diverse range of malware families. Here are some of them:??

• Omani???

• Kunwoo???

• Ludbaruma???

• Trik???

• Sainbox???

• Expiro???

• Trickbot??

• Vidar??

• Lumma??

• Sonic??

• Pinegrove??

• Dusttrap??

???? APT Detection Updates??

We’ve enhanced our detection capabilities for several known APT attacks, as they represent a major threat to businesses. SimpleHelp, BugSleep, and PortStarter are now comprehensively monitored to prevent the consequences they can bring: sensitive data breaches, financial losses, and reputational damage.?

?? Suricata Rule Updates??

This month, we’ve significantly expanded our Suricata rule collection by adding 5,159 new rules, enhancing the?detection accuracy across a variety of threats.?This helps security professionals make informed decisions and take proactive security steps to reduce risks and prevent costly breaches across organizations.?

These updates include focused detections for phishing kits, such as:??

• Gabagool???

• WikiKit???

• LogoKit???

?? New YARA Rules??

5 new YARA rules were added this month for more precise detection:??

• Fog Ransom???

• ArechClient2???

• Dusttrap???

• CVE-2024-38213??

• Umbral?

?? Automated Interactivity Enhancements??

We’ve fine-tuned our automated interactivity clicker, making it smarter. These updates mean it’s now even better at interacting with malware samples, accurately simulating how real users might behave.??

Discover how #ANYRUN’s Automated Interactivity enhances threat detection, offering deeper and more accurate analysis of complex threats to improve your research and incident investigations.??? Watch our video?

With these improvements, detecting complex threats just got easier. We made sure you get even more reliable results for your investigations.??

?? About ANY.RUN?

#ANYRUN is a leading provider of a cloud-based malware analysis sandbox for effective threat hunting.?Our threat intelligence products,?TI Lookup,?YARA Search, and?Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.?#ANYRUN is used by organizations of all sizes, including Fortune 500 companies, government agencies, and educational institutions.?

Empower your security team with rapid results, in-depth threat reports, tailored customization, unlimited sandbox sessions, and the ability to collaborate effectively within your team to maintain smooth communication and efficient workflows across your organization.?

Get a 14-day free trial of ANY.RUN’s Interactive Sandbox →?