ANY.RUN explained

ANY.RUN
Developer:Aleksey Lapshin
Released:2016
Operating System:Windows 7, Windows 10, Windows 11, Linux
Platform:Web-based
Genre:Cybersecurity
Website:Official website

ANY.RUN is a cybersecurity company that provides an interactive malware analysis sandbox and threat intelligence services for real-time analysis and investigations of malware and phishing threats.[1] [2] The platform is designed for use by cybersecurity professionals, researchers, and IT specialists, providing tools for interactive analysis of malicious software and behavior and threat intelligence services.[3] [4]

History

ANY.RUN was created in 2016 by Aleksey Lapshin and a small team of developers. The platform allowed users to manually interact with virtual environments and observe how malware operates in real time.

In 2018, ANY.RUN opened its free community version to the public. Over time, the platform has introduced new features such as malware configuration extraction, improving its ability to detect malware families such as AsyncRAT, Lumma, Stealc, Vidar, and Formbook.[5]

In late 2023, the company expanded its services by launching Threat Intelligence Feeds, which provide streams of malicious indicators (IPs, domains, and URLs) collected and pre-processed from public sessions launched in the ANY.RUN sandbox.[6]

In early 2024, ANY.RUN introduced Threat Intelligence Lookup, a tool that offers access to an up-to-date threat database.[7] The same year, ANY.RUN made Windows 10 virtual environments available to all users, including those on the free plan.[8]

Sandbox features

The main feature of ANY.RUN is its interactive malware analysis, which allows users to manually interact with a virtual machine in real time while monitoring malicious activity. This includes interacting with malware that requires user actions, such as clicking prompts or enabling macros. The platform records all actions, providing reports that include network requests, process creation, file modifications, and registry changes.[9] [10] [11]

The platform is cloud-based and accessible from any web browser. The platform also supports collaboration, allowing users to share their findings through public or private links.[12] [13] Reports are generated with process graphs, indicators of compromise (IOCs), and visual analysis, allowing tracking of malware behavior step by step.

TI Lookup features

Threat Intelligence Lookup allows security analysts to collect data and gain context related to various malware and phishing threats using over 40 parameters, including IP addresses, domains, ASNs, registry keys, and other indicators. It also offers built-in YARA Search, enabling users to find samples of malware that match their custom detection rules.[14]

Usage

ANY.RUN is used by 500,000 cybersecurity operators globally, including large enterprises and independent researchers.[15] The platform is used for malware research, threat intelligence, and incident response, providing insights into malware behavior and attack vectors.[16] [17] [18] [19] The sandbox offers a free version with limited resources, and its paid plans include Hunter and Enterprise, which provide private mode, teamworking, and API access. TI Lookup is a separate product and requires an additional license.

Integrations

ANY.RUN integrates with several cybersecurity tools, including Splunk and OpenCTI. The platform also offers an API for enterprise customers to incorporate ANY.RUN’s analysis capabilities into their existing security workflows.

See also

References

  1. Book: Yahia, Mostafa . Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs . 2023-08-25 . Packt Publishing Ltd . 978-1-83763-875-8 . en.
  2. Book: Ahmed, Mohiuddin . Next-Generation Enterprise Security and Governance . Moustafa . Nour . Barkat . Abu . Haskell-Dowland . Paul . 2022-04-19 . CRC Press . 978-1-000-56979-7 . en.
  3. Web site: Any.Run - An Interactive Malware Analysis Tool - Is Now Open To The Public . 2024-11-13 . BleepingComputer . en-us.
  4. Web site: ANY.RUN: Interactive Malware Analysis Sandbox Platform . 2024-11-13 . TheSecMaster . en.
  5. Web site: Ragupathy . Kaaviya . 2024-06-04 . ANY RUN Sandbox Added New Features to Analyse Sophisticated Malware . 2024-11-13 . Cyber Security News . en-US.
  6. Web site: 2024-03-19 . How ANY.RUN Process IOCs for Threat Intelligence Lookup? . 2024-11-13 . GBHackers Security . en.
  7. Web site: 2024-02-13 . ANY.RUN Threat Intelligence Lookup Tool - A Repository of Millions of Malware IOCs . 2024-11-13 . Cyber Security News . en.
  8. Web site: N . Balaji . 2024-07-03 . Free Malware Research with ANY.RUN Sandbox: Now Windows 10 Access for All Users . 2024-11-13 . Cyber Security News . en-US.
  9. Book: Kleymenov, Alexey . Mastering Malware Analysis: A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks . Thabet . Amr . 2022-09-30 . Packt Publishing Ltd . 978-1-80323-081-8 . en.
  10. Muñoz . Diego . Cordero . David . Barría Huidobro . Cristian . 2019 . Mata-Rivera . Miguel Felix . Zagal-Flores . Roberto . Barría-Huidobro . Cristian . Methodology for Malware Scripting Analysis in Controlled Environments Based on Open Source Tools . Telematics and Computing . en . Cham . Springer International Publishing . 345–354 . 10.1007/978-3-030-33229-7_29 . 978-3-030-33229-7.
  11. Web site: 2024-02-22 . How to Analyse Crypto Malware in ANY.RUN Sandbox ? . 2024-11-13 . Cyber Security News . en-US.
  12. Book: Dahj, Jean Nestor M. . Mastering Cyber Intelligence: Gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense . 2022-04-29 . Packt Publishing Ltd . 978-1-80020-828-5 . en.
  13. Book: Davidoff, Sherri . Ransomware and Cyber Extortion: Response and Prevention . Durrin . Matt . Sprenger . Karen . 2022-10-18 . Addison-Wesley Professional . 978-0-13-745043-5 . en.
  14. Web site: 5 Techniques for Collecting Cyber Threat Intelligence . 2024-11-13 . The Hacker News . en.
  15. Web site: N . Balaji . 2024-10-24 . DarkComet RAT - A Remote Access Tool Lets Attackers Remotely Control Windows . 2024-11-13 . Cyber Security News . en-US.
  16. Web site: Fadilpašić . Sead . 2024-07-22 . Hackers are already targeting users with fake CrowdStrike fixes — here's what we've seen so far . 2024-11-13 . TechRadar . en.
  17. Web site: Google Search Ads Show Malware Again, This Time for Fake Authenticator . 2024-11-13 . PCMAG . en.
  18. Web site: CISA warns of notable increase in LokiBot malware . 2024-11-13 . ZDNET . en.
  19. Web site: Emotet hijacks email conversation threads to insert links to malware . 2024-11-13 . ZDNET . en.

External links

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "ANY.RUN".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2025, A B Cryer, All Rights Reserved. Cookie policy.