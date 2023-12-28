DUBAI, UNITED ARAB EMIRATES, December 28, 2023 /EINPresswire.com/ -- ANY.RUN, a cloud-based malware analysis sandbox, today announced the release of new features and updates for December 2023. The most notable addition is Automated Interactivity (AI), which employs machine learning to automate repetitive tasks and enhance malware analysis operations.

𝐍𝐞𝐰 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐬

𝐴𝑢𝑡𝑜𝑚𝑎𝑡𝑒𝑑 𝐼𝑛𝑡𝑒𝑟𝑎𝑐𝑡𝑖𝑣𝑖𝑡𝑦 (𝐴𝐼)

ANY.RUN’s new AI capability mimics human actions during malware analysis. It automatically navigates through setup forms, CAPTCHAs, installation windows, and other scenarios requiring human intervention, allowing users to reduce their involvement in the analysis process. The feature is enabled by default for API tasks and can be turned on or off for web-based tasks.

𝐸𝑥𝑝𝑎𝑛𝑑𝑒𝑑 𝑆𝑢𝑟𝑖𝑐𝑎𝑡𝑎 𝑟𝑢𝑙𝑒𝑠

ANY.RUN’s Suricata rules have been expanded, providing users with more granular information when a detection occurs. This includes identifying the affected traffic segment, detailing the relevant fields, and often viewing the rule itself within the interface.

This enhanced transparency allows users to better understand each detection and apply the rules in their own incident investigations.

𝐍𝐞𝐰 𝐘𝐀𝐑𝐀 𝐑𝐮𝐥𝐞𝐬

ANY.RUN has added new signatures to detect various activities within the task. These rules cover the following malware families:

• W4SP Stealer

• Klippr

• OriginBotnet

• DarkGate

• IcedId

𝐍𝐞𝐰 𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚 𝐫𝐮𝐥𝐞𝐬 𝐚𝐧𝐝 𝐮𝐩𝐝𝐚𝐭𝐞𝐬

In addition to the new YARA rules, ANY.RUN has also added multiple new Suricata signatures. Here’s a breakdown of the additions:

• Stealers: Detection for AxileStealer, an updated version of Vidar, and AlbumStealer.

• Backdoors: Detection for Gh0stRat’s encrypted DLL, which can be hidden within JPEG files.

• Loaders: Updated signature for DarkGate, which altered its activities following ANY.RUN’s Twitter post on its new techniques. Additionally, signatures for Pikabot and QakBot have been added.

• Proxy: Detection for GoProxy.

• Ransomware: Detection for DirCrypt.

Learn more details in ANY.RUN’s blog post.