ANY.RUN

❗ macOS VM is now live ❗ 25K+ U.S. businesses already run on macOS. Yet #macOS threats remain a blind spot for many SOC teams. 👇 Close this gap now with a broader cross-platform threat visibility for faster and confident response! any.run/cybersecurity-…

🏦 Protect critical infrastructure and customer trust. #ANYRUN supports triage, continuous monitoring, and threat hunting while keeping sensitive data under strict control. ✅ Identify up to 58% more threats, reduce Tier 1 workload, and cut MTTR: any.run/by-industry/fi…

⚠️ Slow detection, delayed response, and limited context keep SOCs reactive. #ANYRUN TI Feeds bring fresh IOCs from real attacks into SIEM/XDR, helping spot threats earlier and move to proactive defense. 👨‍💻 See how TI Feeds work in real SOC workflows: any.run/threat-intelli…

@bomccss Thanks for sharing the analysis!

■ダウンロードファイル データレポート.rar -> .exe, vulkan-1.dll 2URLから同一ファイルがダウンロード virustotal.com/gui/file/bdf73… app.any.run/tasks/dcc1eaa3… tria.ge/260318-hwnzkaa… dll はマルウェア #ValleyRAT ■C2 43.134.7[.]102:1234

日本語のメール本文中リンクからマルウェア感染を狙ったメールが確認されています。 ■日時 2026/03/17,18 ■件名 <役員名> ■リンク hxxps[:]//wwwasdfsafsafas-1393918816.cos.ap-hongkong.myqcloud[.]com/データレポート.rar hxxps[:]//limewire[.]com/d/RiDK5#rOUyOEpx1n

@bbwriteup Thanks for sharing!

"Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026" by ANY.RUN #BugBounty #Cybersecurity #Hacking #InfoSec @anyrun/lazarus-ai-and-trust-abuse-top-enterprise-cybersecurity-risks-2026-db5c5f971b78" target="_blank" rel="nofollow noopener">medium.com/@anyrun/lazaru…

⌛Your #SOC doesn’t lose to attackers. It loses to time. #MTTR is where incidents either fade quietly… or spiral into something bigger. ❗️See how threat intelligence helps analysts move from doubt to decision any.run/cybersecurity-…

❗️ SOCs & MSSPs waste time enriching alerts by hand, slowing response. Connect #ANYRUN Sandbox with your Microsoft Sentinel workspace to detect and contain attacks earlier with actionable threat insights ⚡️ Set it up in minutes: any.run/cybersecurity-…

From #Lazarus infiltration to AI #phishing, trust abuse is reshaping enterprise threats. What should you prepare for in 2026? Key insights for security leaders from our live expert panel recap 👇 any.run/cybersecurity-…

@JAMESWT_WT @1ZRR4H @ShadowOpCode @k3dg3 @VirITeXplorer @struppigel @AndreaDraghetti @guelfoweb @pr0xylife @marsomx_ @c_APT_ure Thanks for sharing, James! 🔎

New #Click-Fix Variant / webdav / workflow Some Related Samples +extra 👇 bazaar.abuse.ch/browse/tag/185… AnyRun Zip app.any.run/tasks/9af568c0… Triage Zip tria.ge/260221-2ety2ae… Msi tria.ge/260201-sfg67ae… cc @1ZRR4H @ShadowOpCode @k3dg3

When alerts lack context, triage slows down and MTTR grows ⏳ #ANYRUN’s integration with MISP lets teams validate alerts with behavior-based evidence, while TI Feeds enrich сases with IOCs from live attacks Hit SLA targets and keep operations efficient 👇 any.run/cybersecurity-…

Phishing activity in the past 7 days 🐟 Track latest #phishing threats in TI Lookup: intelligence.any.run/analysis/looku… #TopPhishingThreats

👿 TrustConnect is a $300/month #RAT-as-a-Service hiding inside fake Zoom, Teams & Adobe installers. Signed with a fraudulent EV cert, streaming your screen via WebSocket, rebuilding under a new brand hours after takedown. 👉 Tech details & business impact: any.run/malware-trends…

@autumn_good_35 Thanks for sharing! 🙌

『Early activity points to distribution through compromised or impersonated accounts, with education and telecommunications among the affected sectors.』 MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection any.run/cybersecurity-…

What an amazing time at RootedCON 2026 🇪🇸 It was great to connect with the cybersecurity community and share how #ANYRUN helps teams make faster decisions. 👉 See the full recap and new capabilities for greater SOC efficiency: any.run/cybersecurity-…

⚡️ Reduce MTTD to 15 seconds per case in your SOC. Sign up now to detect complex malware & phishing threats early: #register" target="_blank" rel="nofollow noopener">app.any.run/?utm_source=tw…

🎯 We added and updated 32 Suricata rules based on real attacker behavior observed in the wild. Explore the examples and strengthen your detection. #ANYRUNSuricataChangelog 03/09–03/15/2026 Here are 10 examples 👇 84001725 | PHISHING [ANY.RUN] Generic Phishing related URL (/mussuto/index.html). Example analysis session: app.any.run/tasks/47579e3a… 84001727 | PHISHING [ANY.RUN] Generic Phishing related URL (/indx/hold.js). Example analysis session: app.any.run/tasks/8f9ae28b… 84001772 | PHISHING [ANY.RUN] Generic Phishing related URL (/m365/index). Example analysis session: app.any.run/tasks/f9bfef57… 84001775 | PHISHING [ANY.RUN] Generic Phishkit activity observed related JS (obf-octal-replace). Example analysis session: app.any.run/tasks/2dc0ff39… 84001776 | PHISHING [ANY.RUN] Generic Phishkit related URL (/GoogleDrive.html). Example analysis session: app.any.run/tasks/f8b814e1… 84001778 | PHISHING [ANY.RUN] Credential theft via Telegram API HTTP POST request (email + pass). Example analysis session: app.any.run/tasks/8510193e… 84001781 | PHISHING [ANY.RUN] Facebook-themed phishing campaign related URL (/api/fb). Example analysis session: app.any.run/tasks/7a6d8e2a… 84001782 | PHISHING [ANY.RUN] Facebook-themed phishing campaign related URL (/two_step_verification/). Example analysis session: app.any.run/tasks/7a6d8e2a… 85006509 | LOADER [ANY.RUN] Win32/Generic User-agent observed (Downloader). Example analysis session: app.any.run/tasks/fe479c96… 85006510 | LOADER [ANY.RUN] Win32/Generic related HTTP GET request (/getinstall64). Example analysis session: app.any.run/tasks/fe479c96… Explore the complete ruleset: linkedin.com/pulse/anyrunsu…

Top 10 last week's threats by uploads 🌐 ⬆️ #Asyncrat 782 (533) ⬆️ #Xworm 431 (350) ⬆️ #Dcrat 427 (268) ⬆️ #Stealc 403 (215) ⬆️ #Vidar 351 (249) ⬆️ #Agenttesla 309 (241) ⬆️ #Gh0st 281 (143) ⬆️ #Remcos 270 (193) ⬆️ #Quasar 187 (158) ⬇️ #Salatstealer 181 (189) Explore malware in action: #register" target="_blank" rel="nofollow noopener">app.any.run/?utm_source=tw… #Top10Malware

Both play a role, but the main issue is probably the lack of proper outbound traffic control at the endpoint level. With some domain-based whitelisting approaches, this kind of technique works particularly well when the attacker uses a legitimate service like Telegram. The traffic appears legitimate and blends in with normal network activity, making it much harder to distinguish from regular usage.

@anyrun_app Using the Telegram Bot API for exfiltration is such an effective way to blend in with legitimate traffic. Do you think the primary failure here is the lack of endpoint-level egress filtering, or are we just seeing the limits of domain-based whitelisting for C2 detection?

🚨 𝗦𝗽𝗼𝘁 𝗜𝘁 𝗘𝗮𝗿𝗹𝘆: 𝗖𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝗧𝗵𝗲𝗳𝘁 𝗕𝗲𝗵𝗶𝗻𝗱 𝗙𝗮𝗸𝗲 𝗣𝗗𝗙𝘀 Attackers disguise #phishing HTM/HTML email attachments as PDF files. In the observed case, pdf.htm displays a fake login page and sends entered credentials in JSON via HTTP POST to the Telegram Bot API, enabling account takeover and access to internal systems. Some samples use obfuscated scripts, making the exfiltration logic harder to spot ❗️ ⚡️ #ANYRUN Sandbox exposed phishing behavior in under 60 seconds, revealing the outbound network activity, loaded scripts, and file contents, helping analysts accelerate triage and reduce unnecessary escalations. 🎣 See the analysis session and collect #IOCs to speed up detection and cut MTTR: app.any.run/tasks/3a6af151… 🔍 Find similar cases and pivot from IOCs using this TI Lookup search query: intelligence.any.run/analysis/looku… 👨‍💻 Learn how #ANYRUN Sandbox helps SOC teams detect complex threats faster: any.run/features/?utm_… #ExploreWithANYRUN

@James_inthe_box Thanks for sharing, James!

A new one on me... #sentinel #stealer app.any.run/tasks/0dba490a…

👨‍💻 Humans are cybersecurity’s weakest and strongest link. Context-rich threat intelligence helps reduce analyst overload and SOC staffing pressure while improving MTTD & MTTR and lowering costs. See how leading SOC teams tackle analyst burnout 👇 any.run/cybersecurity-…