ANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis.
Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks.
The data from interactive analysis sessions within the ANY.RUN sandbox can further enrich the observations that centralize threat analysis information from various sources for efficient investigation.
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
If you want to test all these features now with completely free access to the sandbox:
OpenCTI, a Threat Intelligence Platform (TIP), ingests threat data from various sources (feeds, sandboxes) using connectors and stores this data as “observations” (indicators like IPs and hashes).
Specifically, OpenCTI offers connectors for:
ANY.RUN is a cloud-based malware sandbox service that analyzes suspicious files in a safe virtual environment, offers real-time detection using pre-defined rules and allows interactive analysis for in-depth investigation.
During this analysis, Its enrichment connector for OpenCTI streamlines threat analysis by automatically investigating suspicious files and when enriching an observation (potential threat evidence) in OpenCTI, it can leverage the connector to submit the file to ANY.RUN’s cloud sandbox.
It creates a safe virtual environment to analyze the file’s behavior and then extracts Indicators of Compromise (IOCs) like URLs, domains, and network activity from the analysis.
Details, including extracted IOCs and behavioral observations, are then fed back and attached to the corresponding observation within OpenCTI. This effectively transforms the observation into a full-fledged OpenCTI indicator, providing valuable context for further investigation.
Then, with the enriched information readily available, can seamlessly integrate it with the SIEM or SOAR systems, triggering automated incident response procedures and enabling security teams to address potential threats swiftly.
OpenCTI users can utilize the ANY.RUN enrichment connector to analyze suspicious observables (indicators) like URLs. By selecting an observable and clicking the enrichment button, they can choose the ANY.RUN connector.
This triggers an automated analysis in the background. Once completed, the observable details are enriched with findings that include creating relationships between the perceptible and identified Tactics, Techniques, and Procedures (TTPs) used by the potential malware.
An external reference links to the specific ANY.RUN sandbox analysis report for further manual investigation.
ANY.RUN is a cloud-based malware lab that does most of the work for security teams. 400,000 professionals use ANY.RUN platform every day to look into events and speed up threat research on Linux and Windows cloud VMs.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free
Best DNS Management Tools play a crucial role in efficiently managing domain names and their…
Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…
SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…
In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…
The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…