ANY.RUN


ANY.RUN is a cybersecurity company that provides an interactive malware analysis sandbox and threat intelligence services for real-time analysis and investigations of malware and phishing threats. The platform is designed for use by cybersecurity professionals, researchers, and IT specialists, providing tools for interactive analysis of malicious software and behavior and threat intelligence services.

History

ANY.RUN was created in 2016 by Aleksey Lapshin and a small team of developers. The platform allowed users to manually interact with virtual environments and observe how malware operates in real time.
In 2018, ANY.RUN opened its free community version to the public. Over time, the platform has introduced new features such as malware configuration extraction, improving its ability to detect malware families such as AsyncRAT, Lumma, Stealc, Vidar, and Formbook.
In late 2023, the company expanded its services by launching Threat Intelligence Feeds, which provide streams of malicious indicators collected and pre-processed from public sessions launched in the ANY.RUN sandbox.
In early 2024, ANY.RUN introduced Threat Intelligence Lookup, a tool that offers access to an up-to-date threat database. The same year, ANY.RUN made Windows 10 virtual environments available to all users, including those on the free plan.

Sandbox features

The main feature of ANY.RUN is its interactive malware analysis, which allows users to manually interact with a virtual machine in real time while monitoring malicious activity. This includes interacting with malware that requires user actions, such as clicking prompts or enabling macros. The platform records all actions, providing reports that include network requests, process creation, file modifications, and registry changes.
The platform is cloud-based and accessible from any web browser. The platform also supports collaboration, allowing users to share their findings through public or private links. Reports are generated with process graphs, indicators of compromise, and visual analysis, allowing tracking of malware behavior step by step.

TI Lookup features

Threat Intelligence Lookup allows security analysts to collect data and gain context related to various malware and phishing threats using over 40 parameters, including IP addresses, domains, ASNs, registry keys, and other indicators. It also offers built-in YARA Search, enabling users to find samples of malware that match their custom detection rules.

Usage

ANY.RUN is used by 500,000 cybersecurity operators globally, including large enterprises and independent researchers. The platform is used for malware research, threat intelligence, and incident response, providing insights into malware behavior and attack vectors. The sandbox offers a free version with limited resources, and its paid plans include Hunter and Enterprise, which provide private mode, teamworking, and API access. TI Lookup is a separate product and requires an additional license.

Integrations

ANY.RUN integrates with several cybersecurity tools, including Splunk and OpenCTI. The platform also offers an API for enterprise customers to incorporate ANY.RUN’s analysis capabilities into their existing security workflows.