The ANY.RUN sandbox has now been updated with support for Linux, further enhancing its ability to provide an isolated and secure environment for malware analysis and threat hunting.
This newly added feature will enable security analysts to investigate and simulate malicious activities in Linux-based systems, allowing for more comprehensive and effective threat detection and response.
ANY.RUN allows malware analysts, SOC members, and DFIR team members to safely examine Linux-based samples and Windows malware in an interactive cloud environment.
A cloud malware sandbox called ANY.RUN performs the difficult malware analysis work for SOC and DFIR teams.
Linux malware analysis is necessary because Linux is a popular target for hackers, and Linux malware is sophisticated.
Many organizations utilize Linux for their IT infrastructure, meaning there are many files to analyze on Linux systems.
Researchers at IBM have noticed an increase in Linux malware. In 2020, the number of malware families related to Linux increased by 40%.
Compromising Linux-based cloud computing platforms could allow attackers access to massive resources, making the OS an appealing target.
Malware Sandboxing Leader ANY.RUN is a cloud malware sandbox that handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to investigate incidents and streamline threat analysis. Â
Creating A LINUX New Task
You can select Linux from the Operating System drop-down menu when creating a new task.
If you choose it, Ubuntu will run your sample. Ubuntu 22.04.2 will be supported upon launch—all ANY.RUN users, including those on the community plan, can access Linux.
The Ubuntu logo is used to identify Linux samples for easy navigation, making it simple to distinguish between Windows and Linux-based tasks in the team’s homepage menu and sidebar quick menu.
Try ANY.RUN Yourself with a 14-day Free Trial
More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..
Enhancing Linux Malware Analysis with ANY.RUN’s
The interactive analysis power of ANY.RUN is now available on Linux for the first time. With Windows samples, ANY.RUN enables analysts of all levels to enhance threat analysis while using fewer resources and delivering quicker training for entry-level analysts and reverse engineers.
The foundation of ANY.RUN is an interactive analysis that enables analysts to identify undetected threats more quickly by changing the analysis’s vector, even in the case of zero-day vulnerabilities. It’s accessible for Linux for the first time.
Additionally, it provides real-time alerts to the analyst about suspicious activities, ensuring that no crucial information is ignored.
Users receive concise reports upon task completion, ensuring analysts can access all relevant data and IOCs for additional investigation or incident response. Â
One simple approach to identifying the kind of family or threat you face is quickly aligning suspicious behaviors that the sandbox recorded in a Linux task with TTPs using ANY.RUN’s MITRE Matrix report.
You can learn about 8 ANY.RUN Features you need to know about.Â
Benefits of ANY.RUN for Analyzing Linux Malware
Operating systems like Linux are, by nature, more secure than Windows. This indicates that the many malware families that can exploit Linux vulnerabilities are complex and challenging to identify.Â
ANY.RUN provides the easiest way to analyze Linux malware, providing information from the analysis in real-time. Analysts immediately understand the results, allowing them to proceed efficiently without context switching.Â
Not every security expert has the reverse engineering skill set to swiftly identify the behavior of complex Linux malware and extract the required IOCs.
To overcome this, ANY.RUN offers real-time information obtained through the analysis. Analysts can move forward effectively and without switching contexts because they immediately grasp the results.
ANY.RUN is a cost-effective solution that lowers business expenses by doing away with custom infrastructure requirements.
Because the Linux virtual machines (VMs) are preconfigured to gather IOCs, customers can avoid weeks of infrastructure setup time related to DevOps.
In addition to being a stand-alone research platform, ANY.RUN can also be utilized in conjunction with SIEM/SOAR.
You can learn more about how to use ANY.RUNÂ here.
Accurate analysis of malware for Linux is necessary for strong security. Because Linux is so widely used, particularly in cloud hosting, attackers find it a desirable target. Breaching Linux-based systems might provide access to a wealth of resources. As a result, Linux users need to be aware of the growing threats to their devices.
Try all features of ANY.RUN at zero cost for 14 days with a free trial.