OSINT Platform to SOC & MDR Teams for Malware Analysis

/in


ANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis. 

Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks. 

The data from interactive analysis sessions within the ANY.RUN sandbox can further enrich the observations that centralize threat analysis information from various sources for efficient investigation.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

OpenCTI observations with data from ANY.RUN sandbox

OpenCTI, a Threat Intelligence Platform (TIP), ingests threat data from various sources (feeds, sandboxes) using connectors and stores this data as “observations” (indicators like IPs and hashes).

Specifically, OpenCTI offers connectors for:

  • MITRE ATT&CK: facilitates mapping collected data to known attack techniques.
  • ANY.RUN Threat Feeds: imports enriched threat indicators daily.
  • ANY.RUN Sandbox: allows adding details from sandbox analysis (malware family, maliciousness scores) to observations.
OpenCTI interface

ANY.RUN is a cloud-based malware sandbox service that analyzes suspicious files in a safe virtual environment, offers real-time detection using pre-defined rules and allows interactive analysis for in-depth investigation. 

During this analysis, Its enrichment connector for OpenCTI streamlines threat analysis by automatically investigating suspicious files and when enriching an observation (potential threat evidence) in OpenCTI, it can leverage the connector to submit the file to ANY.RUN’s cloud sandbox. 

It creates a safe virtual environment to analyze the file’s behavior and then…

Source…