ANY.RUN

Our threat intelligence earned top industry recognition 🏆 Live attack data from 15K SOCs brings our clients unmatched threat visibility, shorter MTTR, and confident decisions. See what makes #ANYRUN’s solutions award-winning: https://lnkd.in/ev6sxiap

🚀 Power your ThreatQuotient setup with fresh, actionable, 99% unique #IOCs from TI Feeds. Expand threat coverage, shorten MTTR, and solve alert overload. Deploy via STIX/TAXII connector in 5 minutes: https://lnkd.in/euSvp22g

🚨 #LOLBin abuse remains one of the hardest techniques for SOC teams to detect. Attackers hijack trusted Windows tools like PowerShell, mshta.exe, and cmd.exe to execute malicious activities while blending into normal processes. LOLBin abuse is particularly effective due to:  🔹 Legitimate process masquerading 🔹 Antivirus evasion 🔹 Environmental consistency 🔹 Reduced forensic footprint 👨💻 See example of a typical LOLBin attack: https://lnkd.in/eiMfWvUC 📖 Read the full breakdown of new #malware tactics: https://lnkd.in/eGARZQKT #CybersecurityAwarenessMonth

👾 #Salty2FA is a #PhaaS hijacking user sessions and stealing Microsoft 365 credentials. It bypasses six MFA types, turning 2FA into an attack vector. ⚠️ Attackers leverage Cloudflare Turnstile, obfuscation, and real-time credential validation to evade detection. Discover how to detect & stop it before it’s too late: https://lnkd.in/ebrwhBUP 👨💻 Use #ANYRUN’s Threat Intelligence Lookup to enrich IOCs with live attack data from threat analyses across 15K SOCs: https://lnkd.in/eR7yPAEu #CybersecurityAwarenessMonth

⚠️ False positives cost $1.3M a year. Slow response? $4.45M per breach. Actionable threat intelligence cuts alert fatigue, reduces downtime, and prevents costly breaches 🎯   See how your SOC can save resources and 3x team performance 👇

🚨 #Phishing Behind Trusted Microsoft & ClickUp Domains. In this campaign, attackers redirect users through a sequence of legitimate platforms: forms[.]office[.]com ➡️ doc[.]clickup[.]com ➡️ windows[.]net and other Microsoft endpoints. ⚠️ Each step imitates access to a “document” or “form,” building user trust and bypassing automated defenses. The final phishing page, hosted on Azure Blob Storage, perfectly mimics Microsoft’s login page design, prompting users to enter their credentials. Every domain in the chain belongs to Microsoft or other widely used SaaS providers, creating monitoring blind spots and reducing the likelihood of user suspicion. Azure Blob Storage is increasingly abused to host fake login portals and credential-harvesting forms under legitimate-looking subdomains. 🎯 For CISOs, the abuse of legitimate cloud infrastructure creates serious challenges, as trusted-domain whitelists can be exploited for credential theft, compromised Microsoft accounts may expose cloud data and SSO-linked systems. Unlike typical phishing flows, this campaign links multiple trusted platforms, ending with cloud-hosted windows[.]net to appear fully legitimate. 👨💻 See the full execution chain on a live system: https://lnkd.in/eudng6te 🔍 Use these TI Lookup queries to uncover behavior and infrastructure that can be turned into detection rules, not just #IOCs: 🔹 windows[.]net: https://lnkd.in/edgcZR9E 🔹 forms[.]office[.]com: https://lnkd.in/eKmFYk8h 🔹 clickup[.]com: https://lnkd.in/ex7dsXsm #IOCs: https[:]//forms[.]office[.]com/e/YtRCbHDk14 microlambda[.]blob[.]core[.]windows[.]net Strengthen resilience and protect business continuity with #ANYRUN 🚀 #ExploreWithANYRUN #CybersecurityAwarenessMonth

👨💻 How top analysts separate danger from noise? They always have a source of threat context to verify risks. See how you can enrich alerts with actionable insights for fast response. Explore the guide: https://lnkd.in/ecB27hug #CybersecurityAwarenessMonth

🚨 We uncovered #Tykit, a new #phishing kit targeting hundreds of US & EU companies in finance, construction, and telecom. It uses SVG-based delivery to harvest Microsoft 365 credentials ⚠️ See full analysis, how to detect it, and gather #IOCs: https://lnkd.in/ew2SYdWw

90% of threats are visible in 60 seconds ⚡️ #ANYRUN’s Enterprise plan is built for organizations where missing a threat isn’t an option. 📈 Equip your SOC with early detection and rapid response for stronger defense and improved performance. Explore all the benefits: https://lnkd.in/eARr3qkM

Phishing activity in the past 7 days 🐟 Track latest #phishing threats in TI Lookup: https://lnkd.in/eaeRh9Cz #TopPhishingThreats