@anyrun_app profile picture
ANY.RUN @anyrun_app
Joined February 2017
  • Tweets 5,174
  • Following 191
  • Followers 33,059
1,730 Photos and videos
Pinned Tweet
ANY.RUN
@anyrun_app
Jun 4
🔥 Q1 2026 Cyber Risk report by #ANYRUN is out! Explore the cyber risks and threat shifts for CISOs, including: ❗️ 14.7% credential theft ❗️ 98.3% loader attacks ❗️ 58.4% LOLBAS attacks Turn Q1 intel into Q2 security priorities. Get the report: any.run/cybersecurity-blog/c…
1
5
10
1,711
❗️ The small things cause the big damage. Modern #phishing abuses what SOCs are trained to trust, leaving no red flags in isolation. Real-time behavioral visibility is the way to see the full chain. 🎯 Equip your SOC with stronger phishing detection: any.run/phishing/?utm_source…
2
3
669
🌍 What a conference season! Across @Infosecurity Europe, @CONFidenceConf, and @C1b3rWall, one challenge stood out: helping SOCs keep pace with evolving threats without overloading their teams 👨‍💻 See how #ANYRUN helps respond with speed & confidence 👇 any.run/cybersecurity-blog/e…

ANY.RUN at Europe’s Cybersecurity Conferences 2026

Explore ANY.RUN’s highlights from Infosecurity Europe, CONFidence, and C1b3rWall 2026, including the SOC priorities shaping security operations today.

any.run
4
700
⚠️ In Q1 2026, #phishing kits captured sessions using proxy authentication flows in real time. It's hard to detect, because SOCs see no traditional indicator of compromise. 🎯 Learn how to improve phishing defense in Q1 Cyber Risk Report: files.any.run/images/q1_2026…
4
4
1,275
🚨 𝗢𝗔𝘂𝘁𝗵 𝗧𝗼𝗸𝗲𝗻 𝗔𝗯𝘂𝘀𝗲 𝗜𝘀 𝗚𝗿𝗼𝘄𝗶𝗻𝗴: 𝗚𝗿𝗲𝗮𝘁𝗻𝗲𝘀𝘀 𝗥𝗲𝘁𝘂𝗿𝗻𝘀 𝘄𝗶𝘁𝗵 𝗗𝗲𝘃𝗶𝗰𝗲 𝗖𝗼𝗱𝗲 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 We've identified renewed activity associated with the Greatness #PhaaS, which combines #AiTM and Device Code #Phishing to target Microsoft 365 Accounts. ⚠️ Device Code Phishing abuses Microsoft's legitimate device authorization flow to obtain access tokens without directly collecting passwords or MFA codes. This shifts risk from credential theft to token abuse, reducing traditional phishing indicators for SOC teams to detect and investigate. ❗️ Greatness promotes token- and cookie-based access to Microsoft 365 accounts through its Telegram channel, advertising passwordless and code-less account compromise scenarios. Observed capabilities include: 🔹 Device Code Phishing for M365 token theft 🔹 Phishing templates impersonating DocuSign, OneDrive, Outlook, and Voicemail 🔹 Country-targeted login lures 🔹 Cloudflare-hosted phishing links 🔹 Keyword-based targeting engine 🔹 Centralized administration panel 👨‍💻 Review the analysis session, investigate the phishing flow, and validate detection coverage: app.any.run/tasks/dd97835c-8… 🔍 Track Device Code Phishing activity associated with Greatness and uncover related infrastructure in #ANYRUN TI Lookup: intelligence.any.run/analysi… 🚀 Strengthen phishing detection and accelerate response across your SOC with #ANYRUN: any.run/phishing/?utm_source… #ExploreWithANYRUN
3
8
33
2,055
IOCs Phishing lure: allcompredirectportalshare[.]workers[.]dev supportteammanagements[.]workers[.]dev lindeinvoicexv29dmeocynufgq7[.]s3[.]amazonaws[.]com URI: /apifiles[.]php?action=get_device_code&user_id= /apifiles[.]php?action=poll_token
1
5
578
🎯 Threat hunting breaks when teams prioritize hypotheses based on assumptions instead of actual threats targeting their business. For example, if you're protecting a U.S. financial organization, start with: 𝘀𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻𝗖𝗼𝘂𝗻𝘁𝗿𝘆:"𝗨𝗦" 𝗔𝗡𝗗 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆:"𝗳𝗶𝗻𝗮𝗻𝗰𝗲" 🔍 Run the search in #ANYRUN TI Lookup: intelligence.any.run/analysi… You'll see malware families, phishing campaigns, and attack techniques observed targeting organizations in your sector, helping prioritize hunts based on real attacker activity rather than broad industry reports. 👨‍💻 Learn how SOCs & MSSPs build hunts around observed threats to reduce wasted effort and focus on real business risk: any.run/cybersecurity-blog/t…
1
11
678
⚡️ SOAR can move an alert through a workflow but can't determine what a URL does. #ANYRUN Sandbox adds behavioral analysis, helping validate threats earlier and reduce manual checks that slow triage & response. How this works across SOC workflows 👇 any.run/cybersecurity-blog/i…

Integrating a Sandbox into SOAR Workflows: Steps & Benefits

Learn how integrating a sandbox into SOAR workflows improves triage speed and detection accuracy, reducing operational load for modern SOCs.

any.run
1
6
793
❓ How does a lean SOC team protect 50,000 users? 🎓 @UMassBoston backs its security decisions with #ANYRUN Sandbox, triaging threats in seconds and stopping costly incidents before impact. Read the customer story and see how you can achieve the same👇 any.run/cybersecurity-blog/u…

How UMass Boston Protects 50,000 Users with ANY.RUN

See how UMass Boston uses ANY.RUN’s sandbox to speed up phishing triage, prevent incidents, support compliance, and protect over 50,000 users.

any.run
1
6
745
⚠️ In Q1 2026, phishing kits captured sessions using proxy authentication flows in real time. It's hard to detect, because SOCs see no traditional indicator of compromise. 🎯 Learn how to improve phishing defense in Q1 Cyber Risk Report: files.any.run/images/q1_2026…
2
8
938
Phishing activity in the past 7 days 🐟 Track latest #phishing threats in TI Lookup: intelligence.any.run/analysi… #TopPhishingThreats
5
7
986
⚠️ #JOMANGY malware hijacks your FreePBX system and runs fraudulent calls on SIP trunks — billed to you. ❗️ 6 self-healing persistence layers. 700 businesses still infected 5 months later. Is your PBX off the internet? See the impact of this threat: any.run/malware-trends/joman…
1
5
12
1,265
Great time at @C1b3rWall 2026 🇪🇸 It was a pleasure connecting with cybersecurity leaders and discussing modern challenges. Thanks to everyone who stopped by & saw #ANYRUN in action 🙌 📈 Explore how #ANYRUN supports enterprise threat investigations: any.run/enterprise/?utm_sour…
2
3
761
🎯 We added and updated 39 Suricata rules based on real attacker behavior observed in the wild. Explore the examples and strengthen your detection. #ANYRUNSuricataChangelog 06/01 – 06/07/2026 Here are 10 examples 👇 89003542 | MALWARE [ANY.RUN] Win32/Generic CnC activity (/index.php?api=api&hash=). Example analysis session: app.any.run/tasks/4bb5a485-1… 89003543 | MALWARE [ANY.RUN] Win32/Generic related URL (/data.php). Example analysis session: app.any.run/tasks/146d9c37-8… 89003545 | LOADER [ANY.RUN] Win32/SmartLoader activity observed in HTTP POST request. Example analysis session: app.any.run/tasks/cc50e85b-3… 89003546 | LOADER [ANY.RUN] Win32/Wapomi related URL (/mzt/hw/auth.txt). Example analysis session: app.any.run/tasks/acfc2455-7… 89003547 | LOADER [ANY.RUN] Win32/Wapomi related URL (/mzt/auth/runmz.php). Example analysis session: app.any.run/tasks/acfc2455-7… 89003548 | LOADER [ANY.RUN] Linux/Mirai download URL observed (/bins/). Example analysis session: app.any.run/tasks/1f7caa89-3… 89003549 | BOTNET [ANY.RUN] Linux/Mirai activity observed. Example analysis session: app.any.run/tasks/a7c230f9-9… 89003550 | LOADER [ANY.RUN] Win32/Lofty URL observed (/stb/). Example analysis session: app.any.run/tasks/e081aad6-f… 89003551 | LOADER [ANY.RUN] Win32/Lofty URL observed (/api/mnr/). Example analysis session: app.any.run/tasks/a8bc052f-7… 89003552 | STEALER [ANY.RUN] Win32/AgentTesla URL observed (stego_payload.png). Example analysis session: app.any.run/tasks/d7e63619-7… Explore the complete ruleset: linkedin.com/pulse/anyrun-su…
1
4
10
1,836
⚡️ Reduce MTTD to 15 seconds per case in your SOC. Sign up now to detect comples malware & phishing threats early: app.any.run/?utm_source=twit…
1
1,356
⚠️ Remote access malware remained resilient despite broader declines. #AsyncRAT continued to grow and #Remcos rebounded, while most other major families trended downward. 📌 Trend to watch: when fewer families account for a larger share of activity, defenders can miss the signal by focusing on overall volume alone. Concentrated campaigns often create repeated exposure to the same attack paths, increasing the likelihood of successful compromise. Expand threat visibility in your SOC: any.run/enterprise/?utm_sour… #Top10Malware
1
5
7
1,813
🏆 #ANYRUN is recognized in two G2 Summer 2026 Report categories. These wins reflect our priority: faster, easier security operations ⚡️ 🫶 Thanks to our customers, partners, and community for making this possible! See the details 👇 any.run/cybersecurity-blog/g…

ANY.RUN Named a Malware Analysis Leader in G2 Rankings

Learn why ANY.RUN earned recognition in G2 rankings based on customer reviews and market performance.

any.run
1
5
960
🚀 @Infosecurity Europe 2026 reminded us why we love this community! Sharp conversations with security leaders revealed a shift in the narrative — from alerts and tools to business outcomes and unified workflows. ⚡️ See how #ANYRUN already acts on it: any.run/enterprise/?utm_sour…
3
6
774
⚠️ Fake event invitation #phishing bypasses standard automated scanners by hiding credential theft and unauthorized RMM delivery behind a routine CAPTCHA check, creating delayed detection risks for CISOs. In a large-scale campaign targeting U.S. organizations, attackers deploy a repeatable framework with fixed resource paths to compromise mailboxes, intercept OTP codes, and deploy RMM tools for persistent access. See the full attack flow and process tree in an analysis session: app.any.run/tasks/4c2687da-1… 🎯 Read our technical breakdown to explore how SOC teams can use these huntable infrastructure signals to validate threats faster and get the complete IOC list: any.run/cybersecurity-blog/u…
10
28
2,543
⚡ What’s slowing your SOC team down? #ANYRUN Sandbox automates recurring tasks helping teams reach up to 94% faster investigations and 3x performance overall. 📈 See how SOC teams save time and resources with #ANYRUN: any.run/enterprise/?utm_sour…
2
10
720
Load more