π Phishing activity in the past 7 days.
Track latest phishing threats in TI Lookup, now available for free.
Track latest phishing threats in TI Lookup, now available for free.
β€7πΎ3π1
π¨βπ» TI Lookup gives your SOC/DFIR instant access to live threat data and real-world attack context, helping optimize detection and response.
95% of teams already speed up investigations.
π Start for free.
95% of teams already speed up investigations.
π Start for free.
β€7π3πΎ2
π #ANYRUN's TI Feeds now integrate with IBM QRadar SIEM.
Cut MTTR/D, boost KPIs & optimize SOC ROI.
π Achieve stronger security and business results now.
Cut MTTR/D, boost KPIs & optimize SOC ROI.
π Achieve stronger security and business results now.
β€5π5π2πΎ1
Evasive malware tactics bypass traditional defenses π¨
Join our technical webinar where our experts will walk through real-world cases and share practical detection tips.
π September 17 | Live session + Q&A
π Register and bring your team
Join our technical webinar where our experts will walk through real-world cases and share practical detection tips.
π September 17 | Live session + Q&A
π Register and bring your team
β€6π₯3π1
π¨ Fileinfectors Evolved: Spreading Ransomware Across Enterprise Networks
β οΈ Fileinfector malware inserts its code into files. These threats once spread mainly through external drives and local systems. Todayβs file infectors are mostly hybrid variants, frequently combined with ransomware.
These variants encrypt data and inject malicious code into files, enabling further spread when infected files are executed.
βοΈ They are especially dangerous in corporate environments with shared folders, where a single infected file can rapidly spread across the network and cause widespread damage.
Such outbreaks overwhelm security teams, complicate incident response, and disrupt business continuity.
π¨βπ» An optimized SOC that relies on early detection, behavioral analysis, and proactive hunting is critical to limiting impact. Letβs see malware execution on a live system.
π See analysis.
In this case, the malware is interacting with multiple files and modifying their content. The infected files became executables, with PE headers confirming injected malicious code.
The analysis revealed hybrid behavior: a fileinfector acting like ransomware, enabling further spread on execution.
π Use this TI Lookup search query to explore fileinfector activity and enrich IOCs with actionable threat context.
πΎ Gather malware hashes and infected files to power proactive hunting.
Hybrid fileinfectors pose a significant threat to enterprise networks. Leveraging #ANYRUN Sandbox and TI Lookup reduces MTTR by up to 21 minutes per case and gives access to 24x more IOCs from millions of past analyses.
Strengthen resilience and protect critical assets through proactive security with #ANYRUN π #ExploreWithANYRUN
β οΈ Fileinfector malware inserts its code into files. These threats once spread mainly through external drives and local systems. Todayβs file infectors are mostly hybrid variants, frequently combined with ransomware.
These variants encrypt data and inject malicious code into files, enabling further spread when infected files are executed.
βοΈ They are especially dangerous in corporate environments with shared folders, where a single infected file can rapidly spread across the network and cause widespread damage.
Such outbreaks overwhelm security teams, complicate incident response, and disrupt business continuity.
π¨βπ» An optimized SOC that relies on early detection, behavioral analysis, and proactive hunting is critical to limiting impact. Letβs see malware execution on a live system.
π See analysis.
In this case, the malware is interacting with multiple files and modifying their content. The infected files became executables, with PE headers confirming injected malicious code.
The analysis revealed hybrid behavior: a fileinfector acting like ransomware, enabling further spread on execution.
π Use this TI Lookup search query to explore fileinfector activity and enrich IOCs with actionable threat context.
πΎ Gather malware hashes and infected files to power proactive hunting.
Hybrid fileinfectors pose a significant threat to enterprise networks. Leveraging #ANYRUN Sandbox and TI Lookup reduces MTTR by up to 21 minutes per case and gives access to 24x more IOCs from millions of past analyses.
Strengthen resilience and protect critical assets through proactive security with #ANYRUN π #ExploreWithANYRUN
πΎ5β€4π₯1
πΎ 73% of attacks start with phishing, yet SOC teams often miss early signs. IOC enrichment helps detect them earlier and refine detection rules.
π See how context-rich data strengthens proactive defense.
π See how context-rich data strengthens proactive defense.
π₯6β€2πΎ2
Which artifact is hardest to investigate without context?
Anonymous Poll
19%
Domains & URLs
46%
File hashes
19%
IP addresses
38%
TTPs
β€6π¨βπ»2πΎ2
Top 10 last week's threats by uploads π
β¬οΈ #Lumma 969 (726)
β¬οΈ #Quasar 399 (381)
β¬οΈ #Amadey 382 (192)
β¬οΈ #Redline 376 (179)
β¬οΈ #Vidar 365 (275)
β¬οΈ #Agenttesla 291 (336)
β¬οΈ #Remcos 274 (262)
β¬οΈ #Xworm 261 (515)
β¬οΈ #Dcrat 245 (209)
β¬οΈ #Stealc 233 (224)
π Track them all.
#Top10Malware
β¬οΈ #Lumma 969 (726)
β¬οΈ #Quasar 399 (381)
β¬οΈ #Amadey 382 (192)
β¬οΈ #Redline 376 (179)
β¬οΈ #Vidar 365 (275)
β¬οΈ #Agenttesla 291 (336)
β¬οΈ #Remcos 274 (262)
β¬οΈ #Xworm 261 (515)
β¬οΈ #Dcrat 245 (209)
β¬οΈ #Stealc 233 (224)
π Track them all.
#Top10Malware
π₯5β€3πΎ2
π¨ How prepared is your SOC for evasive malware?
Get practical tips in our live technical #webinar on September 17.
Our experts will break down real cases β from #phishing kits and #ClickFix to Living-Off-the-Land attacks β and share detection methods teams can apply right away.
π Save your spot.
Get practical tips in our live technical #webinar on September 17.
Our experts will break down real cases β from #phishing kits and #ClickFix to Living-Off-the-Land attacks β and share detection methods teams can apply right away.
π Save your spot.
β€6π₯3π1
π¨ BTMOB RAT is rewriting mobile cybersecurity rules in 2025!
This $5K Android malware weaponizes accessibility features for live screen control, banking overlay attacks, and crypto theft.
π Learn its spread, impact & defense.
This $5K Android malware weaponizes accessibility features for live screen control, banking overlay attacks, and crypto theft.
π Learn its spread, impact & defense.
β€8πΎ3π1
π Phishing activity in the past 7 days.
Track latest phishing threats in TI Lookup, now available for free.
Track latest phishing threats in TI Lookup, now available for free.
β€5πΎ2π±1
π #ANYRUN now integrates with Cortex XSOAR from Palo Alto Networks.
Solve alert fatigue, missed incidents, and slow response with automated sandbox analysis and fresh threat intelligence.
π Simplify workflows, boost defense.
Solve alert fatigue, missed incidents, and slow response with automated sandbox analysis and fresh threat intelligence.
π Simplify workflows, boost defense.
π5β€2π1πΎ1
π¨ Malicious SVG Leads to Microsoft-Themed PhishKit.
We observed a phishing campaign that began with testing activity on September 10 and scaled into full spam activity by September 15.
β οΈ A legitimate domain was abused to host a malicious SVG disguised as a PDF. Attackers hide redirects and scripts inside images to bypass controls and social-engineer users into phishing flows.
π― This case shows a structured infrastructure similar to a PhaaS framework, showing how attackers rely on robust, scalable models for mass credential harvesting, now a standard across the phishing ecosystem.
For enterprises, the risks are blind spots in monitoring, delayed detection and response, and an increased risk of credential theft or data breach.
π¨βπ» When opened in a browser, the SVG displays a fake βprotected documentβ message and redirects the user through several phish domains. The chain includes Microsoft-themed lures such as:
πΉ loginmicrosft365[.]powerappsportals[.]com
πΉ loginmicr0sft0nlineofy[.]52632651246148569845521065[.]cc
βοΈ The final phishing page mimics a Microsoft login and uses a Cloudflare Turnstile widget to appear legitimate.
Unlike standard image formats, SVG is an XML-based document that can embed malicious JavaScript or hidden links. Here, the redirect was triggered by a script acting as an XOR decoder, which rebuilt and executed the redirect code via eval.
π― For SOC analysts, being able to trace every redirect step and uncover hidden payloads is critical to investigating phishing campaigns. See execution on a live system and collect IOCs.
For CISOs, the critical takeaway is that attackers exploit trusted platforms and brand impersonation to bypass defenses, directly threatening business resilience and user trust.
π Use these TI Lookup search queries to expand visibility and enrich #IOCs with actionable threat context.
Suspicious SVG downloads:
πΉ commandLine:"Downloads\\*.svg"
Microsoft-themed phishing domains:
πΉ domainName:"microsoft.*.*"
πΉ domainName:"^loginmicr?sft*.cc$"
IOCs:
Revised _payment_and_Benefitschart.pdf______-.svg
A7184bef39523bef32683ef7af440a5b2235e83e7fb83c6b7ee5f08286731892
Strengthen resilience and protect critical assets through proactive security with #ANYRUN π #ExploreWithANYRUN
We observed a phishing campaign that began with testing activity on September 10 and scaled into full spam activity by September 15.
β οΈ A legitimate domain was abused to host a malicious SVG disguised as a PDF. Attackers hide redirects and scripts inside images to bypass controls and social-engineer users into phishing flows.
π― This case shows a structured infrastructure similar to a PhaaS framework, showing how attackers rely on robust, scalable models for mass credential harvesting, now a standard across the phishing ecosystem.
For enterprises, the risks are blind spots in monitoring, delayed detection and response, and an increased risk of credential theft or data breach.
π¨βπ» When opened in a browser, the SVG displays a fake βprotected documentβ message and redirects the user through several phish domains. The chain includes Microsoft-themed lures such as:
πΉ loginmicrosft365[.]powerappsportals[.]com
πΉ loginmicr0sft0nlineofy[.]52632651246148569845521065[.]cc
βοΈ The final phishing page mimics a Microsoft login and uses a Cloudflare Turnstile widget to appear legitimate.
Unlike standard image formats, SVG is an XML-based document that can embed malicious JavaScript or hidden links. Here, the redirect was triggered by a script acting as an XOR decoder, which rebuilt and executed the redirect code via eval.
π― For SOC analysts, being able to trace every redirect step and uncover hidden payloads is critical to investigating phishing campaigns. See execution on a live system and collect IOCs.
For CISOs, the critical takeaway is that attackers exploit trusted platforms and brand impersonation to bypass defenses, directly threatening business resilience and user trust.
π Use these TI Lookup search queries to expand visibility and enrich #IOCs with actionable threat context.
Suspicious SVG downloads:
πΉ commandLine:"Downloads\\*.svg"
Microsoft-themed phishing domains:
πΉ domainName:"microsoft.*.*"
πΉ domainName:"^loginmicr?sft*.cc$"
IOCs:
Revised _payment_and_Benefitschart.pdf______-.svg
A7184bef39523bef32683ef7af440a5b2235e83e7fb83c6b7ee5f08286731892
Strengthen resilience and protect critical assets through proactive security with #ANYRUN π #ExploreWithANYRUN
β€7π₯3πΎ2
β Cutting response times is not rocket science.
It requires clear steps that every SOC can take to achieve faster MTTR.
π See how your team can become more efficient.
It requires clear steps that every SOC can take to achieve faster MTTR.
π See how your team can become more efficient.
β€9π2π―2
π Can your team spot evasive attacks in real time?
See phishing kits, ClickFix & LotL cases broken down by #ANYRUN experts.
π¨ Only 3 hours left!
Learn how to expand visibility, reduce workload, and improve detection & response.
π Save your spot.
See phishing kits, ClickFix & LotL cases broken down by #ANYRUN experts.
π¨ Only 3 hours left!
Learn how to expand visibility, reduce workload, and improve detection & response.
π Save your spot.
β€6π₯5πΎ1
βIs your SOC still reacting to threats instead of anticipating them?
With #ANYRUNβs TI Lookup and TI Feeds, your team gains fast, reliable intelligence to act proactively, cut response time, and reduce blind spots.
π Read our guide for CISOs.
With #ANYRUNβs TI Lookup and TI Feeds, your team gains fast, reliable intelligence to act proactively, cut response time, and reduce blind spots.
π Read our guide for CISOs.
β€4π₯4π1
Are blind spots slowing you down?
TI Lookup gives your team rich threat intel to cut MTTR and enrich proactive defense β‘οΈ
Expand visibility with 24x more IOCs powered by data from 15K+ SOCs worldwide. Sign up for ANY.RUN.
TI Lookup gives your team rich threat intel to cut MTTR and enrich proactive defense β‘οΈ
Expand visibility with 24x more IOCs powered by data from 15K+ SOCs worldwide. Sign up for ANY.RUN.
β€6π3π1