Any.Run - Interactive Malware Hunting Tool [Automated Cloud Platform]

Hi all, more than a year I am using this cloud based malware Hunting/testing platform to test latest malware's and the thread which is reported by my clients.

The name of the cloud service is Any.Run were we can test the malware and analysis the behavior with automated environment.

What you will get ?

NEXT-Gen Sandbox with full interactive access
Real-time data-flow
Threat intelligence
Easy to share

What you can do ?

Real-time interaction
Network tracking
Process monitoring
MITRE ATT&CK™ mapping
Behavior graph

Anyone can access the this tool by free subscription program with some predefined limitations.

How to Use ?

1.Once you did login, will see the dashboard like below. Click the " New task " button.

2.Now the below window will appear in your screen. There which contain multiple option to customize our testing environment .

Upload the malicious file or type the URL which you want to test.
If the malware uses darknet, there an option to route traffic via TOR
Can run command to execute/activate the malware from particular Dir.

Then click "Run" button which is located in right side bottom.

3. Any.Run will prepare the customized test environment by Automated process.

Once the process done will display the screen like below. There you can access the Windows Operating system over the browser. (like VM web-Console)

4. Now its your hunting time. You can manually run the virus/Document/execute the command to analyse the behavior of the test object.

Below for testing I created a website with "cryptojacking" malware (Crypto-currency miner) and open in the Any.Run environment to analyze the behavior.

Real-Time Analysis

While running the test right side able to see the PC's CPU utilization of malware and process monitoring on the right side of the browser window.

As per the behavior of the Cryptojacking attack, CPU reaches critical level.
Chrome.exe utilizing the 100% CPU

From this Widget after test we can collect the Sample file, IOC, Test Report, ATT&CK matrix and share the report in Social Media.

From the bottom of the browser able to monitor the network traffic parameters,

>HTTP Request

> TCP Connection request (TCP ports,Source, Destination IP address and etc. )

> DNS query

> Name of the Malware/Thread (Any.Run analyse the traffic with IPS engine)

And there is an option to download the PCAP file of the test at right top of the widget.

Comments

My Life as Information security engineer Chapter 1: Tools

Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget using to download files directly instead of opening and surfing the brow

AquaSec Container Security Solution ( DevSecOps ) - A quickView

What is AquaSec? The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed. Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail Sign In | Aqua (aquasec.com) How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

What is IP Obfuscation? Which is a method to hide or convert a doted format IP address (e.g. 192.168.192.2) into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion piratesshield.com 👉 [172.67.129.3] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) = 2890105091 Now you can use https://2890105091 to access piratesshield.com This is one of the ways to do IP Obfuscation. The tool ‘ Cuteit ‘ is A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git : git clone https://github.com/D4Vinci/Cuteit.git Direct link: https://github.com/D4Vinci/Cuteit/archive/master.zip usage: Cu

PIRATESSHIELD

Search This Blog