ANY.RUN4h ago

๐Ÿš‘ Limited threat visibility slowed triage and response at Health Shared Services, a Canada-based healthcare organization supporting 130K+ endpoints.

See how #ANYRUN changed their SOC workflow (spoiler alert: it reduced MTTR/MTTD and alert fatigue) ๐Ÿ‘‡
https://any.run/cybersecurity-blog/healthcare-success-story/?utm_source=mastodon&utm_medium=post&utm_campaign=healthcare_success_story&utm_term=240326&utm_content=linktoblog

#cybersecurity #infosec

Health Shared Services Case: Stronger SOC with ANY.RUN

Insights into how Health Shared Services improved SOC investigations, reduced alert fatigue, and accelerated threat analysis with ANY.RUN.

ANY.RUN's Cybersecurity Blog
ANY.RUN7h ago

๐Ÿ“ˆ MSSP growth brings higher alert volume and stricter SLAs.

Unifying detection, enrichment, and reporting with #ANYRUN helps teams support more clients while keeping service quality consistent.

โšก๏ธ See how #ANYRUN strengthens MSSP operations at scale: https://any.run/mssp/?utm_source=mastodon&utm_medium=post&utm_campaign=mssp_challenges_solved&utm_term=240326&utm_content=linktomssp

ANY.RUN1d ago

๐Ÿšจ ๐—ฆ๐—ฉ๐—š ๐—ฆ๐—บ๐˜‚๐—ด๐—ด๐—น๐—ถ๐—ป๐—ด ๐—–๐—ฎ๐—บ๐—ฝ๐—ฎ๐—ถ๐—ด๐—ป ๐—›๐—ถ๐˜๐˜€ ๐—–๐—ผ๐—น๐—ผ๐—บ๐—ฏ๐—ถ๐—ฎ๐—ป ๐—ข๐—ฟ๐—ด๐—ฎ๐—ป๐—ถ๐˜‡๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐˜€
Weโ€™re seeing a surge in a #phishing campaign targeting government, finance, oil and gas, and healthcare sectors in Colombia โš ๏ธ

Attackers distribute Spanish-language emails with an attached SVG file. The file is not a static image but an active SVG containing embedded JavaScript that uses SVG smuggling to reconstruct the next stage locally via a blob URL, without fetching a payload from external resources.

The browser then generates an intermediate HTML lure that mimics document preparation, and from embedded data creates a password-protected ZIP archive for the user to open.

โ—๏ธ This kind of attack can blur early-stage visibility for SOC teams. SVG smuggling, blob objects, and legitimate Windows components break the compromise into weak signals, making detection and investigation harder in the early stages.

โšก #ANYRUN Sandbox allows analysts to quickly reconstruct ๐˜๐—ต๐—ฒ ๐—ณ๐˜‚๐—น๐—น ๐—ฒ๐˜…๐—ฒ๐—ฐ๐˜‚๐˜๐—ถ๐—ผ๐—ป ๐—ฐ๐—ต๐—ฎ๐—ถ๐—ป:
SVG smuggling โžก๏ธ Blob-based HTML lure โžก๏ธ Password-protected ZIP โžก๏ธ Notificacion Fiscal.js (launcher / execution handoff) โžก๏ธ radicado.hta (dropper) โžก๏ธ J0Ogv7Hf.ps1 (script-based RAT / Vjw0rm-like implant) โžก๏ธ C2 communication

โœ… This helps security teams connect scattered artifacts faster, expose hidden delivery stages, and confirm malicious activity before the attack moves further.

๐Ÿ‘จโ€๐Ÿ’ป Learn how #ANYRUN helps detect complex threats faster: https://any.run/features/?utm_source=mastodon&utm_medium=post&utm_campaign=svg_smuggling_campaign&utm_term=230326&utm_content=linktosandboxlanding

#cybersecurity #infosec

ANY.RUN5d ago

๐Ÿฆ Protect critical infrastructure and customer trust.
#ANYRUN supports triage, continuous monitoring, and threat hunting while keeping sensitive data under strict control.

โœ… Identify up to 58% more threats, reduce Tier 1 workload, and cut MTTR: https://any.run/by-industry/finance/?utm_source=mastodon&utm_medium=post&utm_campaign=solving_finance_challenges&utm_term=190326&utm_content=linktofinance

ANY.RUN5d ago

โš ๏ธ Slow detection, delayed response, and limited context keep SOCs reactive.

#ANYRUN TI Feeds bring fresh IOCs from real attacks into SIEM/XDR, helping spot threats earlier and move to proactive defense.

๐Ÿ‘จโ€๐Ÿ’ป See how TI Feeds work in real SOC workflows: https://any.run/threat-intelligence-feeds/?utm_source=mastodon&utm_medium=post&utm_campaign=soc_challenges_feeds&utm_term=190326&utm_content=linktofeedslanding

ANY.RUN6d ago

โ—๏ธ SOCs & MSSPs waste time enriching alerts by hand, slowing response.

Connect #ANYRUN Sandbox with your Microsoft Sentinel workspace to detect and contain attacks earlier with actionable threat insights โšก๏ธ

Set it up in minutes: https://any.run/cybersecurity-blog/malware-sandbox-ms-sentinel-connector/?utm_source=mastodon&utm_medium=post&utm_campaign=anyrun_sandbox_sentinel&utm_term=180326&utm_content=linktoblog

ANY.RUNMar 17

When alerts lack context, triage slows down and MTTR grows โณ
#ANYRUNโ€™s integration with MISP lets teams validate alerts with behavior-based evidence, while TI Feeds enrich ัases with IOCs from live attacks

Hit SLA targets and keep operations efficient ๐Ÿ‘‡
https://any.run/cybersecurity-blog/anyrun-sandbox-misp-integration/?utm_source=mastodon&utm_medium=post&utm_campaign=anyrun_misp_integration&utm_term=170326&utm_content=linktoblog

ANY.RUN x MISP: Faster Triage with Behavior Evidence

ANY.RUNโ€™s integration with MISP delivers real behavior, fast verdicts and ATT&CK mapping to strengthen triage, reduce MTTR, and support MSSP.

ANY.RUN's Cybersecurity Blog
ANY.RUNMar 16

What an amazing time at RootedCON 2026 ๐Ÿ‡ช๐Ÿ‡ธ
It was great to connect with the cybersecurity community and share how #ANYRUN helps teams make faster decisions.

See the full recap and new capabilities for greater SOC efficiency โฌ‡๏ธ
https://any.run/cybersecurity-blog/anyrun-rootedcon-2026/?utm_source=mastodon&utm_medium=post&utm_campaign=rootedcon_2026&utm_content=linktoblog&utm_term=160326

ANY.RUN at RootedCON 2026: Showcasing New Capabilities for SOCs

ANY.RUN joined RootedCON 2026 to showcase new capabilities for SOC teams, including SSL decryption and cross-platform analysis.

ANY.RUN's Cybersecurity Blog
ANY.RUNMar 12

๐ŸŽฃ #Salty2FA relies on encrypted HTTPS communication for fake login pages, redirect flows, and data exfiltration. Thatโ€™s why it often looks harmless at first glance, delaying confirmation and increasing the risk of credential compromise.

The full phishing flow becomes visible when HTTPS traffic is automatically decrypted in #ANYRUN Sandbox: https://app.any.run/tasks/73fb8a10-2721-4da4-9f9b-a340a6eac370?utm_source=mastodon&utm_medium=post&utm_campaign=salty_ssl_decryption&utm_term=120326&utm_content=linktoservice

๐Ÿ‘จโ€๐Ÿ’ป Learn how #ANYRUN improves phishing detection for SOC teams: https://any.run/cybersecurity-blog/automatic-ssl-decryption/?utm_source=mastodon&utm_medium=post&utm_campaign=salty_ssl_decryption&utm_term=120326&utm_content=linktoblog

#cybersecurity #infosec

ANY.RUNMar 12

๐Ÿšจ ๐—ฆ๐—ฝ๐—ผ๐˜ ๐—œ๐˜ ๐—˜๐—ฎ๐—ฟ๐—น๐˜†: ๐—–๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐—ง๐—ต๐—ฒ๐—ณ๐˜ ๐—•๐—ฒ๐—ต๐—ถ๐—ป๐—ฑ ๐—™๐—ฎ๐—ธ๐—ฒ ๐—ฃ๐——๐—™๐˜€
Attackers disguise #phishing HTM/HTML email attachments as PDF files. In the observed case, pdf.htm displays a fake login page and sends entered credentials in JSON via HTTP POST to the Telegram Bot API, enabling account takeover and access to internal systems.

Some samples use obfuscated scripts, making the exfiltration logic harder to spot โ—๏ธ

โšก๏ธ #ANYRUN Sandbox exposed phishing behavior in under 60 seconds, revealing the outbound network activity, loaded scripts, and file contents, helping analysts accelerate triage and reduce unnecessary escalations.

๐ŸŽฃ See the analysis session and collect #IOCs to speed up detection and cut MTTR: https://app.any.run/tasks/3a6af151-cf57-461f-b600-19c39fdfcce6?utm_source=mastodon&utm_medium=post&utm_campaign=html_pdf_phishing&utm_content=linktoservice&utm_term=110326

๐Ÿ” Find similar cases and pivot from IOCs using this TI Lookup search query: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=html_pdf_phishing&utm_content=linktotilookup&utm_term=110326#%7B%2522query%2522:%2522filePath:%255C%2522.pdf.html$%255C%2522%2520OR%2520filePath:%255C%2522.pdf.htm$%255C%2522%2522,%2522dateRange%2522:180%7D

๐Ÿ‘จโ€๐Ÿ’ป Learn how #ANYRUN Sandbox helps SOC teams detect complex threats faster: https://any.run/features/?utm_source=mastodon&utm_medium=post&utm_campaign=html_pdf_phishing&utm_term=110326&utm_content=linktosandboxlanding

#cybersecurity #infosec