ANY.RUN

@[email protected]
252 Followers
34 Following
851 Posts
Empowering businesses with proactive security solutions: Interactive Sandbox, TI Lookup and Feeds.
Sign uphttps://app.any.run/?utm_source=mastodon
Websitehttps://any.run/?utm_source=mastodon&utm_campaign=bio
ANY.RUN8h ago

🌍 What a conference season!

Across Infosecurity Europe, CONFidence, and C1b3rWall, one challenge stood out: helping SOCs keep pace with evolving threats without overloading their teams 👨‍💻

See how #ANYRUN helps respond with speed & confidence 👇
https://any.run/cybersecurity-blog/europe-cybersecurity-conferences-2026/?utm_source=mastodon&utm_medium=post&utm_campaign=europe_cybersecurity_conferences_2026&utm_term=110226&utm_content=linktoblog

ANY.RUN at Europe’s Cybersecurity Conferences 2026

Explore ANY.RUN’s highlights from Infosecurity Europe, CONFidence, and C1b3rWall 2026, including the SOC priorities shaping security operations today.

ANY.RUN's Cybersecurity Blog
Show threadANY.RUN15h ago

IOCs
Phishing lure:
allcompredirectportalshare[.]workers[.]dev
supportteammanagements[.]workers[.]dev
lindeinvoicexv29dmeocynufgq7[.]s3[.]amazonaws[.]com

URI:
/apifiles[.]php?action=get_device_code&user_id=
/apifiles[.]php?action=poll_token

ANY.RUN15h ago

🚨 𝗢𝗔𝘂𝘁𝗵 𝗧𝗼𝗸𝗲𝗻 𝗔𝗯𝘂𝘀𝗲 𝗜𝘀 𝗚𝗿𝗼𝘄𝗶𝗻𝗴: 𝗚𝗿𝗲𝗮𝘁𝗻𝗲𝘀𝘀 𝗥𝗲𝘁𝘂𝗿𝗻𝘀 𝘄𝗶𝘁𝗵 𝗗𝗲𝘃𝗶𝗰𝗲 𝗖𝗼𝗱𝗲 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴
We've identified renewed activity associated with the Greatness #PhaaS, which combines #AiTM and Device Code #Phishing to target Microsoft 365 Accounts.

⚠️ Device Code Phishing abuses Microsoft's legitimate device authorization flow to obtain access tokens without directly collecting passwords or MFA codes. This shifts risk from credential theft to token abuse, reducing traditional phishing indicators for SOC teams to detect and investigate.

❗️ Greatness promotes token- and cookie-based access to Microsoft 365 accounts through its Telegram channel, advertising passwordless and code-less account compromise scenarios.

Observed capabilities include:
🔹 Device Code Phishing for M365 token theft
🔹 Phishing templates impersonating DocuSign, OneDrive, Outlook, and Voicemail
🔹 Country-targeted login lures
🔹 Cloudflare-hosted phishing links
🔹 Keyword-based targeting engine
🔹 Centralized administration panel

👨‍💻 Review the analysis session, investigate the phishing flow, and validate detection coverage: https://app.any.run/tasks/dd97835c-8a07-4917-ba23-cb8d8493b174/?utm_source=mastodon&utm_medium=post&utm_campaign=greatness_phaas&utm_term=100626&utm_content=linktoservice

🔍 Track Device Code Phishing activity associated with Greatness and uncover related infrastructure in #ANYRUN TI Lookup: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=greatness_phaas&utm_content=linktotilookup&utm_term=100626#%7B%22query%22:%22threatName:%5C%22greatness%5C%22%20and%20threatName:%5C%22oauth-ms-phish%5C%22%22,%22dateRange%22:180%7D

🚀 Strengthen phishing detection and accelerate response across your SOC with #ANYRUN: https://any.run/phishing/?utm_source=mastodon&utm_medium=post&utm_campaign=greatness_phaas&utm_term=100626&utm_content=linktophishinglanding

#cybersecurity #infosec

ANY.RUN1d ago

🎯 Threat hunting breaks when teams prioritize hypotheses based on assumptions instead of actual threats targeting their business.

For example, if you're protecting a U.S. financial organization, start with: 𝘀𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻𝗖𝗼𝘂𝗻𝘁𝗿𝘆:"𝗨𝗦" 𝗔𝗡𝗗 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆:"𝗳𝗶𝗻𝗮𝗻𝗰𝗲"
🔍 Run the search in #ANYRUN TI Lookup: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=threat_hunting_practical_usecases&utm_term=100226&utm_content=linktolookup/#%7B%2522query%2522:%2522submissionCountry:%255C%2522US%255C%2522%2520and%2520industry:%255C%2522finance%255C%2522%2522,%2522dateRange%2522:180%7D

You'll see malware families, phishing campaigns, and attack techniques observed targeting organizations in your sector, helping prioritize hunts based on real attacker activity rather than broad industry reports.

👨‍💻 Learn how SOCs & MSSPs build hunts around observed threats to reduce wasted effort and focus on real business risk: https://any.run/cybersecurity-blog/threat-hunting-practical-usecases/?utm_source=mastodon&utm_medium=post&utm_campaign=threat_hunting_practical_usecases&utm_term=100226&utm_content=linktoblog

ANY.RUN1d ago

⚡️ SOAR can move an alert through a workflow but can't determine what a URL does.

#ANYRUN Sandbox adds behavioral analysis, helping validate threats earlier and reduce manual checks that slow triage & response.

How this works across SOC workflows 👇
https://any.run/cybersecurity-blog/integrating-sandbox-into-soar-workflows/?utm_source=mastodon&utm_medium=post&utm_campaign=sandbox_soar&utm_term=100626&utm_content=linktoblog

Integrating a Sandbox into SOAR Workflows: Steps & Benefits

Learn how integrating a sandbox into SOAR workflows improves triage speed and detection accuracy, reducing operational load for modern SOCs.

ANY.RUN's Cybersecurity Blog
ANY.RUN2d ago

❓ How does a lean SOC team protect 50,000+ users?

🎓 UMass Boston backs its security decisions with #ANYRUN Sandbox, triaging threats in seconds and stopping costly incidents before impact.

Read the customer story and see how you can achieve the same👇
https://any.run/cybersecurity-blog/umass-boston-success-story/?utm_source=mastodon&utm_medium=post&utm_campaign=umass_boston_success_story&utm_term=090626&utm_content=linktoblog

How UMass Boston Protects 50,000 Users with ANY.RUN

See how UMass Boston uses ANY.RUN’s sandbox to speed up phishing triage, prevent incidents, support compliance, and protect over 50,000 users.

ANY.RUN's Cybersecurity Blog
ANY.RUN2d ago

⚠️ In Q1 2026, phishing kits captured sessions using proxy authentication flows in real time.

It's hard to detect, because SOCs see no traditional indicator of compromise.

🎯 Learn how to improve phishing defense in Q1 Cyber Risk Report: https://files.any.run/images/q1_2026_cyber_risk_report_from_anyrun.pdf?utm_source=mastodon&utm_medium=post&utm_campaign=cyber_risk_report_1&utm_content=linktoreport&utm_term=090626

#cybersecurity #infosec

ANY.RUN2d ago

Phishing activity in the past 7 days 🐟
Track latest #phishing threats in TI Lookup: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=top_phishing&utm_content=linktoti&utm_term=090626#%7B%2522query%2522:%2522threatName:%255C%2522%5Ephishing$%255C%2522%2522,%2522dateRange%2522:180%7D

#cybersecurity #infosec

ANY.RUN3d ago

⚠️ #JOMANGY malware hijacks your FreePBX system and runs fraudulent calls on SIP trunks — billed to you.

❗️ 6 self-healing persistence layers. 700+ businesses still infected 5 months later. Is your PBX off the internet?

See the impact of this threat: https://any.run/malware-trends/jomangy/?utm_source=mastodon&utm_medium=post&utm_campaign=jomangy_mtt&utm_term=080626&utm_content=linktomtt

#cybersecurity #infosec

ANY.RUN3d ago

⚠️ Remote access malware remained resilient despite broader declines. #AsyncRAT continued to grow and #Remcos rebounded, while most other major families trended downward.

📌 Trend to watch: when fewer families account for a larger share of activity, defenders can miss the signal by focusing on overall volume alone. Concentrated campaigns often create repeated exposure to the same attack paths, increasing the likelihood of successful compromise.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=080626&utm_content=linktoenterprise

#cybersecurity #infosec