ANY.RUN

Public

Can't Join? @anyrun_app

847 Members

Updated: May 27, 2026 at 4:30 AM

ANY.RUN

Empowering businesses with proactive security solutions: Interactive Sandbox, TI Lookup and TI Feeds. Official website: https://any.run | Sign up: https://app.any.run/?utm_source=telegram&utm_campaign=bio#register

@anyrun_app is a dedicated channel for empowering and security with regular updates in Hacking Tools

Ranking

Global Ranking

#456

Language Ranking

#45

Category Ranking

#23

-1

Participant Growth (Last 15 Days)

Total: 847

24h growth: +0 0%

Latest Posts

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

🚨 Active US phishing campaign exposed by its own reusable infrastructure.
🔍 Domains rotate, lure pages don't: same request chain, same POST endpoints. That repetition is the detection surface.

Get the IOCs from real analysis sessions:
1️⃣ https://app.any.run/tasks/a1b85a4f-6985-4b16-b8b4-d802012524af/?utm_source=telegram&utm_medium=post&utm_campaign=US_fake_invitation&utm_term=080526&utm_content=linktoservice
2️⃣ https://app.any.run/tasks/590eb0b6-2738-434d-965e-5dad01ab3bb4/?utm_source=telegram&utm_medium=post&utm_campaign=US_fake_invitation&utm_term=080526&utm_content=linktoservice

➡️ https://any.run/cybersecurity-blog/us-fake-invitation-phishing/?utm_source=telegram&utm_medium=post&utm_campaign=US_fake_invitation&utm_term=080526&utm_content=linktoblog

189

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

🚨 BlobPhish credential-phishing campaign targets Microsoft 365, major U. S. financial institutions, and webmail services.
⚠️ Compromised accounts enable BEC, data exfiltration, and lateral movement, creating direct financial and operational risk.

This campaign generates phishing pages directly inside the browser using blob objects instead of loading them over the network. The payload exists entirely in memory, which breaks network visibility and makes traditional detection unreliable.

⚡️ #ANYRUN Sandbox helps SOC teams observe this behavior, exposing in-memory phishing and enabling faster detection and response. https://app.any.run/tasks/191b74fc-fb9f-455a-9492-ca872871d0e1/?utm_source=telegram&utm_medium=post&utm_campaign=blobphish_case&utm_term=060526&utm_content=linktoservice

📌 https://any.run/cybersecurity-blog/evasive-blob-phishing-detection/?utm_source=telegram&utm_medium=post&utm_campaign=blobphish_case&utm_term=060526&utm_content=linktoblog to understand detection gaps, validate your coverage, and strengthen phishing defenses.

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

📈 Threat intelligence value is defined by its daily use. Integrated into workflows, it improves decision speed, consistency, and SOC visibility.

⚡️ #ANYRUN Threat Intelligence supports this by delivering context where decisions are made. https://any.run/cybersecurity-blog/expanded-free-ti-plan/?utm_source=telegram&utm_medium=post&utm_campaign=expanded_ti_plan&utm_term=070526&utm_content=linktoblog

209

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

Mature SOCs running Microsoft Sentinel are adding #ANYRUN to their stack. It gives analysts time to make decisions. And also:
⚡ Auto-enrichment and prioritization
📉 MTTR down by up to 21 min
🔥 Early detection and faster response

👉 https://any.run/cybersecurity-blog/malware-sandbox-ms-sentinel-connector/?utm_source=telegram&utm_medium=post&utm_campaign=sandbox_sentinel&utm_term=060526&utm_content=linktoblog

192

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

CISOs are moving beyond compliance. MITRE ATT&CK is now a tool for real risk reduction, not just mapping threats ⚡️

📌 See how SOC workflows + threat intelligence turn ATT&CK into business protection — https://any.run/cybersecurity-blog/mitre-ciso-risk-reduction/?utm_source=telegram&utm_medium=post&utm_campaign=mitre_ciso_risk_reduction&utm_term=060526&utm_content=linktoblog

174

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

The MSSP market is booming. When growth kills margins, intelligence-driven scaling is the fix ✅

#ANYRUN gives MSSPs a unified operational layer, which means less manual work, consistent workflows, and more context across every client.

📈 https://any.run/cybersecurity-blog/mssp-pains-solved-by-ti/?utm_source=telegram&utm_medium=post&utm_campaign=mssp_pains_solved_by_ti&utm_term=050526&utm_content=linktoblog

188

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

🚨 New large-scale phishing attack targets U. S. organizations.

Fake event invitations can lead to stolen credentials, OTP interception, or remote access tool installation.

🎯 See how CISOs can close the access blind spot before impact — https://any.run/cybersecurity-blog/us-fake-invitation-phishing/?utm_source=telegram&utm_medium=post&utm_campaign=us_fake_invitation_phihsing&utm_term=050526&utm_content=linktoblog

185

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

🚨 MicroStealer is actively targeting telecom & education in the US and Germany — stealing browser credentials, session tokens, and wallet files before most AV tools even flag it.

One infected endpoint can expose your entire SaaS stack.
🎯 https://any.run/malware-trends/microstealer/?utm_source=telegram&utm_medium=post&utm_campaign=microstealer&utm_term=040526&utm_content=linktomtt

179

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

Phishing activity in the past 7 days 🐟
👉 https://intelligence.any.run/analysis/lookup?utm_source=telegram&utm_medium=post&utm_campaign=top_phishing&utm_content=linktoti&utm_term=050526#{%22query%22:%22threatName:%5C%22^phishing$%5C%22%22,%22dateRange%22:180}

#TopPhishingThreats

198

ANY.RUN

May 15, 2026, 10:01 AM

📷 Photo

⚠️ RAT activity is on the rise. XWorm and AsyncRAT are up, while stealers like Vidar and Lumma are declining.

Trend to watch: this suggests a shift toward sustained access and post-compromise operations, not just initial data theft. Lower stealer volume doesn’t reduce risk, it often means fewer early signals but higher impact if missed.

👉 https://any.run/enterprise/?utm_source=telegram&utm_medium=post&utm_campaign=top_ten&utm_term=040526&utm_content=linktoenterprise
#Top10Malware

177

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

🚨 A persistent Magecart campaign has operated undetected for 24+ months across 12+ countries, using 100+ domains to hijack payment flows. It’s now on the radar.

The financial and regulatory impact ultimately falls on banks and payment systems, even though the targeted victims are e-com websites ❗️

➡️ https://any.run/cybersecurity-blog/banks-magecart-campaign/?utm_source=telegram&utm_medium=post&utm_campaign=magecart_campaign&utm_term=310326&utm_content=linktoblog, understand your exposure, and gather IOCs

145

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

🔥 Big March updates at #ANYRUN! What’s new:
🔹 Stronger phishing detection with automatic SSL decryption
🔹 Fewer blind spots with macOS & Windows Server VMs
🔹 Expanded threat coverage with new detections, rules, and TI reports

👉 https://any.run/cybersecurity-blog/release-notes-march-2026/?utm_source=telegram&utm_medium=post&utm_campaign=release_notes_march_2026&utm_term=310326&utm_content=linktoblog and give your team a faster, smoother way to investigate

135

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

👾 Roning Loader is a malware posing as Microsoft Teams.
Once inside, it breaks business defenses and deploys gh0stRAT as the next stage.

👉 https://any.run/malware-trends/roning/?utm_source=telegram&utm_medium=post&utm_campaign=roning&utm_term=300326&utm_content=linktomtt to stop attacks on your company early

143

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

Hope you found RSAC 2026 valuable. We definitely did 🚀
🏆 Honored to receive two Global InfoSec Awards, highlighting the impact #ANYRUN brings to enterprise SOCs & MSSPs.

Great to connect with partners and customers 🙌
➡️ https://any.run/cybersecurity-blog/rsac-2026-highlights/?utm_source=telegram&utm_medium=post&utm_campaign=rsac_2026&utm_term=300326&utm_content=linktoblog

159

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

Phishing activity in the past 7 days 🐟
👉 https://intelligence.any.run/analysis/lookup?utm_source=telegram&utm_medium=post&utm_campaign=top_phishing&utm_content=linktoti&utm_term=310326#{%22query%22:%22threatName:%5C%22^phishing$%5C%22%22,%22dateRange%22:180}

#TopPhishingThreats

149

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

🚨 We uncovered a large-scale Magecart campaign running undetected for 24+ months across 12+ countries like Spain, France & the US.

100+ domains hijack payment flows to steal card data, creating sustained financial exposure for banks and enterprises ⚠️

➡️ https://any.run/cybersecurity-blog/banks-magecart-campaign/?utm_source=telegram&utm_medium=post&utm_campaign=magecart_campaign&utm_term=260326&utm_content=linktoblog

230

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

MTTR is where incidents either fade quietly… or spiral into something bigger ❗️

Manual validation and outdated intelligence slow triage across the SOC

👉 https://any.run/cybersecurity-blog/reduce-soc-mttr-with-ti/?utm_source=telegram&utm_medium=post&utm_campaign=reduce_soc_mttr_with_feeds&utm_term=270326&utm_content=linktoservice with faster validation and up-to-date detection coverage

208

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

Top 10 last week's threats by uploads 🌐
⬇️ #Stealc 581 (600)
⬇️ #Asyncrat 493 (541)
⬇️ #Xworm 460 (509)
⬆️ #Remcos 389 (272)
⬆️ #Vidar 371 (368)
⬇️ #Gh0st 274 (298)
⬆️ #Salatstealer 243 (195)
⬆️ #Quasar 221 (185)
⬆️ #Lokibot 217 (119)
⬇️ #Agenttesla 196 (216)

👉 https://app.any.run/?utm_source=telegram&utm_medium=post&utm_campaign=top_ten&utm_term=300326&utm_content=linktoregister#register
#Top10Malware

158

ANY.RUN

Apr 5, 2026, 11:43 AM

🚨 macOS-Specific ClickFix Campaign Targeting Claude Code Users: Detect It Early
We identified a campaign targeting users of Claude Code, Grok, n8n, NotebookLM, Gemini CLI, OpenClaw, and Cursor with AMOS Stealer ⚠️
As macOS adoption grows in enterprise environments, these attacks exploit gaps in visibility and make early-stage detection harder.

🎯 In this case, attackers use a redirect from Google ads to a fake Claude Code documentation page and a ClickFix flow to deliver a payload. A terminal command downloads an encoded script, which installs AMOS Stealer, collects browser data, credentials, Keychain contents, and sensitive files, then deploys a backdoor.

The backdoor module (~/.mainhelper) was first described by Moonlock Lab in July 2025. Our analysis shows that it has since evolved. While the original version supported only a limited set of commands via periodic HTTP polling, the updated variant significantly expands functionality and introduces a fully interactive reverse shell over WebSocket with PTY support.

❗️ This turns the infection from data theft into persistent, hands-on access to the infected Mac, giving the attacker real-time control over the system.

Multi-stage delivery, obfuscated scripts, and abuse of legitimate macOS components break visibility into fragmented signals. Triage slows down, and escalation decisions take longer, leading to credential theft and data exfiltration.

⚡️ #ANYRUN Sandbox lets security teams analyze macOS, Windows, Linux, and Android threats with full visibility into execution, attacker behavior, and artifacts, helping detect threats early and build stronger detection logic, while reducing MTTD & MTTR.

👉 https://app.any.run/tasks/74f5000d-aa91-4745-9fc7-fdd95549874b/?utm_source=telegram&utm_medium=post&utm_campaign=macOS_clickfix&utm_term=250326&utm_content=linktoservice

💬 https://x.com/anyrun_app/status/2036799880392265928?s=20

👨‍💻️ Expand your SOC’s cross-platform threat visibility. https://any.run/cybersecurity-blog/anyrun-macos-sandbox/?utm_source=telegram&utm_medium=post&utm_campaign=macOS_clickfix&utm_term=250326&utm_content=linktoblog

#ExploreWithANYRUN

ANY.RUN

Apr 5, 2026, 11:43 AM

📷 Photo

Double win for #ANYRUN at Global InfoSec Awards during RSAC 2026 🏆

Two categories, one mission: solving key SOC challenges with enterprise-grade TI and malware analysis.

Grateful to our community for making this possible 🙌
➡️ https://any.run/cybersecurity-blog/global-infosec-awards-2026/?utm_source=telegram&utm_medium=post&utm_campaign=global_infosec_awards_2026&utm_term=260326&utm_content=linktoblog

180

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

⚠️ Enterprise phishing is now abusing Microsoft & Google Cloud.

Trusted domains don’t get flagged by common detection tools, leaving companies exposed.

➡️ https://any.run/cybersecurity-blog/enterprise-phishing-analysis/?utm_source=telegram&utm_medium=post&utm_campaign=enterprise_phishing&utm_term=250326&utm_content=linktoblog

169

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

🚨 Kamasers is a multi-vector DDoS botnet built for disruption. With resilient C2 infrastructure and 16 attack methods, it poses a serious risk to organizations worldwide.

🎯 Targeted industries: telecom, technology, education.

🔎 https://any.run/cybersecurity-blog/kamasers-technical-analysis/?utm_source=telegram&utm_medium=post&utm_campaign=kamasers&utm_term=250326&utm_content=linktoblog and get actionable insights to spot it earlier, before disruption impacts critical services

157

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

🚑 Limited threat visibility slowed triage and response at Health Shared Services, a Canada-based healthcare organization supporting 130K+ endpoints.

➡️ https://any.run/cybersecurity-blog/healthcare-success-story/?utm_source=telegram&utm_medium=post&utm_campaign=healthcare_success_story&utm_term=240326&utm_content=linktoblog(spoiler alert: it reduced MTTR/MTTD and alert fatigue)

179

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

📈 MSSP growth brings higher alert volume and stricter SLAs.

Unifying detection, enrichment, and reporting with #ANYRUN helps teams support more clients while keeping service quality consistent.

👉 https://any.run/mssp/?utm_source=telegram&utm_medium=post&utm_campaign=mssp_challenges_solved&utm_term=240326&utm_content=linktomssp

186

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

🚨 SVG Smuggling Campaign Hits Colombian Organizations
We’re seeing a surge in a phishing campaign targeting government, finance, oil and gas, and healthcare sectors in Colombia ⚠️

Attackers distribute Spanish-language emails with an attached SVG file. The file is not a static image but an active SVG containing embedded JavaScript that uses SVG smuggling to reconstruct the next stage locally via a blob URL, without fetching a payload from external resources.

The browser then generates an intermediate HTML lure that mimics document preparation, and from embedded data creates a password-protected ZIP archive for the user to open.

❗️ This kind of attack can blur early-stage visibility for SOC teams. SVG smuggling, blob objects, and legitimate Windows components break the compromise into weak signals, making detection and investigation harder in the early stages.

⚡ #ANYRUN Sandbox allows analysts to quickly reconstruct the full execution chain:
SVG smuggling ➡️ Blob-based HTML lure ➡️ Password-protected ZIP ➡️ Notificacion Fiscal.js (launcher / execution handoff) ➡️ radicado.hta (dropper) ➡️ J0Ogv7Hf.ps1 (script-based RAT / Vjw0rm-like implant) ➡️ C2 communication

✅ This helps security teams connect scattered artifacts faster, expose hidden delivery stages, and confirm malicious activity before the attack moves further.
👨‍💻 https://any.run/features/?utm_source=telegram&utm_medium=post&utm_campaign=svg_smuggling_campaign&utm_term=230326&utm_content=linktosandboxlanding

📌 Use Vjw0rm C2 response commands as detection signals to detect active compromise in your environment:
Cl — execution termination
AW — active window data collection and exfiltration
Ex — PowerShell code execution
SF / RF — base64 payload delivery, storage, and execution
DL — file download from URL with optional execution
DLF — file delivery via C2 with storage and execution
Un — removal of persistence mechanisms and related artifacts

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

Phishing activity in the past 7 days 🐟
👉 https://intelligence.any.run/analysis/lookup?utm_source=telegram&utm_medium=post&utm_campaign=top_phishing&utm_content=linktoti&utm_term=240326#{%22query%22:%22threatName:%5C%22^phishing$%5C%22%22,%22dateRange%22:180}

#TopPhishingThreats

168

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

⚠️ GREENBLOOD ransomware encrypts your files, destroys your backups, disables your defenses, then deletes itself — all in under 60 seconds.

➡️ https://any.run/malware-trends/greenblood/?utm_source=telegram&utm_medium=post&utm_campaign=greenblood_mtt&utm_term=230326&utm_content=linktomtt

191

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

Top 10 last week's threats by uploads 🌐
⬆️ #Stealc 600 (403)
⬇️ #Asyncrat 541 (782)
⬆️ #Xworm 510 (431)
⬆️ #Vidar 368 (351)
⬆️ #Gh0st 298 (281)
⬆️ #Remcos 272 (267)
⬇️ #Agenttesla 216 (307)
⬇️ #Dcrat 201 (427)
⬆️ #Salatstealer 195 (181)
⬇️ #Quasar 185 (187)

👉 https://app.any.run/?utm_source=telegram&utm_medium=post&utm_campaign=top_ten&utm_term=230326&utm_content=linktoregister#register
#Top10Malware

200

ANY.RUN

Apr 1, 2026, 10:52 AM

📷 Photo

⚡#ANYRUN included in IT-Harvest’s 2026 Cyber 150: The Fastest-Growing Cybersecurity Companies.

🙌 Thanks for the recognition for the second year in a row. It’s an honor to be among the companies driving change in the industry!

🔗 https://any.run/cybersecurity-blog/anyrun-harvest-cyber-150-2026/?utm_source=telegram&utm_medium=post&utm_campaign=harvest_cyber_150&utm_content=linktoblog&utm_term=200326

241

ANY.RUN

Mar 30, 2026, 05:18 PM

📷 Photo

❗ macOS VM is now live ❗

25K+ U. S. businesses already run on macOS. Yet #macOS threats remain a blind spot for many SOC teams.

👇 https://any.run/cybersecurity-blog/anyrun-macos-sandbox/?utm_source=telegram&utm_medium=post&utm_campaign=macos_sandbox&utm_content=linktoblog&utm_term=190326

225

Showing 30 of 36 posts

Loading posts...

Rating

User Reviews (0)

No reviews yet. Be the first to share your experience!

Loading reviews...

Related Telegram Channels

Magic Tipster 🧙

970

tapswap community

12.5m0

alpine linux espanol

Loading recommended channels...

ANY.RUN

ANY.RUN

Ranking

Participant Growth (Last 15 Days)

Latest Posts

Rating

User Reviews (0)

Related Telegram Channels

Magic Tipster 🧙

tapswap community

alpine linux espanol

FreeFont.Pro — Best Free Fonts Daily

EZKROW

Tricks Hub | Latest Tricks

[🛡] MTProxyBoy

clover's corner.𖥔 ݁ ˖𓂃.☘︎ ݁˖

Related Telegram Channels

Magic Tipster 🧙

tapswap community

alpine linux espanol

FreeFont.Pro — Best Free Fonts Daily

EZKROW

Tricks Hub | Latest Tricks

[🛡] MTProxyBoy

clover's corner.𖥔 ݁ ˖𓂃.☘︎ ݁˖

User Reviews (0)

Latest Posts