AnyRun#
README
AnyRun#
ANY.RUN is a malware sandbox service in the cloud. By using this analyzer, an analyst can submit a suspicious file or URL to the service for analysis and get a report. The report can contain various information such as:
- Interactive access
- Research threats by filter in public submissions
- File and URL dynamic analysis
- Mitre ATT&CK mapping
- Detailed malware reports
Requirements#
You need a valid AnyRun API integration subscription to use the analyzer. Free plan does not provide API access.
- Provide your API token as a value for the
token
parameter. - Define the privacy setting in
privacy_type
parameter. - Set
verify_ssl
parameter as false if you connection requires it
AnyRun_Sandbox_Analysis#
Author: Andrea Garavaglia, Davide Arcuri, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- url
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://any.run/
Description#
Any.Run Sandbox file analysis
Configuration#
token | API token |
---|---|
Default value if not configured | N/A |
Type of the configuration item | string |
The configuration item can contain multiple values | False |
Is required | False |
privacy_type | Define the privacy setting (Allowed values: public, bylink, owner) |
---|---|
Default value if not configured | bylink |
Type of the configuration item | string |
The configuration item can contain multiple values | False |
Is required | True |
verify_ssl | Verify SSL certificate |
---|---|
Default value if not configured | True |
Type of the configuration item | boolean |
The configuration item can contain multiple values | False |
Is required | True |