Skip to content

AnyRun#

README

AnyRun#

ANY.RUN is a malware sandbox service in the cloud. By using this analyzer, an analyst can submit a suspicious file or URL to the service for analysis and get a report. The report can contain various information such as:

  • Interactive access
  • Research threats by filter in public submissions
  • File and URL dynamic analysis
  • Mitre ATT&CK mapping
  • Detailed malware reports

Requirements#

You need a valid AnyRun API integration subscription to use the analyzer. Free plan does not provide API access.

  • Provide your API token as a value for the token parameter.
  • Define the privacy setting in privacy_type parameter.
  • Set verify_ssl parameter as false if you connection requires it

AnyRun_Sandbox_Analysis#

Author: Andrea Garavaglia, Davide Arcuri, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- url
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://any.run/

Description#

Any.Run Sandbox file analysis

Configuration#

token API token
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
privacy_type Define the privacy setting (Allowed values: public, bylink, owner)
Default value if not configured bylink
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
verify_ssl Verify SSL certificate
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

AnyRun: Short report template

AnyRun: Long report template