AnyRun#
README
AnyRun#
ANY.RUN is a malware sandbox service in the cloud. By using this analyzer, an analyst can submit a suspicious file or URL to the service for analysis and get a report. The report can contain various information such as:
- Interactive access
- Research threats by filter in public submissions
- File and URL dynamic analysis
- Mitre ATT&CK mapping
- Detailed malware reports
Requirements#
You need a valid AnyRun API integration subscription to use the analyzer. Free plan does not provide API access.
- Provide your API token as a value for the
tokenparameter. - Define the privacy setting in
privacy_typeparameter. - Set
verify_sslparameter as false if you connection requires it
AnyRun_Sandbox_Analysis#
Author: Andrea Garavaglia, Davide Arcuri, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- url
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://any.run/
Description#
Any.Run Sandbox file analysis
Configuration#
| token | API token |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
| privacy_type | Define the privacy setting (Allowed values: public, bylink, owner) |
|---|---|
| Default value if not configured | bylink |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| verify_ssl | Verify SSL certificate |
|---|---|
| Default value if not configured | True |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
Last update: November 15, 2021 06:39:11