ANY.RUN Expands Security Capabilities with IBM Integration, Exclusive Threat Intelligence, and ARM Malware Analysis

DUBAI, DUBAI, UNITED ARAB EMIRATES, August 4, 2025 /EINPresswire.com/ -- ANY.RUN, the provider of interactive malware analysis and threat intelligence solutions, has announced a series of major product updates. They include an integration with IBM QRadar SOAR, a Free plan for Threat Intelligence Lookup, support for Linux ARM malware analysis, and expanded threat detection rules.

𝐀𝐍𝐘.𝐑𝐔𝐍 𝐀𝐩𝐩 𝐟𝐨𝐫 𝐈𝐁𝐌 𝐐𝐑𝐚𝐝𝐚𝐫 𝐒𝐎𝐀𝐑: 𝐅𝐚𝐬𝐭𝐞𝐫, 𝐒𝐦𝐚𝐫𝐭𝐞𝐫 𝐈𝐧𝐜𝐢𝐝𝐞𝐧𝐭 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐞

The new IBM QRadar SOAR integration enables analysts to detonate suspicious files and URLs in ANY.RUN’s interactive sandbox directly from QRadar SOAR, with verdicts, behavioral logs, and indicators of compromise (IOCs) automatically pushed back into incidents. This approach streamlines triage, reduces Mean Time to Respond (MTTR), and helps SOC teams catch stealthy threats earlier.

𝗕𝗲𝗻𝗲𝗳𝗶𝘁𝘀 𝗳𝗼𝗿 𝗦𝗢𝗖𝘀 𝗶𝗻𝗰𝗹𝘂𝗱𝗲:

· Lower workload and faster response through automation.

· Improved efficiency across Tier 1 and Tier 2 analysts.

· Smarter decision-making with enriched playbooks and detection rules.

· Early visibility into multi-stage and evasive attacks.

· Greater ROI from existing SOAR investments without additional infrastructure.

The ANY.RUN app is available now on the IBM App Exchange.

𝐓𝐡𝐫𝐞𝐚𝐭 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞 𝐋𝐨𝐨𝐤𝐮𝐩: 𝐅𝐫𝐞𝐞 𝐀𝐜𝐜𝐞𝐬𝐬 𝐭𝐨 𝐑𝐞𝐚𝐥-𝐖𝐨𝐫𝐥𝐝 𝐓𝐡𝐫𝐞𝐚𝐭 𝐃𝐚𝐭𝐚

ANY.RUN’s Threat Intelligence Lookup (TI Lookup) now includes a Free plan, providing SOC teams with real-time, actionable threat intelligence from millions of sandboxed malware sessions.

With TI Lookup Free, analysts can:

· Enrich investigations with real-world context.

· Reduce MTTR using live behavioral insights.

· Strengthen proactive defense with early visibility into emerging threats.

· Explore TTPs through the MITRE ATT&CK matrix.

· Develop and refine SIEM, IDS/IPS, and EDR rules.

The Free plan allows unlimited searches across file hashes, URLs, domains, IPs, Suricata IDs, and MITRE ATT&CK techniques. For enterprise needs, TI Lookup Premium offers expanded data, private search, YARA rule matching, alert subscriptions, and API integration.

𝐃𝐞𝐛𝐢𝐚𝐧 𝐀𝐑𝐌 𝐒𝐚𝐧𝐝𝐛𝐨𝐱: 𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐈𝐨𝐓 𝐚𝐧𝐝 𝐄𝐦𝐛𝐞𝐝𝐝𝐞𝐝 𝐓𝐡𝐫𝐞𝐚𝐭𝐬

To address the rise of ARM-based attacks targeting IoT devices and embedded infrastructure, ANY.RUN now supports 𝗟𝗶𝗻𝘂𝘅 𝗗𝗲𝗯𝗶𝗮𝗻 𝟭𝟮.𝟮 (𝗔𝗥𝗠, 𝟲𝟰-𝗯𝗶𝘁) in its Interactive Sandbox.

This environment allows analysts to:

· Interact directly with ARM-based malware in real time.

· Detect persistence, evasion, and privilege escalation techniques.

· Trace execution paths from dropped files to command-line activity.

· Map behaviors to MITRE ATT&CK for accurate threat classification.

The Debian ARM sandbox is available to Enterprise users.

𝐄𝐱𝐩𝐚𝐧𝐝𝐞𝐝 𝐓𝐡𝐫𝐞𝐚𝐭 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧: 𝐍𝐞𝐰 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞𝐬, 𝐘𝐀𝐑𝐀 𝐑𝐮𝐥𝐞𝐬, 𝐚𝐧𝐝 𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚 𝐂𝐨𝐯𝐞𝐫𝐚𝐠𝐞

In July, ANY.RUN strengthened detection capabilities with:

· 163 new behavior signatures for detecting obfuscation, persistence, and stealth techniques.

· 13 new YARA rules, including coverage for BlackMatter, LockBit4, and Sinobi.

· 2,772 new Suricata rules to improve detection of phishing campaigns and data exfiltration, including Telegram-based exfiltration and fake government domains.

To get more details, visit ANY.RUN’s blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is an interactive malware analysis and threat intelligence platform trusted by over 500,000 cybersecurity professionals worldwide. By combining real-time sandboxing, threat intelligence, and automation, ANY.RUN helps SOC teams investigate incidents faster, stop threats earlier, and strengthen defenses against evolving cyberattacks.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X