Phishing attacks are becoming increasingly sophisticated as cybercriminals continue to develop new techniques to manipulate individuals and organizations into revealing sensitive information and installing malware. To combat this growing threat, cybersecurity researchers at ANY.RUN have released a guide to analyzing advanced phishing attacks using their new Threat Intelligence Lookup tool.
The Threat Intelligence Lookup tool is designed to provide contextual search capabilities both online and via API. It indexes and analyzes data from millions of public interactive analytical sessions, or “tasks,” performed in the ANY.RUN sandbox by a community of over 300,000 academics and 300 organizations. This tool can be crucial in unlocking opportunities and maximizing threat intelligence, enhancing the search abilities and providing precise security incident responses.
One of the key features of the Threat Intelligence Lookup tool is its ability to scan millions of community tasks and link isolated indicators to specific threats for security teams. With API access, it can quickly find sandbox matches, often identifying malware families and providing related data such as ports, URLs, and hashes.
To illustrate the capabilities of the tool, cybersecurity researchers described a scenario in which an employee reported a phishing attempt that involved opening a suspicious Office attachment that enabled Macros, triggering a security alarm. Upon examining the logs, analysts discovered a suspicious PowerShell process with a certain code. By using the Threat Intelligence Lookup tool, they were able to quickly search and find related command lines and identify potential cyberattacks based on the PowerShell process and unusual network port connections.
The tool also allows cybersecurity experts to investigate suspicious IPs and confirm the presence of specific malware, such as the Remcos Remote Access Trojan, by combining network rule names with IP addresses associated with unusual network port activity.
Overall, the Threat Intelligence Lookup tool is a valuable resource for cybersecurity experts, providing them with a powerful and efficient way to investigate potential threats and identify malicious activity within their networks. It is currently offering a trial with 20 search queries for existing Searcher plans or above clients, and customers can reach out to ANY.RUN for information on customer plans and subscriptions. As cybercriminals continue to develop more sophisticated phishing attacks, tools like ANY.RUN’s Threat Intelligence Lookup will be essential for staying ahead of evolving threats and protecting against data breaches and malware infections.