Note: Support for this Pack will be moved to Partner starting June 17, 2025.
Pack Contributors:
- ANY.RUN integrations team
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Empowers SOC teams with a Cloud Sandbox for real-time malware analysis, Threat Intelligence Lookup, and high-quality feeds to enhance detection and threat coverage.
Note: Support for this Pack will be moved to Partner starting June 17, 2025.
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Note: Support for this Pack will be moved to Partner starting June 17, 2025.
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Name | Description |
---|---|
ANY.RUN TI Feed (Partner Contribution) | Threat Intelligence Feeds provide data on the known indicators of compromise such as malicious IPs, URLs, Domains. |
ANY.RUN TI Lookup (Partner Contribution) | TI Lookup is a searchable database of IOCs, IOAs, IOBs, and events for threat hunting and a service for browsing malicious files by their content. |
ANY.RUN Cloud Sandbox (Partner Contribution) | ANY.RUN Sandbox is an online interactive sandbox for malware analysis, a tool for detection, monitoring, and research of cyber threats in real time. |
ANY.RUN (Partner Contribution) | Deprecated. Use ANY.RUN TI Feeds, ANY.RUN TI Lookup, ANY.RUN Cloud Sandbox instead. |
Name | Description |
---|---|
ANYRUN Detonate File Android | This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It helps to automate malware detonation and behavior observation on Android OS. |
ANYRUN Detonate Url Android | This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It automates the analysis of potentially malicious URLs on Android OS. |
ANYRUN Detonate Url Windows | This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Windows environment. It automates the analysis of potentially malicious URLs on Windows OS. |
Detonate File - ANYRUN | Deprecated. Use ANY.RUN Detonate File [Windows, Linux, Android] instead. |
ANYRUN Detonate Url Linux | This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Linux environment. It automates the analysis of potentially malicious URLs on Ubuntu OS. |
Detonate File From URL - ANYRUN | Deprecated. Use ANY.RUN Detonate File [Windows, Linux, Android] instead. |
Detonate URL - ANYRUN | Deprecated. Use ANY.RUN Detonate URL [Windows, Linux, Android] instead. |
ANYRUN Detonate File Windows | This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Windows environment. It helps to automate malware detonation and behavior observation on Windows OS. |
ANYRUN Detonate File Linux | This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Linux environment. It helps to automate malware detonation and behavior observation on Ubuntu OS. |
Name | Description |
---|---|
ANY.RUN Cloud Sandbox (Partner Contribution) | ANY.RUN Sandbox is an online interactive sandbox for malware analysis, a tool for detection, monitoring, and research of cyber threats in real time. |
ANY.RUN TI Feed (Partner Contribution) | Threat Intelligence Feeds provide data on the known indicators of compromise such as malicious IPs, URLs, Domains. |
ANY.RUN (Partner Contribution) | Deprecated. Use ANY.RUN TI Feeds, ANY.RUN TI Lookup, ANY.RUN Cloud Sandbox instead. |
ANY.RUN TI Lookup (Partner Contribution) | TI Lookup is a searchable database of IOCs, IOAs, IOBs, and events for threat hunting and a service for browsing malicious files by their content. |
Name | Description |
---|---|
ANYRUN Detonate Url Linux | This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Linux environment. It automates the analysis of potentially malicious URLs on Ubuntu OS. |
Detonate File - ANYRUN | Deprecated. Use ANY.RUN Detonate File [Windows, Linux, Android] instead. |
ANYRUN Detonate Url Android | This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It automates the analysis of potentially malicious URLs on Android OS. |
ANYRUN Detonate Url Windows | This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Windows environment. It automates the analysis of potentially malicious URLs on Windows OS. |
Detonate URL - ANYRUN | Deprecated. Use ANY.RUN Detonate URL [Windows, Linux, Android] instead. |
ANYRUN Detonate File Android | This playbook submits a file extracted from an alert attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It helps to automate malware detonation and behavior observation on Android OS. |
ANYRUN Detonate File Linux | This playbook submits a file extracted from an alert attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Linux environment. It helps to automate malware detonation and behavior observation on Ubuntu OS. |
ANYRUN Detonate File Windows | This playbook submits a file extracted from an alert attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Windows environment. It helps to automate malware detonation and behavior observation on Windows OS. |
Detonate File From URL - ANYRUN | Deprecated. Use ANY.RUN Detonate File [Windows, Linux, Android] instead. |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Common Playbooks | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|---|
Rasterize | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Filters And Transformers | By: Cortex XSOAR |
Base | By: Cortex XSOAR |
Common Playbooks | By: Cortex XSOAR |
Cortex REST API | By: Cortex XSOAR |
This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in a Linux environment. It automates the analysis of potentially malicious URLs on Ubuntu OS.
This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It helps to automate malware detonation and behavior observation on Android OS.
This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in a Linux environment. It helps to automate malware detonation and behavior observation on Ubuntu OS.
This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in a Windows environment. It helps to automate malware detonation and behavior observation on Windows OS.
This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in a Windows environment. It automates the analysis of potentially malicious URLs on Windows OS.
This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It automates the analysis of potentially malicious URLs on Android OS.
This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in a Linux environment. It automates the analysis of potentially malicious URLs on Ubuntu OS.
This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It helps to automate malware detonation and behavior observation on Android OS.
This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in a Linux environment. It helps to automate malware detonation and behavior observation on Ubuntu OS.
This playbook submits a file extracted from an incident attachment to the ANY.RUN cloud sandbox for dynamic analysis in a Windows environment. It helps to automate malware detonation and behavior observation on Windows OS.
This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in a Windows environment. It automates the analysis of potentially malicious URLs on Windows OS.
This playbook submits a URL extracted from an indicator to the ANY.RUN cloud sandbox for dynamic analysis in an Android environment. It automates the analysis of potentially malicious URLs on Android OS.
Certification | Certified | Read more |
Supported By | Partner | |
Created | January 26, 2021 | |
Last Release | July 27, 2025 |