Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

ThreatConnect and ANY.RUN – Better Malware Analysis

ThreatConnect and ANY.RUN have partnered to deliver a Playbook App for joint customers to leverage. With the addition of this Playbook App, you will be able to submit files to ANY.RUN for sandboxing and retrieve results automatically via Playbooks. This all leads to more informed decision making and more efficient remediation of malicious files through automation.

ThreatConnect ANY.RUN Playbook App

The following use cases are now available:

  • Malware Analysis Sandbox. As part of a security process, you can automatically send malware to the ANY.RUN sandbox. Once in the sandbox, you can learn what this malware family is, what it does, how malicious it is, and more. You can then use your findings from malware sandboxing to inform future decisions as part of security orchestration.
  • Malware Hunting. As part of a security process, you can mine for potential IOCs in the form of C2 nodes, Registry Keys, and more to gain a more holistic understanding of the potential threat by discovering how and where the malware operates.
  • Phishing email triage. As part of a security process, you can leverage ANY.RUN to detonate potentially malicious files as part of an investigation, such as triaging a phishing email, or performing further host-based analysis and remediation. By automating this process, you save your team time and resources. 

The following actions are available with this Playbook App:

  • Submit File: Submit a binary file to the sandbox for analysis. 
  • Submit URL: URLs are analyzed within a browser and results are returned based on detection rules within ANY.RUN’s platform.
  • Get Report: Retrieve the results of a previous analysis.

Together, ThreatConnect and ANY.RUN help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on how to leverage the ANY.RUN Analyzer App. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at


ANY.RUN is the first interactive online malware analysis sandbox. The service provides detection, analysis, and monitoring of cybersecurity threats. Based on the interactive approach of investigations, ANY.RUN offers users to affect the virtual machine by launching various programs, changing configurations, rebooting the system, and running different scenarios. The user is in full control of the analysis flow in real-time. Find out more here:

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at