ThreatConnect and ANY.RUN - Better Malware Analysis

ThreatConnect and ANY.RUN have partnered to deliver a Playbook App for joint customers to leverage. With the addition of this Playbook App, you will be able to submit files to ANY.RUN for sandboxing and retrieve results automatically via Playbooks. This all leads to more informed decision making and more efficient remediation of malicious files through automation.

ThreatConnect ANY.RUN Playbook App

The following use cases are now available:

  • Malware Analysis Sandbox. As part of a security process, you can automatically send malware to the ANY.RUN sandbox. Once in the sandbox, you can learn what this malware family is, what it does, how malicious it is, and more. You can then use your findings from malware sandboxing to inform future decisions as part of security orchestration.
  • Malware Hunting. As part of a security process, you can mine for potential IOCs in the form of C2 nodes, Registry Keys, and more to gain a more holistic understanding of the potential threat by discovering how and where the malware operates.
  • Phishing email triage. As part of a security process, you can leverage ANY.RUN to detonate potentially malicious files as part of an investigation, such as triaging a phishing email, or performing further host-based analysis and remediation. By automating this process, you save your team time and resources. 

The following actions are available with this Playbook App:

  • Submit File: Submit a binary file to the sandbox for analysis. 
  • Submit URL: URLs are analyzed within a browser and results are returned based on detection rules within ANY.RUN’s platform.
  • Get Report: Retrieve the results of a previous analysis.

Together, ThreatConnect and ANY.RUN help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on how to leverage the ANY.RUN Analyzer App. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at


ANY.RUN is the first interactive online malware analysis sandbox. The service provides detection, analysis, and monitoring of cybersecurity threats. Based on the interactive approach of investigations, ANY.RUN offers users to affect the virtual machine by launching various programs, changing configurations, rebooting the system, and running different scenarios. The user is in full control of the analysis flow in real-time. Find out more here:

Jeff Quist
About the Author
Jeff Quist

Jeff Quist, Product Marketing Manager at ThreatConnect, has 9 years of experience in Sales, Marketing, Product Management, and Product Marketing, mainly in technology and financial services. His professional experience and empathy for customers and partners help him to develop engaging marketing content and empower sales teams. Jeff lives in New York City and in his free time, he enjoys sketching, reading sci-fi novels, and supporting the Boston Bruins.