any.run
Open in
urlscan Pro
2606:4700:10::6816:314a
Public Scan
Submitted URL: https://axeezy.clicks.mlsend.com/tl/cl/eyJ2Ijoie1wiYVwiOjQxNzc2NCxcImxcIjoxMzU5MDE1MTc3MjI5NDUwMTAsXCJyXCI6MTM1OTAxNTgxNzkxOTg3Mz...
Effective URL: https://any.run/cybersecurity-blog/malware-trends-report-q3-2024/?utm_source=malware_analysis&utm_medium=email&u...
Submission: On October 23 via api from DE — Scanned from DE
Effective URL: https://any.run/cybersecurity-blog/malware-trends-report-q3-2024/?utm_source=malware_analysis&utm_medium=email&u...
Submission: On October 23 via api from DE — Scanned from DE
Form analysis 4 forms found in the DOM
GET /cybersecurity-blog/
<form class="gridlove-search-form" action="/cybersecurity-blog/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>GET /cybersecurity-blog/
<form class="gridlove-search-form" action="/cybersecurity-blog/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>GET /cybersecurity-blog/
<form class="gridlove-search-form" action="/cybersecurity-blog/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>POST /cybersecurity-blog/wp-comments-post.php
<form action="/cybersecurity-blog/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
<div class="form-heading"></div>
<p class="comment-form-comment"><label for="comment">Comment</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Be the First to Comment!"></textarea></p>
<p class="comment-form-author"><label for="author">Name</label> <input id="author" name="author" type="text" placeholder="Name" value="" size="20" maxlength="64"></p>
<p class="comment-form-email"><label for="email">Email</label> <input id="email" name="email" type="text" placeholder="Email" value="" size="30" maxlength="100"></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name and email in this browser for the next time I
comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" disabled="" value="Submit Comment"> <input type="hidden" name="comment_post_ID" value="9297" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p><button class="cancel-button">Cancel</button>
</form>Text Content
* Register for free
* Guides and Tutorials
* Featured posts
* Malware Analysis in ANY.RUN:
The Ultimate Guide
* Raccoon Stealer 2.0 Malware analysis
* How to Get Free Malware Samples and Reports
* Categories
* Analyst Training
* Cybersecurity Lifehacks
* Instructions on ANY.RUN
* Interviews
* Malicious History
* Malware Analysis
* News
* Service Updates
* Write for us
* Authors
* Go to service
* Register for free
* * Search
* Register for free
* Guides and Tutorials
* Featured posts
* Malware Analysis in ANY.RUN:
The Ultimate Guide
* Raccoon Stealer 2.0 Malware analysis
* How to Get Free Malware Samples and Reports
* Categories
* Analyst Training
* Cybersecurity Lifehacks
* Instructions on ANY.RUN
* Interviews
* Malicious History
* Malware Analysis
* News
* Service Updates
* Write for us
* Authors
* Go to service
* Register for free
* * Search
* * Search
*
Cybersecurity Lifehacks
MALWARE TRENDS REPORT: Q3, 2024
October 22, 2024 Add comment 1906 views 4 min read
HomeCybersecurity Lifehacks
Malware Trends Report: Q3, 2024
Content
SummaryTop Malware Types in Q3 2024 Top Malware Families in Q3 2024 Top
MITRE ATT&CK techniques in Q3 2024Report methodology About ANY.RUN
RECENT POSTS
* MALWARE TRENDS REPORT: Q3, 2024
1906 0
* MALWARE ANALYSIS REPORT IN ONE CLICK
7434 0
* CYBER INFORMATION GATHERING: TECHNIQUES
AND TOOLS FOR EFFECTIVE THREAT RESEARCH
537 0
HomeCybersecurity Lifehacks
Malware Trends Report: Q3, 2024
We’re excited to share ANY.RUN‘s latest malware trends analysis for Q3 2024.
Our quarterly update provides insights into the most widely deployed malware
families, types, and TTPs we saw during the last 3 months of the year.
SUMMARY
Users launched over 1M sandbox sessions in Q3 2024
In Q3 2024, ANY.RUN users ran 1,090,457 public interactive analysis sessions,
which is a 23.7% increase from Q2 2024. Out of these, 211,770 (19.4%) were
marked as malicious, and 47,375 (4.3%) as suspicious.
Compared to the previous quarter, the percentage of malicious sandbox sessions
increased slightly from 18.4% in Q2 2024 to 19.4% in Q3 2024. The share of
suspicious sessions saw a decline from 7.0% to 4.3%.
As for indicators of compromise, users collected a total of 570,519,029 IOCs
this quarter.
Collect threat intel on the latest malware and phishing campaigns with TI
Lookup
Get 20 free requests
TOP MALWARE TYPES IN Q3 2024
Stealers dominated the threat landscape in Q3 2024
Let’s take a closer look at the most common malware types identified by
ANY.RUN’s sandbox.
* Stealer: 16,511
* Loader: 8,197
* RAT: 7,191
* Ransomware: 5,967
* Miner: 3,880
* Keylogger: 3,172
* Backdoor: 811
* Installer: 640
* Trojan: 507
Compared to Q1 and Q2 of 2024, the ANY.RUN sandbox saw a significant increase in
the detection of malware in Q3. A major reason for this is the growing number of
public samples being uploaded by our 500,000-strong community of security
analysts. Our team is also continuously improving the service’s capabilities,
resulting in broader threat coverage.
TOP MALWARE TYPES: HIGHLIGHTS
In Q3, Stealers were the most common malware type detected, returning to the
first spot since the start of the year after falling to the fourth place in Q2.
They saw a serious rise in detections, reaching 16,511 in Q3.
Loaders maintained a strong presence, securing the second position for another
quarter in a row. Their detections have seen a 49% rise from 5,492 to 8,197.
After leading in Q2, RATs dropped to the third spot, with 7,191 detections.
Trojan and Installer malware experienced a substantial decrease, shedding 3,704
and 2,466 detections correspondingly. Ransomware increased by 3,021, indicating
a rise in this type of threat.
TOP MALWARE FAMILIES IN Q3 2024
Lumma, AsyncRAT and Remcos became top threats in Q3 2024
* Lumma: 4,140
* AsyncRAT: 3,053
* Remcos: 2,548
* Agent Tesla: 2,316
* XWorm: 2,188
* Stealc: 2,030
* Snake: 1,782
* MetaStealer: 1,663
* Cobalt Strike: 1,262
TOP MALWARE FAMILIES: HIGHLIGHTS
In Q3 2024, the malware landscape saw notable shifts. Despite not being present
on the Q2 ranking, Lumma emerged as the leading threat, recording 4,140
instances.
AsyncRAT went from 670 detections in Q2 to 3,053 in Q3, followed by Remcos whose
detections almost doubled from 1,282 to 2,548.
Agent Tesla also showed an increase, jumping from 439 detections to 2,316, which
is still more than its Q4 2023 result, when it topped the malware families
chart.
Several new families made their debut in Q3, including XWorm with 2,188
detections and Stealc with 2,030.
LEARN TO TRACK EMERGING CYBER THREATS
Check out expert guide to collecting intelligence on emerging threats with TI
Lookup
Read full guide
TOP MITRE ATT&CK TECHNIQUES IN Q3 2024
Disable Windows Event Logging became top TTP in Q3 2024
The MITRE ATT&CK framework categorizes adversary behavior into tactics and
techniques, helping malware analysts more efficiently identify, assess, and
respond to threats.
Here are the top 20 techniques observed in Q3 2024:
# MITRE ATT&CK Technique № of detections 1 Impair Defenses: Disable
Windows Event Logging, T1562.002 63,027 2 Command and Scripting
Interpreter: PowerShell, T1059.001 46,155 3 Command and Scripting
Interpreter: Windows Command Shell, T1059.003 41,384 4 Masquerading: Rename
System Utilities, T1036.003 41,254 5 Virtualization/Sandbox Evasion: Time
Based Evasion, T1497.003 39,021 6 Boot or Logon Autostart Execution:
Registry Run Keys / Startup Folder, T1547.001 23,937 7 System Binary Proxy
Execution: Rundll32, T1218.011 21,896 8 Scheduled Task/Job: Scheduled Task,
T1053.005 16,718 9 Masquerading: Match Legitimate Name or Location,
T1036.005 15,594 10 Phishing: Spearphishing Link, T1566.002 15,110 11
Credentials from Password Stores: Credentials from Web Browsers, T1555.003
14,723 12 System Services: Service Execution, T1569.002 14,257 13 Email
Collection: Local Email Collection, T1114.001 10,807 14 Create or Modify
System Process: Systemd Service, T1543.002 10,558 15 Scheduled Task/Job:
Systemd Timers, T1053.006 10,558 16 Impair Defenses: Disable or Modify
Tools, T1562.001 6,917 17 Command and Scripting Interpreter: Unix Shell
T1059.004 6,634 18 Command and Scripting Interpreter: Visual Basic
T1059.005 6,602 19 Software Discovery: Security Software Discovery
T1518.001 6,258 20 Virtualization/Sandbox Evasion: System Checks T1497.001
6,003
TOP TTPS: Q3 2024 VS Q2 2024
The first three spots were taken accordingly by:
* T1562.002, Impair Defenses: Disable Windows Event Logging — new entry.
* T1059.001: Command and Scripting Interpreter: PowerShell — up from the 7th
spot in Q2.
* T1059.003, Command and Scripting Interpreter: Windows Command Shell — rose
from the 6th spot, nearly doubling in detections.
The worthy mentions:
* T1114.001, Local Email Collection, was pushed down from the top spot in Q2 to
the 13th position with 10,807 detections.
* T1036.003, Rename System Utilities, dropped from the 3d spot in the previous
quarter to 4th, registering 41,254 instances.
* T1497.003, Time Based Evasion, despite falling to the 5th spot from 2nd in
Q2, saw an increase in detections, bringing the figure to 39,021.
REPORT METHODOLOGY
For our report, we looked at data from 1,090,457 interactive analysis sessions.
This information comes from researchers in our community who contributed by
running public analysis sessions in ANY.RUN.
ABOUT ANY.RUN
ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our
interactive sandbox simplifies malware analysis of threats that target both
Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA
Search and Feeds, help you find IOCs or files to learn more about the threats
and respond to incidents faster.
Integrate ANY.RUN’s services in your organization →
Share post
TwitterRedditLinkedIn
What do you think about this post?
3 answers
* Awful
* Average
* Great
Submit Rating
No votes so far! Be the first to rate this post.
Free malware research with ANY.RUN
Start Now!
CANCEL REPLY
Comment
Name
Email
Save my name and email in this browser for the next time I comment.
Cancel
0 comments
YOU MAY ALSO LIKE
Cybersecurity Lifehacks
MALWARE ANALYSIS REPORT IN ONE CLICK
October 21, 2024 7434 views 6 min read
Cybersecurity Lifehacks
CYBER INFORMATION GATHERING: TECHNIQUES
AND TOOLS FOR EFFECTIVE THREAT RESEARCH
October 16, 2024 537 views 7 min read
Service Updates
ANY.RUN’S UPGRADED LINUX SANDBOX
FOR FAST AND SECURE MALWARE ANALYSIS
October 15, 2024 650 views 9 min read
Service Updates
PRIVATE AI ASSISTANT FOR MALWARE ANALYSIS
IN ANY.RUN SANDBOX
October 9, 2024 1414 views 4 min read
Malware Analysis Report in One Click
Privacy Policy
--------------------------------------------------------------------------------
Cookie Policy
--------------------------------------------------------------------------------
Contact Us
Copyright © 2024. ANY.RUN All rights reserved.
* Register for free
* Guides and Tutorials
* Featured posts
* Malware Analysis in ANY.RUN:
The Ultimate Guide
* Raccoon Stealer 2.0 Malware analysis
* How to Get Free Malware Samples and Reports
* Categories
* Analyst Training
* Cybersecurity Lifehacks
* Instructions on ANY.RUN
* Interviews
* Malicious History
* Malware Analysis
* News
* Service Updates
* Write for us
* Authors
* Go to service
* Register for free
WE VALUE YOUR PRIVACY
We use cookies to enhance your browsing experience, serve personalized content
and to analyze our traffic. By clicking "Accept All", you consent to our use of
cookies. Cookie Policy
Accept AllReject All
Customize