any.run
Open in
urlscan Pro
172.67.20.89
Public Scan
URL:
https://any.run/cybersecurity-blog/malware-trends-q2-2024/
Submission: On August 01 via api from TR — Scanned from CA
Submission: On August 01 via api from TR — Scanned from CA
Form analysis 4 forms found in the DOM
GET /cybersecurity-blog/
<form class="gridlove-search-form" action="/cybersecurity-blog/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>GET /cybersecurity-blog/
<form class="gridlove-search-form" action="/cybersecurity-blog/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>GET /cybersecurity-blog/
<form class="gridlove-search-form" action="/cybersecurity-blog/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>POST /cybersecurity-blog/wp-comments-post.php
<form action="/cybersecurity-blog/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
<div class="form-heading"></div>
<p class="comment-form-comment"><label for="comment">Comment</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Be the First to Comment!"></textarea></p>
<p class="comment-form-author"><label for="author">Name</label> <input id="author" name="author" type="text" placeholder="Name" value="" size="20" maxlength="64"></p>
<p class="comment-form-email"><label for="email">Email</label> <input id="email" name="email" type="text" placeholder="Email" value="" size="30" maxlength="100"></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name and email in this browser for the next time I
comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" disabled="" value="Submit Comment"> <input type="hidden" name="comment_post_ID" value="8198" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p><button class="cancel-button">Cancel</button>
</form>Text Content
* Register for free
* Guides and Tutorials
* Featured posts
* Malware Analysis in ANY.RUN:
The Ultimate Guide
* Raccoon Stealer 2.0 Malware analysis
* How to Get Free Malware Samples and Reports
* Categories
* Analyst Training
* Cybersecurity Lifehacks
* Instructions on ANY.RUN
* Interviews
* Malicious History
* Malware Analysis
* News
* Service Updates
* Write for us
* Authors
* Go to service
* Register for free
* * Search
* Register for free
* Guides and Tutorials
* Featured posts
* Malware Analysis in ANY.RUN:
The Ultimate Guide
* Raccoon Stealer 2.0 Malware analysis
* How to Get Free Malware Samples and Reports
* Categories
* Analyst Training
* Cybersecurity Lifehacks
* Instructions on ANY.RUN
* Interviews
* Malicious History
* Malware Analysis
* News
* Service Updates
* Write for us
* Authors
* Go to service
* Register for free
* * Search
* * Search
*
Cybersecurity Lifehacks
MALWARE TRENDS REPORT: Q2, 2024
July 11, 2024 Add comment 2334 views 5 min read
HomeCybersecurity Lifehacks
Malware Trends Report: Q2, 2024
Content
Summary Top Malware Types in Q2 2024 Top Malware Families in Q2 2024 Top MITRE
ATT&CK techniques in Q2 2024 Report methodology About ANY.RUN
RECENT POSTS
* BRIEF OVERVIEW OF THE DEERSTEALER DISTRIBUTION CAMPAIGN
223 0
* WHAT ARE TTPS: TACTICS, TECHNIQUES
AND PROCEDURES
185 0
* COLLECT AND USE IOCS FROM MALWARE CONFIGS
IN TI LOOKUP
265 0
HomeCybersecurity Lifehacks
Malware Trends Report: Q2, 2024
We’re excited to share ANY.RUN‘s latest malware trends analysis for Q2 2024! Our
quarterly update provides insights into the most widely deployed malware
families, types, and TTPs we saw during the last 3 months of the year.
Users launched over 800k sandbox sessions in Q2 2024
SUMMARY
In Q2 2024, ANY.RUN users ran 881,466 public interactive analysis sessions,
which is a 0.5% increase from Q1 2024. Out of these, our data marks 162,258
(18.4%) as malicious, and 61,619 (7.0%) — suspicious.
Compared to last quarter, the percentage of malicious tasks increased slightly
from 17.8% in Q1 2024 to 18.4% in Q2 2024. The share of suspicious tasks also
saw a big increase from 3.5% to 7.0%.
As for IOCs, users collected a total of 351,423,662 IOCs this quarter, and
73,233,314 (20.8%) of them were unique.
RATs continue to dominate the threat landscape
TOP MALWARE TYPES IN Q2 2024
Let’s take a closer look at the most common malware types identified by
ANY.RUN’s sandbox.
* RAT: 5868
* Loader: 5492
* Trojan: 4211
* Stealer: 3640
* Installer: 3106
* Ransomware: 2946
* Keylogger: 1343
* Backdoor: 326
* Miner: 290
Let us show you how ANY.RUN can help your SOC team – book a call with us
TOP MALWARE TYPES: HIGHLIGHTS
In Q2 2024, there were big shifts in the malware landscape compared to the
previous quarter. RATs have taken the lead as the most prevalent malware type,
with 5,868 detections. This is an increase from Q1 2024, where RATs were in
second place with 4,956 detections.
Loaders maintained a strong presence, slightly increasing from 4,770 in Q1 to
5,492 in Q2, securing the second position. Trojans made a notable entry into the
top three with 4,211 detections.
Stealers, which were the most common threat in Q1 with 5,799 detections, have
dropped to fourth place with 3,640 detections in Q2. This represents a decrease
of 37.2% in stealer activity.
A new category, Installers, appeared in the top five with 3,106 detections.
Ransomware detections decreased from 4,065 in Q1 to 2,946 in Q2, a 27.5%
reduction, moving it to sixth place.
Keylogger detections remained relatively stable, with a slight decrease from
1,682 in Q1 to 1,343 in Q2. Backdoor and Miner detections saw minor changes,
maintaining their positions at the bottom of the list with 326 and 290
detections respectively.
RedLine, Remcos, and NjRAT became top threats in Q2 2024
TOP MALWARE FAMILIES IN Q2 2024
* RedLine: 3411
* Remcos: 1282
* NjRAT: 1139
* AsyncRAT: 670
* Qbot: 592
* Formbook: 575
* Vidar: 517
* Amadey: 454
* AgentTesla: 439
* DCRat: 299
In Q2 2024, RedLine has made a dramatic comeback, surging to the top spot with
3,411 instances. This represents a 379% increase from its fifth-place position
in Q1 (712 instances), making it by far the most prevalent threat this quarter.
* Remcos, which led in Q1 with 1,817 instances, has dropped to second place
with 1,282 instances – a 29.4% decrease.
* NjRAT maintained its third-place position, with a slight decrease from 1,219
to 1,139 instances.
* AsyncRAT saw a considerable drop, with 670 instances, a 42% decrease from its
1,155 detections in Q1.
* Qbot has emerged as a new entrant in the top 5, securing the fifth position
with 592 instances.
* Formbook and Vidar have both moved up in the rankings, now occupying the
sixth and seventh spots respectively.
* AgentTesla, which was the second most prevalent malware in Q1 with 1,739
instances, has dramatically fallen to ninth place with only 439 instances,
marking a 74.8% decrease.
* DCRat rounds out the top 10, showing a slight decrease from 388 to 299
instances but maintaining its presence in the list.
Email collection and sandbox evasion remain top TTPs
TOP MITRE ATT&CK TECHNIQUES IN Q2 2024
The MITRE ATT&CK framework categorizes adversary behavior into tactics and
techniques, helping malware analysts more efficiently identify, assess, and
respond to threats. Here are the top 20 techniques observed in Q2 2024:
# MITRE ATT&CK Technique № of detections 1 Email Collection: Local Email
Collection, T1114.001 36,690 2 Virtualization/Sandbox Evasion: Time Based
Evasion, T1497.003 33,494 3 Masquerading: Rename System Utilities, T1036.003
24,726 4 Scheduled Task/Job: Scheduled Task, T1053.005 22,939 5 System
Binary Proxy Execution: Rundll32, T1218.011 21,468 6 Command and Scripting
Interpreter: Windows Command Shell, T1059.003 20,911 7 Command and Scripting
Interpreter: PowerShell, T1059.001 20,907 8 Boot or Logon Autostart
Execution: Registry Run Keys / Startup Folder, T1547.001 14,335 9 System
Services: Service Execution, T1569.002 10,922 10 Masquerading: Match
Legitimate Name or Location, T1036.005 8,775 11 Command and Scripting
Interpreter: Unix Shell, T1059.004 5,269 12 Scheduled Task/Job: Cron,
T1053.006 5,118 13 File Execution: Exploitation for Client Execution,
T1543.002 5,118 14 Command and Scripting Interpreter: Visual Basic,
T1059.005 5,089 15 Impair Defenses: Disable or Modify Tools, T1562.001
3,783 16 Virtualization/Sandbox Evasion: System Checks, T1497.001 3,736 17
Event Triggered Execution: XDG Autostart Entries, T1546.015 3,715 18 File and
Directory Permissions Modification: Windows File and Directory Permissions
Modification, T1222.001 3,173 19 Obfuscated Files or Information: Software
Packing, T1027.002 2,724 20 Hide Artifacts: Hidden Window, T1564.003 2,622
* T1114.001 (Email Collection: Local Email Collection) retained its top
position, with a slight increase from 32,967 to 36,690 detections.
* T1497.003 (Virtualization/Sandbox Evasion: Time Based Evasion) remained in
second place, with detections increasing from 24,949 to 33,494.
* T1053.005 (Scheduled Task/Job: Scheduled Task) saw a dramatic rise, jumping
from the 11th position with 5,025 detections in Q1 to the 4th position with
22,939 detections in Q2 – that’s a 356% increase.
* T1059.003 (Command and Scripting Interpreter: Windows Command Shell) dropped
from 4th to 6th place showing similar detection numbers around 20,000.
* T1053.006 (Scheduled Task/Job: Cron), a new technique, appeared in the 12th
position with 5,118 detections.
REPORT METHODOLOGY
For our report, we looked at data from 881,466 interactive analysis sessions.
This information comes from researchers in our community who contributed by
running public analysis sessions in ANY.RUN.
ABOUT ANY.RUN
ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our
interactive sandbox simplifies malware analysis of threats that target both
Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara
Search and Feeds, help you find IOCs or files to learn more about the threats
and respond to incidents faster.
ADVANTAGES OF ANY.RUN
ANY.RUN helps you analyze threats faster while improving detection rates. The
platform detects common malware families with YARA and Suricata rules and
identifies malware behavior with signatures when detection by family is not
possible.
With ANY.RUN you can:
* Detect malware in under 40s.
* Interact with samples in real time.
* Save time and money on sandbox setup and maintenance
* Record and study all aspects of malware behavior.
* Collaborate with your team
* Scale as you need.
Get in touch with our Sales team →
Share post
TwitterRedditLinkedIn
ANYRUN cybersecurity malware analysis
What do you think about this post?
3 answers
* Awful
* Average
* Great
Submit Rating
No votes so far! Be the first to rate this post.
Free malware research with ANY.RUN
Start Now!
CANCEL REPLY
Comment
Name
Email
Save my name and email in this browser for the next time I comment.
Cancel
0 comments
YOU MAY ALSO LIKE
Malware Analysis
BRIEF OVERVIEW OF THE DEERSTEALER DISTRIBUTION CAMPAIGN
July 31, 2024 223 views 5 min read
Cybersecurity Lifehacks
WHAT ARE TTPS: TACTICS, TECHNIQUES
AND PROCEDURES
July 30, 2024 185 views 10 min read
Service Updates
COLLECT AND USE IOCS FROM MALWARE CONFIGS
IN TI LOOKUP
July 29, 2024 265 views 4 min read
Uncategorized
SEE MALICIOUS PROCESS RELATIONSHIPS
ON A VISUAL GRAPH
July 25, 2024 381 views 4 min read
A Guide to Common Encryption Algorithms in Modern Malware
Privacy Policy
--------------------------------------------------------------------------------
Cookie Policy
--------------------------------------------------------------------------------
Contact Us
Copyright © 2024. ANY.RUN All rights reserved.
* Register for free
* Guides and Tutorials
* Featured posts
* Malware Analysis in ANY.RUN:
The Ultimate Guide
* Raccoon Stealer 2.0 Malware analysis
* How to Get Free Malware Samples and Reports
* Categories
* Analyst Training
* Cybersecurity Lifehacks
* Instructions on ANY.RUN
* Interviews
* Malicious History
* Malware Analysis
* News
* Service Updates
* Write for us
* Authors
* Go to service
* Register for free
WE VALUE YOUR PRIVACY
We use cookies to enhance your browsing experience, serve personalized content
and to analyze our traffic. By clicking "Accept All", you consent to our use of
cookies. Cookie Policy
Accept AllReject All
Customize