{"id":11872,"date":"2025-02-27T13:54:30","date_gmt":"2025-02-27T13:54:30","guid":{"rendered":"\/cybersecurity-blog\/?p=11872"},"modified":"2025-09-03T13:13:05","modified_gmt":"2025-09-03T13:13:05","slug":"indicators-in-ti-feeds","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/","title":{"rendered":"Enriching ANY.RUN&#8217;s TI Feeds with Unique IOCs: How It Works"},"content":{"rendered":"\n<p>Threat Intelligence Feeds from <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_iocs&amp;utm_term=270225&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> provide a continuously-updated stream of the latest indicators of compromise. They enable SOC teams to quickly detect and mitigate attacks, including emerging malware and persistent threats.<\/p>\n\n\n\n<p>But how do ANY.RUN&#8217;s feeds get enriched with fresh and, most importantly, unique indicators?<\/p>\n\n\n\n<p>Let&#8217;s find out.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN\u2019s Threat Intelligence Feeds<\/h2>\n\n\n\n<p>ANY.RUN&#8217;s <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence (TI) Feeds<\/a> offer an extensive collection of Indicators of Compromise (<a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>) designed to enhance the threat detection capabilities of clients&#8217; security systems. These feeds provide detailed information beyond the basics, including malicious IPs, URLs, domains. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Where does this data come from? <\/h3>\n\n\n\n<p>An international community of over 500,000 researchers and cybersecurity pros who upload and analyze real-world malware and phishing samples every day to ANY.RUN\u2019s\u00a0<a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=inside_ti_feeds&amp;utm_term=161224&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">submissions repository<\/a>.<\/p>\n\n\n\n<p>With TI Feeds from ANY.RUN,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-for-organizational-performance\/\" target=\"_blank\" rel=\"noreferrer noopener\">organizations can<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expand and speed up threat hunting with enriched up-to-date indicators<\/li>\n\n\n\n<li>Enhance alert triage and prioritize most urgent issues&nbsp;<\/li>\n\n\n\n<li>Improve incident response thanks to better understanding threats and their behaviors<\/li>\n\n\n\n<li>Proactively defend against new and evolving threats&nbsp;&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGive <span class=\"highlight\">TI Feeds from ANY.RUN<\/span> a try<br>Start with a free demo sample in STIX or MISP&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=ti_feeds_iocs&#038;utm_term=270225&#038;utm_content=linktofeeds\" rel=\"noopener\" target=\"_blank\">\nIntegrate via API\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">IOCs Provided by ANY.RUN TI Feeds&nbsp;<\/h2>\n\n\n\n<p>TI Feeds contain indicators along with additional info like the threat score, which signals IOCs&#8217; reliability:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>100: Highly reliable<\/li>\n\n\n\n<li>50: Suspicious<\/li>\n\n\n\n<li>75: Trustworthy<\/li>\n<\/ul>\n\n\n\n<p>Here are the indicators you can find in ANY.RUN&#8217;s TI Feeds.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IP addresses<\/h3>\n\n\n\n<p>Compromised IPs instantly signal of cybercriminal operations, they are often linked to Command-and-Control (C2) servers or phishing campaigns. By analyzing IP addresses, cybersecurity teams can proactively block malicious traffic and analyze attack patterns and tactics.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Domains&nbsp;&nbsp;<\/h3>\n\n\n\n<p>Domains provide a higher-level view of malicious activity, often connecting multiple IPs or malware instances within a single campaign.&nbsp;ANY.RUN\u2019s TI Feeds provide comprehensive information about domains, including all the details available for IP addresses, such as threat names, types, detection timestamps, and related file hashes.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">URLs&nbsp;&nbsp;<\/h3>\n\n\n\n<p>URL addresses serve as gateways to distribute malware, execute phishing campaigns, or redirect users to malicious content.&nbsp;By analyzing URLs, cybersecurity teams can uncover attack patterns, block harmful traffic, and prevent unauthorized access to systems and data.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How ANY.RUN&#8217;s TI Feeds Are Enriched with Unique IOCs&nbsp;<\/h2>\n\n\n\n<p>There are several features of Threat Intelligence Feeds that make them stand out, one of them is the way we collect indicators. Here are the two methods we use to get the latest and the most accurate indicators that cannot be found elsewhere.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IOCs Extracted from Malware Configurations&nbsp;<\/h3>\n\n\n\n<p>Configurations are a crucial part of any malware sample. They contain hardcoded IOCs such as command and control (C2) server addresses, encryption keys, and specific attack parameters. ANY.RUN&#8217;s Interactive Sandbox can automatically extract configs for dozens of malware families and pull out these valuable indicators.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/e5a0cb58-0b0a-4405-b09a-717913115fd3\" target=\"_blank\" rel=\"noreferrer noopener\">Take a look at this sandbox session<\/a>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"686\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-1024x686.png\" alt=\"\" class=\"wp-image-11897\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-1024x686.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-300x201.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-768x514.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-370x248.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-270x181.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip-740x496.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/config_ip.png 1466w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN extracts contents of malware configs<\/em> <em>revealing<\/em> <em>valuable indicators<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>By opening the <em>MalConf<\/em> window we can observe the extracted configuration of an AsyncRAT sample. One of the pieces of data found here is the malicious IP address used by the malware for communication with its C2 server.<\/p>\n\n\n\n<p>ANY.RUN automatically extracts this crucial indicator and sends it to TI Feeds, which then get fed into the clients&#8217; detection systems. This helps them identify the threat early and minimize its potential impact.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nWant to integrate <span class=\"highlight\">TI Feeds from ANY.RUN?<\/span><br>Reach out to us and we&#8217;ll help you set it up&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=ti_feeds_iocs&#038;utm_term=270225&#038;utm_content=linktotiplans\" rel=\"noopener\" target=\"_blank\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">IOCs Detected with Suricata IDS Rules&nbsp;<\/h3>\n\n\n\n<p>Suricata rules focus on identifying patterns in network traffic rather than specific details like IP addresses or domains. This means Suricata can recognize threats even when attackers change their infrastructure. <\/p>\n\n\n\n<p>Thanks to ANY.RUN&#8217;s extensive integration of Suricata IDS for traffic analysis, we can consistently extract fresh network indicators from the newest samples of evolving malware.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/123b1e15-7d9d-4c3d-b04a-963dfaed44eb\/\" target=\"_blank\" rel=\"noreferrer noopener\">Check out this report<\/a>, which shows analysis of a FormBook sample.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"726\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-1024x726.png\" alt=\"\" class=\"wp-image-11894\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-1024x726.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-300x213.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-768x545.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-370x262.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-270x191.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info-740x525.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain_info.png 1358w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Suricata rule triggered after detecting FormBook&#8217;s C2 traffic<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>When we navigate to the Threats tab and click on one of the triggered Suricata rules, we can see that the system has detected a connection to a domain controlled by the attackers.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"609\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-1024x609.png\" alt=\"\" class=\"wp-image-11893\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-1024x609.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-300x178.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-768x457.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-370x220.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-270x160.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain-740x440.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/suricata_domain.png 1361w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>You can see the domain name used by FormBook<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>As you expect, this domain is sent directly to TI Feeds, strengthening our clients&#8217; defense capabilities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Integrate ANY.RUN\u2019s TI Feeds&nbsp;<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"571\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-1024x571.png\" alt=\"\" class=\"wp-image-10402\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-1024x571.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-768x429.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-270x151.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-740x413.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2.png 1430w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN offers demo feeds samples in STIX and MISP formats<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>You can test ANY.RUN\u2019s Threat Intelligence Feeds in STIX and MISP formats by&nbsp;<a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_iocs&amp;utm_term=270225&amp;utm_content=linktofeeds\" target=\"_blank\" rel=\"noreferrer noopener\">getting a free demo sample here<\/a>.&nbsp;<\/p>\n\n\n\n<p>ANY.RUN also runs a dedicated MISP instance that you can synchronize your server with or connect to your security solutions. To get started,&nbsp;<a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_iocs&amp;utm_term=270225&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">contact our team via this page<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p><a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_iocs&amp;utm_term=270225&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helps more than 500,000 cybersecurity professionals worldwide. Our&nbsp;interactive sandbox&nbsp;simplifies malware analysis of threats that target both Windows and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>&nbsp;systems. Our threat intelligence products,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>&nbsp;or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_iocs&amp;utm_term=270225&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">Get a 14-day free trial of ANY.RUN\u2019s Threat Intelligence service \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat Intelligence Feeds from ANY.RUN provide a continuously-updated stream of the latest indicators of compromise. They enable SOC teams to quickly detect and mitigate attacks, including emerging malware and persistent threats. But how do ANY.RUN&#8217;s feeds get enriched with fresh and, most importantly, unique indicators? Let&#8217;s find out. About ANY.RUN\u2019s Threat Intelligence Feeds ANY.RUN&#8217;s Threat [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":11913,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,34,40],"class_list":["post-11872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Enriching ANY.RUN&#039;s TI Feeds with Unique IOCs: How It Works - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how ANY.RUN sources unique indicators of compromise for Threat Intelligence Feeds, helping businesses detect cyber threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Enriching ANY.RUN&#8217;s TI Feeds with Unique IOCs: How It Works\",\"datePublished\":\"2025-02-27T13:54:30+00:00\",\"dateModified\":\"2025-09-03T13:13:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/\"},\"wordCount\":903,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/\",\"name\":\"Enriching ANY.RUN's TI Feeds with Unique IOCs: How It Works - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-02-27T13:54:30+00:00\",\"dateModified\":\"2025-09-03T13:13:05+00:00\",\"description\":\"See how ANY.RUN sources unique indicators of compromise for Threat Intelligence Feeds, helping businesses detect cyber threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enriching ANY.RUN&#8217;s TI Feeds with Unique IOCs: How It Works\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Enriching ANY.RUN's TI Feeds with Unique IOCs: How It Works - ANY.RUN&#039;s Cybersecurity Blog","description":"See how ANY.RUN sources unique indicators of compromise for Threat Intelligence Feeds, helping businesses detect cyber threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Enriching ANY.RUN&#8217;s TI Feeds with Unique IOCs: How It Works","datePublished":"2025-02-27T13:54:30+00:00","dateModified":"2025-09-03T13:13:05+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/"},"wordCount":903,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","malware behavior"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/","url":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/","name":"Enriching ANY.RUN's TI Feeds with Unique IOCs: How It Works - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-02-27T13:54:30+00:00","dateModified":"2025-09-03T13:13:05+00:00","description":"See how ANY.RUN sources unique indicators of compromise for Threat Intelligence Feeds, helping businesses detect cyber threats.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/indicators-in-ti-feeds\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"Enriching ANY.RUN&#8217;s TI Feeds with Unique IOCs: How It Works"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11872"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=11872"}],"version-history":[{"count":64,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11872\/revisions"}],"predecessor-version":[{"id":15722,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11872\/revisions\/15722"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/11913"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=11872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=11872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=11872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}