{"id":11992,"date":"2025-03-05T11:12:10","date_gmt":"2025-03-05T11:12:10","guid":{"rendered":"\/cybersecurity-blog\/?p=11992"},"modified":"2025-11-13T09:21:05","modified_gmt":"2025-11-13T09:21:05","slug":"how-transport-company-monitors-threats","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/","title":{"rendered":"How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks\u00a0"},"content":{"rendered":"\n<p>How can security teams effectively monitor evolving attacks and stay ahead of constantly shifting attacker infrastructure? We spoke with a chief information security officer at a transport company about how they use subscriptions to <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-lookup-notifications\/\" target=\"_blank\" rel=\"noreferrer noopener\">Query Updates<\/a> in <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> to tackle this challenge.\u00a0<\/p>\n\n\n\n<p>Here\u2019s what we learned.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Company Info&nbsp;<\/h2>\n\n\n\n<p>Without getting into any specifics, our company operates in the transportation sector, managing logistics across North America, Latin America, and Europe. Right now, the IT security team is at 30 professionals and as the CISO I\u2019m responsible for overseeing strategic planning, risk management, and operations. Speaking of our use of <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s products<\/a>, currently we have licenses for both the Interactive Sandbox and <a href=\"https:\/\/intelligence.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>.&nbsp;<\/p>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">What is Threat Intelligence Lookup<\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <p>\nTI Lookup from ANY.RUN provides a searchable database of over 40 types of indicators of compromise, attack, and behavior. The new data is extracted from thousands of public malware and phishing samples analyzed in ANY.RUN\u2019s Interactive Sandbox every day.\n<\/p>\n<p>\nSince all threats are executed in virtual machines, ANY.RUN takes a comprehensive snapshot of activities recorded during analysis, from network traffic file and paths to registry modifications and mutexes.\n<\/p>\n<p> <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\">Learn more \u2192 <\/a>\n<\/p>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n\n<h2 class=\"wp-block-heading\">Key Security Challenges Faced&nbsp;<\/h2>\n\n\n\n<p>I\u2019d say the entire transportation industry rests on email correspondence. Our company, despite being no match to giants like DHL, still has thousands of clients, contractors, and suppliers that we need to communicate with daily. Naturally, even a small email security slip-up, like exposing a few messages, could create major problems across the board. And attackers know this, too.&nbsp;<\/p>\n\n\n\n<p>That\u2019s why we pour a good chunk of the team\u2019s resources into threat hunting and ensuring we have a grasp of the current threat landscape. We\u2019re constantly monitoring for the <a href=\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\" target=\"_blank\" rel=\"noreferrer noopener\">recent attacks<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/investigating-phishing-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">phishing scams<\/a>, malware campaigns, new CVEs, anything that may somehow be of concern to us. Of course, we can&#8217;t gobble up intel on every single threat out there, so we narrow it down to what\u2019s relevant for our industry, and some of the core clients\u2019 industries.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Where TI Lookup Fits in the Threat Hunting Strategy&nbsp;<\/h2>\n\n\n\n<p>Like any good security setup, we break ours down into areas. TI Lookup adds value pretty much evenly across all of them, from checking indicators as part of triage to discovering threat context in incident response.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Yet, if we\u2019re talking about threat hunting, we <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-lookup-notifications\/\" target=\"_blank\" rel=\"noreferrer noopener\">subscribe to Search Updates in TI Lookup<\/a> to keep up with the changes in ongoing cyber attacks and automate the collection of new <a href=\"https:\/\/any.run\/cybersecurity-blog\/malconf-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">indicators of compromise<\/a> (IOCs) and threat samples. Let me explain how it works.&nbsp;<\/p>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">Search Updates in TI Lookup\u00a0<\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <p>\nTI Lookup users can subscribe to custom search queries to receive timely updates on relevant Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and Indicators of Behavior (IOBs) belonging to the threats of their interest.\u00a0\n<\/p>\n<p> <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-lookup-notifications\/\">Learn more \u2192 <\/a>\n<\/p>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n\n<p>Our threat hunting team is tasked with:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitoring the current threat landscape&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gathering data on the threats that are relevant to us&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Converting the data into actionable signatures and detection rules&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>There are several sources for such data, with publicly available research and reports published by other companies being the most common one. The problem here is that attackers constantly shift infrastructure \u2013 C2 servers might cycle IPs every 48 hours. So, relying on the indicators we find in public reports can do only so much. And that is precisely the detection gap that Search Updates in TI Lookup help to bridge.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"561\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-1024x561.png\" alt=\"\" class=\"wp-image-11997\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-1024x561.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-300x164.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-768x421.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-1536x841.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-2048x1122.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-370x203.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-270x148.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image-2-740x405.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup lets users receive result updates on queries of their interest<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Subscribing to Query Updates in TI Lookup allows us to use <strong>more stable indicators of behavior <\/strong>(IOBs)<strong> <\/strong>to track all the latest changes in specific attacks and see if they are still ongoing. IOBs are things like the tools used by attackers, the kill chain techniques, and infection traces on the system such as created directories, file names and types, etc. The things that do not tend to expire as fast as <strong>short-lived<\/strong> network infrastructure of attackers or hashes.\u00a0<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"678\" height=\"723\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image2-2.png\" alt=\"\" class=\"wp-image-11999\" style=\"width:273px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image2-2.png 678w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image2-2-281x300.png 281w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image2-2-370x395.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image2-2-270x288.png 270w\" sizes=\"(max-width: 678px) 100vw, 678px\" \/><figcaption class=\"wp-element-caption\"><em>Query updates are displayed in the left-side menu with the number of new results next to them<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<p>Essentially, with TI Lookup, we can put several IOBs related to a single attack together and use them in a search query to get notified about the latest samples and IOCs, which the threat hunting team can process and turn into detection rules.&nbsp;<\/p>\n\n\n\n<p>The result is that we can follow active threats that may potentially target our company almost in real time because TI Lookup is updated every few hours with fresh data.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nCollect intelligence on the latest cyber attacks <br>with<span class=\"highlight\"> ANY.RUN&#8217;s TI Lookup<\/span>&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=transport_company_story&#038;utm_term=050325&#038;utm_content=linktotiplans\" rel=\"noopener\" target=\"_blank\">\nGet 50 requests to test it\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Some of the Use Cases for Search Updates&nbsp;<\/h2>\n\n\n\n<p>Our current collection of query subscriptions is well beyond a hundred entries. I will try to give you a few general types of threats that we tend to add to it and some of the examples.&nbsp;&nbsp;<\/p>\n\n\n\n<p>At the moment we subscribe to well over a hundred search queries. To give you an idea of what we monitor, I\u2019ll give you a couple of common threats we tend to follow.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Geo-Targeted Threats&nbsp;&nbsp;<\/h3>\n\n\n\n<p>While our HQ is in the United States, we have several local offices, which also become extensively targeted with cyber attacks. Search Updates make it easier for us to track several types of threats occurring in a specific country.&nbsp;<\/p>\n\n\n\n<p>For example, we make sure to check for new samples of email-distributed <a href=\"https:\/\/any.run\/malware-trends\/stealer\" target=\"_blank\" rel=\"noreferrer noopener\">infostealers<\/a> in Colombia:&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktoservice#%257B%2522query%2522:%2522submissionCountry:%255C%2522co%255C%2522%2520AND%2520threatName:%255C%2522stealer%255C%2522%2520AND%2520filePath:%255C%2522.eml%255C%2522%2520OR%2520filePath:%255C%2522.msg%255C%2522%2522,%2522dateRange%2522:180%257D\" target=\"_blank\" rel=\"noreferrer noopener\">submissionCountry:&#8221;co&#8221; AND threatName:&#8221;stealer&#8221; AND filePath:&#8221;.eml&#8221; OR filePath:&#8221;.msg&#8221;<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-1024x579.png\" alt=\"\" class=\"wp-image-12002\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-1024x579.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-768x434.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-1536x869.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1-740x419.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image3-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup displays the latest public sandbox analyses featuring infostealers together with .msg and .eml files<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>For this query, we get several updates almost every week.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-1024x566.png\" alt=\"\" class=\"wp-image-12004\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-1024x566.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-768x424.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-1536x849.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4-740x409.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image4.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>One of the samples returned by TI Lookup involved <\/em><a href=\"https:\/\/any.run\/malware-trends\/asyncrat\" target=\"_blank\" rel=\"noreferrer noopener\"><em>AsyncRAT<\/em><\/a><em> sample<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>We check the new samples and see if they have anything of value and if so, use the indicators extracted by the sandbox to make signatures to scan the company\u2019s infrastructure for any matching threats.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Common Vulnerabilities and Exposures (CVEs)&nbsp;<\/h3>\n\n\n\n<p>Another top concern on any threat hunters\u2019 list is CVEs, both old and new. One of the recent examples is CVE-2025-21298, the vulnerability where simply previewing a malicious .rtf document in Outlook leads to remote code execution and system compromise.&nbsp;<\/p>\n\n\n\n<p>As soon as we learned about it, we made sure to go to TI Lookup and sign up for a query that would provide us with relevant samples in case any attackers decided to abuse this vulnerability.&nbsp;<\/p>\n\n\n\n<p>In the query, we combined the file type (rtf) with Outlook, used the attc-doc (document attachment) tag, and excluded pdfs:&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktoservice#%257B%2522query%2522:%2522fileEventPath:%255C%2522rtf$%255C%2522%2520AND%2520commandLine:%255C%2522outlook.exe%255C%2522%2520and%2520threatName:%255C%2522attc-doc%255C%2522%2520AND%2520NOT%2520threatName:%255C%2522attc-pdf%255C%2522%2522,%2522dateRange%2522:180%257D\" target=\"_blank\" rel=\"noreferrer noopener\">fileEventPath:&#8221;rtf$&#8221; AND commandLine:&#8221;outlook.exe&#8221; and threatName:&#8221;attc-doc&#8221; AND NOT threatName:&#8221;attc-pdf&#8221;<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"551\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-1024x551.png\" alt=\"\" class=\"wp-image-12006\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-1024x551.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-300x161.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-768x413.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-1536x827.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-370x199.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-270x145.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5-740x398.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image5.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The Events tab in TI Lookup provides a list of command line logs recorded across relevant sandbox sessions<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>As a result, we now can minimize the manual research on this threat and in case an actual attack with this CVE is uploaded to TI Lookup, we\u2019ll be notified about it.&nbsp;<\/p>\n\n\n\n<p>Another thing that I think is worth mentioning here is that this CVE is a great example of how flexible TI Lookup can be. Despite not having a specific tag for this threat, we were able to make up for that by using the big selection of search parameters.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Credential-Theft Attacks&nbsp;&nbsp;<\/h3>\n\n\n\n<p>Given phishing is by far the top threat our company faces, one of the most common types of it is fake credential-stealing forms.&nbsp;<\/p>\n\n\n\n<p>There is a campaign that has been going for a while, where attackers send emails that contain links to fake Microsoft 365 pages. The catch is that the malicious domain names are designed to masquerade as legit Microsoft ones. One of the standout things here is the use of \u201c0\u201d and \u201co\u201d before \u201c365\u201d. Needless to say, the Search Updates feature does a great job letting us know about the new domains and actual examples of these attacks.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktoservice#%7B%2522query%2522:%2522domainName:%255C%2522o365.%255C%2522%2520OR%2520domainName:%255C%2522.o365%255C%2522%2520OR%2520domainName:%255C%25220365.%255C%2522%2520OR%2520domainName:%255C%2522.0365%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">domainName:&#8221;o365.&#8221; OR domainName:&#8221;.o365&#8243; OR domainName:&#8221;0365.&#8221; OR domainName:&#8221;.0365&#8243;<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-1024x584.png\" alt=\"\" class=\"wp-image-12011\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-1024x584.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-768x438.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-1536x876.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6-740x422.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image6.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup lists all the matching domains found across relevant sandbox sessions<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>The team collects new domains and email samples and improves detection of any possible phishing attempts against our own infrastructure.&nbsp;<\/p>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"Enrich your threat knowledge with TI Lookup\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Enrich your threat knowledge with TI Lookup<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nLearn about TI Lookup and its capabilities to see how it can contribute to <span class=\"highlight\">your company&#8217;s security<\/span>\n\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\"><div class=\"cta__split-link\">Explore more<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Query Updates Hacks\u00a0<\/h2>\n\n\n\n<p>The thing that\u2019s not related to Query Updates per se but is still of huge help is the <a href=\"https:\/\/any.run\/cybersecurity-blog\/search-operators-and-wildcards-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">wildcards<\/a>. It really adds flexibility to the searches, so we potentially set up queries to be more specific and general, depending on the indicators we use for a threat.\u00a0<\/p>\n\n\n\n<p>Just last week, we subscribed to a query for a new campaign where attackers use website addresses that start with &#8220;google.com&#8221; but then have random strings of characters afterwards.&nbsp;<\/p>\n\n\n\n<p>To get the newest variants of these domains, we added the &#8220;?&#8221; wildcard to the query \u2013 which stands for any single character. We used four question marks to account for the random part of the domain.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktoservice#%7B%2522query%2522:%2522domainName:%255C%2522google.com.????%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">domainName:&#8221;google.com.????&#8221;<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"603\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-1024x603.png\" alt=\"\" class=\"wp-image-12013\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-1024x603.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-300x177.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-768x452.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-1536x904.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-370x218.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-270x159.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1-740x436.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/image7-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Each of the domains can be explored further in the sandbox sessions where they were logged<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Query Updates let us know every time a matching fake domain is added to TI Lookup\u2019s database.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Impact on Security&nbsp;<\/h2>\n\n\n\n<p>In terms of company\u2019s security, TI Lookup provides us with some of the latest threat intelligence we can get. We can apply it immediately while indicators are still active to identify threats and protect the organization\u2019s infrastructure in advance.&nbsp;<\/p>\n\n\n\n<p>It also improves our awareness of the threat landscape, letting us track a wider array of attacks. We now have more data on a broader pool of threats than ever before and can identify the ones that are still ongoing and those that are no longer active.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Impact on Operations&nbsp;<\/h2>\n\n\n\n<p>If we\u2019re talking about the team\u2019s performance, the productivity definitely went up after we began using Query Subscriptions. Back in the day, we had to allocate a lot of time and staff to follow up on attacks that were relevant to us. This was a lot of manual work. I\u2019m not saying that we no longer do it, but receiving Search Updates definitely made the process much easier.&nbsp;&nbsp;<\/p>\n\n\n\n<p>We now get automated updates and can actually focus on more threats than before, because we no longer need to rely on guesswork in deciding which attacks will be more likely to affect us.&nbsp;<\/p>\n\n\n\n<p>Now we simply create a query and hit subscribe. The more new results we see arriving for a particular threat in TI Lookup the higher priority it gets.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Team Feedback&nbsp;<\/h2>\n\n\n\n<p>Most of the team are well-familiar with the ANY.RUN sandbox, so adopting TI Lookup felt natural for them. It is with some of the new folks on the team we had to work a little harder to get them to a place where they could comfortably use the service. They mostly struggled with the query parameters and their meanings, as well as tags in the sandbox, which are the same in TI Lookup. But most of them managed to become fairly proficient in a week or two.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>We want to thank the guest for taking the time to share their story and real-world examples of using TI Lookup. The behind-the-scenes view of a threat hunting team\u2019s work is always a rare privilege and we really appreciate it. Our hope is that this article will help other users considering integrating the service in their organization with laying the groundwork for successful implementation.&nbsp;&nbsp;<\/p>\n\n\n\n<p>As always, if you are open to letting others know how your team uses ANY.RUN\u2019s products, we\u2019ll be happy to hear from you at <a href=\"mailto:support@any.run\" target=\"_blank\" rel=\"noreferrer noopener\">support@any.run<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=transport_company_story&amp;utm_term=050325&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request trial of ANY.RUN&#8217;s services for your company \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How can security teams effectively monitor evolving attacks and stay ahead of constantly shifting attacker infrastructure? We spoke with a chief information security officer at a transport company about how they use subscriptions to Query Updates in Threat Intelligence Lookup to tackle this challenge.\u00a0 Here\u2019s what we learned.&nbsp; Company Info&nbsp; Without getting into any specifics, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":12030,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[79],"tags":[57,10,15],"class_list":["post-11992","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-customer-success","tag-anyrun","tag-cybersecurity","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Transport Company Gets Live Updates on Cyber Attacks\u00a0<\/title>\n<meta name=\"description\" content=\"See how a transport company automatically monitors active malware, credential theft, and CVE attacks for fresh IOCs, IOBs, and samples.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks\u00a0\",\"datePublished\":\"2025-03-05T11:12:10+00:00\",\"dateModified\":\"2025-11-13T09:21:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/\"},\"wordCount\":2083,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware\"],\"articleSection\":[\"Customer Success Story\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/\",\"name\":\"How Transport Company Gets Live Updates on Cyber Attacks\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-03-05T11:12:10+00:00\",\"dateModified\":\"2025-11-13T09:21:05+00:00\",\"description\":\"See how a transport company automatically monitors active malware, credential theft, and CVE attacks for fresh IOCs, IOBs, and samples.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Customer Success Story\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/customer-success\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Transport Company Gets Live Updates on Cyber Attacks\u00a0","description":"See how a transport company automatically monitors active malware, credential theft, and CVE attacks for fresh IOCs, IOBs, and samples.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks\u00a0","datePublished":"2025-03-05T11:12:10+00:00","dateModified":"2025-11-13T09:21:05+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/"},"wordCount":2083,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware"],"articleSection":["Customer Success Story"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/","url":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/","name":"How Transport Company Gets Live Updates on Cyber Attacks\u00a0","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-03-05T11:12:10+00:00","dateModified":"2025-11-13T09:21:05+00:00","description":"See how a transport company automatically monitors active malware, credential theft, and CVE attacks for fresh IOCs, IOBs, and samples.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/how-transport-company-monitors-threats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Customer Success Story","item":"https:\/\/any.run\/cybersecurity-blog\/category\/customer-success\/"},{"@type":"ListItem","position":3,"name":"How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11992"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=11992"}],"version-history":[{"count":33,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11992\/revisions"}],"predecessor-version":[{"id":16785,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11992\/revisions\/16785"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/12030"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=11992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=11992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=11992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}