{"id":12195,"date":"2025-03-18T11:19:17","date_gmt":"2025-03-18T11:19:17","guid":{"rendered":"\/cybersecurity-blog\/?p=12195"},"modified":"2025-03-24T12:00:27","modified_gmt":"2025-03-24T12:00:27","slug":"android-malware-analysis","status":"publish","type":"post","link":"\/cybersecurity-blog\/android-malware-analysis\/","title":{"rendered":"Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis\u00a0"},"content":{"rendered":"\n<p>It&#8217;s here! The news security teams have been waiting for: <strong>ANY.RUN now fully supports Android OS<\/strong> in its interactive sandbox!&nbsp;<\/p>\n\n\n\n<p>Now, you can investigate Android malware in a real ARM-based sandbox, exactly as it would behave on an actual mobile device. No more blind spots or unreliable analysis.&nbsp;<\/p>\n\n\n\n<p>With this release, <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> allows SOC teams, incident responders, and threat hunters to analyze Android threats faster, more efficiently, and with greater accuracy while reducing operational costs.&nbsp;<\/p>\n\n\n\n<p>And the best part? Android OS support is <strong>available to everyone<\/strong>, including Free plan users!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Your Team Needs Mobile Threat Analysis Inside ANY.RUN\u2019s Android Sandbox&nbsp;<\/h2>\n\n\n\n<p>Android malware is a direct risk to businesses, financial institutions, and enterprise security teams. Attackers are targeting mobile devices to steal credentials, infiltrate corporate networks, and compromise financial systems. &nbsp;<\/p>\n\n\n\n<p>Without real-time mobile threat analysis, businesses face delayed detection, higher security costs, and increased exposure to cyber threats.&nbsp;<\/p>\n\n\n\n<p>Now you can interact with APK files in a fully controlled environment, track malicious activity in real time, and generate in-depth reports: all in one convenient place.&nbsp;<\/p>\n\n\n\n<p>By analyzing Android threats inside ANY.RUN\u2019s secure cloud-based environment, businesses can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Spot Android malware in seconds:<\/strong> Run suspicious APKs in a real Android environment and catch threats before they spread.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>See exactly what malware is doing: <\/strong>Watch how it abuses permissions, steals data, or makes shady network connections, no more guesswork.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Make Android threat investigations easier:<\/strong> Quickly analyze mobile malware without slowing down your team or piling on extra work.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Take full control of your data:<\/strong> Analyze Android threats in a private, secure environment where only your team has access, no third parties involved.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improve collaboration:<\/strong> Generate structured reports with detailed APK insights, making escalation and knowledge sharing between your team more effective.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to Get Started with ANY.RUN\u2019s Android Sandbox&nbsp;<\/h2>\n\n\n\n<p>Getting started is quick and easy. &nbsp;<\/p>\n\n\n\n<p>Since&nbsp;ANY.RUN is fully cloud-based, there\u2019s no need to&nbsp;download or install complicated software. Just&nbsp;<a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noreferrer noopener\">sign up<\/a> and follow these simple steps to start analyzing right away:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Select Android OS<\/strong> \u2013 Before launching an analysis, choose <strong>Android<\/strong> from the operating system menu.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"824\" height=\"758\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS.png\" alt=\"\" class=\"wp-image-12199\" style=\"width:426px;height:auto\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS.png 824w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS-300x276.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS-768x706.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS-370x340.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS-270x248.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-OS-740x681.png 740w\" sizes=\"(max-width: 824px) 100vw, 824px\" \/><\/figure><\/div>\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Upload the APK file<\/strong> \u2013 Drag and drop the file into the sandbox.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>Start the investigation<\/strong> \u2013 Run the file and observe its behavior in real time.&nbsp;<\/li>\n<\/ol>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGive your security team the speed to analyze APK files and detect threats instantly with <span class=\"highlight\">ANY.RUN Interactive Sandbox<\/span>&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=android_malware_analysis&#038;utm_term=180325&#038;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noopener\">\nSign up for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>Note that you can change the screen orientation when starting the analysis session&nbsp;to match a mobile device\u2019s natural display:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-1024x584.png\" alt=\"\" class=\"wp-image-12247\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-1024x584.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-300x171.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-768x438.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-1536x876.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-2048x1167.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-370x211.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-270x154.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/orientation-change-1-740x422.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Screen orientation change inside ANY.RUN sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">See It in Action: Analyzing Mobile Malware Inside ANY.RUN\u2019s Android Sandbox&nbsp;<\/h2>\n\n\n\n<p>Let\u2019s look at real-world malware cases to see how <a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s interactive sandbox<\/a> makes Android threat analysis easier and more effective.&nbsp;<\/p>\n\n\n\n<p>One notorious Android malware family is Coper, a banking trojan that targets financial apps, steals user credentials, and intercepts SMS messages. Attackers use it to bypass two-factor authentication (2FA) and take full control of compromised devices.&nbsp;<\/p>\n\n\n\n<p>With ANY.RUN\u2019s Android OS sandbox, we can break down exactly how this malware behaves in real time.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/53ecae9b-b59d-45b6-8e86-d56e8209c2d3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View analysis session<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-1024x585.png\" alt=\"\" class=\"wp-image-12206\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-1024x585.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-300x171.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-768x439.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-1536x877.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-2048x1170.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-370x211.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-270x154.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Coper-analysis-740x423.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Coper analyzed inside Android OS<\/em><\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Instant Detection with Interactive Analysis&nbsp;<\/h3>\n\n\n\n<p>The first thing you\u2019ll notice after running an analysis is that ANY.RUN immediately flags suspicious activity. In this case, we see a red alert in the top right corner, signaling that the APK file is performing dangerous actions.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"370\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-1024x370.png\" alt=\"\" class=\"wp-image-12207\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-1024x370.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-300x109.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-768x278.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-370x134.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-270x98.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis-740x268.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Quick-analysis.png 1056w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Fast detection of malicious activities<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Since the sandbox is fully interactive, we can engage with the app just like on a real Android device. This means:&nbsp;<\/p>\n\n\n\n<p>\u2714 Opening the malware-infected app and seeing how it behaves&nbsp;<br>\u2714 Granting or denying permissions to observe how it reacts&nbsp;<br>\u2714 Triggering functions like keylogging to uncover hidden actions&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Digging into the Tree of Processes&nbsp;<\/h3>\n\n\n\n<p>To understand how Coper operates under the hood, we check the <a href=\"https:\/\/any.run\/cybersecurity-blog\/process-tree-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Process Tree section<\/a>, which provides a structured breakdown of all executed processes.&nbsp;<\/p>\n\n\n\n<p>Here, you can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>See which processes are spawned by the malware&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identify connections to suspicious services or commands&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect any attempts to gain persistence or execute additional payloads&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The Process Tree is located in the right part of the analysis screen, giving a clear and organized view of how the APK interacts with the system. &nbsp;<\/p>\n\n\n\n<p>Instead of manually tracking logs, security teams get a clear breakdown of malicious actions in a simple, visual format.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-1024x579.png\" alt=\"\" class=\"wp-image-12208\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-1024x579.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-300x170.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-768x434.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-1536x869.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-2048x1159.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-370x209.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-270x153.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/process-tree-740x419.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Malicious process carried out by Coper inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Understanding the Attack Tactics with MITRE ATT&amp;CK Mapping&nbsp;<\/h3>\n\n\n\n<p>Next, we head to the <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE ATT&amp;CK Matrix<\/a> section, which helps map out exactly what techniques and tactics Coper is using.&nbsp;<\/p>\n\n\n\n<p>Inside ANY.RUN, this can be found under the MITRE ATT&amp;CK tab, where you get a structured breakdown of:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The specific attack techniques used (e.g., credential theft, keylogging, SMS interception)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The broader tactics the malware follows (e.g., persistence, privilege escalation)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Links to detailed explanations for deeper research&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"421\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-1024x421.png\" alt=\"\" class=\"wp-image-12209\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-1024x421.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-300x123.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-768x316.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-1536x632.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-2048x842.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-370x152.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-270x111.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-attack-740x304.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>MITRE ATT&amp;CK techniques and tactics used by Coper<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>By clicking on any technique, you get a detailed description of how the attack works, making it easier to correlate threats and improve security defenses.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"711\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-1024x711.png\" alt=\"\" class=\"wp-image-12211\" style=\"width:556px;height:auto\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-1024x711.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-300x208.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-768x533.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-370x257.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-270x187.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique-740x514.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Mitre-technique.png 1426w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Technique details inside Android sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Collecting IOCs for Threat Intelligence&nbsp;<\/h3>\n\n\n\n<p>Once the analysis is complete,&nbsp;ANY.RUN generates structured, in-depth reports, allowing SOC teams to get:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Malicious URLs and IP addresses&nbsp;<\/li>\n\n\n\n<li>Dropped or modified files&nbsp;<\/li>\n\n\n\n<li>Registry changes and system modifications&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> can be exported and shared for further action, helping organizations update security rules, improve detection, and prevent future infections.&nbsp;<\/p>\n\n\n\n<p>In <a href=\"https:\/\/app.any.run\/tasks\/3fa6e434-1665-46f3-bb3d-531fc447ed2f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">this analysis of GoldDigger malware<\/a>, we can see a collection of useful IOCs by clicking the&nbsp;\u201cIOC\u201d&nbsp;button in the&nbsp;top right corner&nbsp;of the screen.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"740\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-1024x740.png\" alt=\"\" class=\"wp-image-12212\" style=\"width:560px;height:auto\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-1024x740.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-300x217.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-768x555.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-1536x1110.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-370x267.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-270x195.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs-740x535.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/IOCs.png 1544w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>IOCs for further analysis collected inside ANY.RUN\u2019s Android sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Generating a Structured Report for Easy Sharing&nbsp;<\/h3>\n\n\n\n<p>In ANY.RUN, you also get <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">a detailed report<\/a> in the Reports section, allowing SOC teams to:\u00a0<\/p>\n\n\n\n<p>\u2714&nbsp;Quickly escalate cases with clear, organized evidence.&nbsp;<br>\u2714&nbsp;Share findings across teams for improved collaboration.&nbsp;<br>\u2714&nbsp;Enhance future detection strategies using real-world behavioral data.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"477\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-1024x477.png\" alt=\"\" class=\"wp-image-12213\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-1024x477.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-300x140.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-768x358.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-1536x716.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-2048x954.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-370x172.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-270x126.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/Android-report-740x345.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Report generated inside interactive sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Having a clear, documented report helps SOC teams, threat hunters, and incident responders work more efficiently, ensuring that findings are communicated effectively across teams.&nbsp;<\/p>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"ANY.RUN cloud interactive sandbox interface\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Sandbox for Businesses<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nDiscover all features of the <span class=\"highlight\">Enterprise plan<\/span> designed for businesses and large security teams.\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-for-enterprises\/\"><div class=\"cta__split-link\">See details<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Turn Your Team\u2019s Hours of Android Malware Investigation into Minutes&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN\u2019s Android OS support is a whole new way to investigate mobile threats with speed and precision.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Whether your security team is tackling&nbsp;incident response, malware research, or threat hunting, this release&nbsp;helps businesses detect Android threats easier, cut investigation time, and strengthen security operations.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It\u2019s fast <\/strong>\u2013 No waiting for static scans or manual reverse engineering. See how an APK behaves in seconds&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It\u2019s interactive<\/strong> \u2013 Click, explore, and engage with malware just like you would on a real Android device.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It\u2019s detailed <\/strong>\u2013 Track every action with process trees, MITRE ATT&amp;CK mapping, and real-time network insights.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It\u2019s fully cloud-based<\/strong>&nbsp;\u2013 Run Android malware investigations anytime, anywhere, without worrying about infrastructure.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It\u2019s built for teams <\/strong>\u2013 Generate structured reports, share findings, and collaborate on investigations seamlessly.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noreferrer noopener\">Start your first Android analysis today<\/a> and experience the precision of mobile malware analysis inside a real ARM-based sandbox.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=android_malware_analysis&amp;utm_term=180325&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial of ANY.RUN\u2019s services \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s here! The news security teams have been waiting for: ANY.RUN now fully supports Android OS in its interactive sandbox!&nbsp; Now, you can investigate Android malware in a real ARM-based sandbox, exactly as it would behave on an actual mobile device. No more blind spots or unreliable analysis.&nbsp; With this release, ANY.RUN allows SOC teams, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":12227,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,34,55],"class_list":["post-12195","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-malware-analysis","tag-release"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Expose Android Malware in Seconds with ANY.RUN Sandbox<\/title>\n<meta name=\"description\" content=\"Analyze Android malware in real time with ANY.RUN sandbox. Detect threats in an ARM-based environment available to all users, including Free!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"ANY.RUN\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis\u00a0\",\n\t            \"datePublished\": \"2025-03-18T11:19:17+00:00\",\n\t            \"dateModified\": \"2025-03-24T12:00:27+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\"\n\t            },\n\t            \"wordCount\": 1380,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"malware analysis\",\n\t                \"release\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Service Updates\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\",\n\t            \"name\": \"Expose Android Malware in Seconds with ANY.RUN Sandbox\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2025-03-18T11:19:17+00:00\",\n\t            \"dateModified\": \"2025-03-24T12:00:27+00:00\",\n\t            \"description\": \"Analyze Android malware in real time with ANY.RUN sandbox. Detect threats in an ARM-based environment available to all users, including Free!\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Service Updates\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis\u00a0\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Expose Android Malware in Seconds with ANY.RUN Sandbox","description":"Analyze Android malware in real time with ANY.RUN sandbox. Detect threats in an ARM-based environment available to all users, including Free!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis\u00a0","datePublished":"2025-03-18T11:19:17+00:00","dateModified":"2025-03-24T12:00:27+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/"},"wordCount":1380,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","malware analysis","release"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/","url":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/","name":"Expose Android Malware in Seconds with ANY.RUN Sandbox","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-03-18T11:19:17+00:00","dateModified":"2025-03-24T12:00:27+00:00","description":"Analyze Android malware in real time with ANY.RUN sandbox. Detect threats in an ARM-based environment available to all users, including Free!","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/12195"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=12195"}],"version-history":[{"count":35,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/12195\/revisions"}],"predecessor-version":[{"id":12300,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/12195\/revisions\/12300"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/12227"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=12195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=12195"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=12195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}