{"id":20643,"date":"2026-04-30T11:57:42","date_gmt":"2026-04-30T11:57:42","guid":{"rendered":"https:\/\/any.run\/cybersecurity-blog\/?p=20643"},"modified":"2026-04-30T12:46:03","modified_gmt":"2026-04-30T12:46:03","slug":"release-notes-april-2026","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/","title":{"rendered":"Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More"},"content":{"rendered":"\n<p>April brought several updates across ANY.RUN\u2019s Threat Intelligence and detection coverage.&nbsp;<\/p>\n\n\n\n<p>The biggest change is expanded access to Threat Intelligence: Free plan users now get&nbsp;<strong>20 premium requests in TI Lookup and YARA Search<\/strong>. This gives security teams a practical way to check suspicious indicators, explore related sandbox sessions, and&nbsp;validate&nbsp;malware or phishing activity using real attack data.&nbsp;<\/p>\n\n\n\n<p>On the detection side, our team added&nbsp;<strong>78 new&nbsp;behavior&nbsp;signatures<\/strong>,&nbsp;<strong>1,657 new Suricata rules<\/strong>, and&nbsp;<strong>35 new YARA rules<\/strong>. We also released new Threat Intelligence Reports covering malware, loaders, RATs, backdoors, and supply-chain threats&nbsp;observed&nbsp;in recent submissions.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s&nbsp;a closer look at&nbsp;what\u2019s&nbsp;new.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<p>In April, ANY.RUN expanded access to&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence<\/a>&nbsp;capabilities, giving more teams a way to test threat context directly in their SOC workflows.&nbsp;<\/p>\n\n\n\n<p>The key update:&nbsp;<a href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktotipricing\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Free plan users<\/strong><\/a><strong>&nbsp;now get 20 premium requests in TI Lookup and&nbsp;<\/strong><a href=\"https:\/\/intelligence.any.run\/analysis\/yara?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>YARA Search<\/strong><\/a><strong>.<\/strong>&nbsp;This gives security teams a practical way to check indicators, explore related sandbox sessions, and&nbsp;validate&nbsp;suspicious activity using real attack data from ANY.RUN\u2019s community.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><em>More Threat Context with 20 Premium TI Requests<\/em>&nbsp;<\/h3>\n\n\n\n<p>Threat intelligence brings the most value when it helps teams make faster decisions during active investigations. Instead of stopping at one suspicious IP, domain, hash, or&nbsp;behavior, analysts can pivot to connected samples, infrastructure, artifacts, and attack context.&nbsp;<\/p>\n\n\n\n<p>With 20 premium requests now included in the Free plan, SOC and MSSP teams can explore threat data across IOCs, IOBs, and IOAs linked to recent malware and phishing activity.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"540\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-1024x540.webp\" alt=\"\" class=\"wp-image-20644\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-1024x540.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-300x158.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-768x405.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-370x195.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-270x142.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png-740x390.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png.webp 1522w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI&nbsp;Lookup request with AI assistant that helps the user&nbsp;select sandbox analyses of malware using a TTP<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Teams can use this expanded access across key SOC workflows:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alert triage:<\/strong>&nbsp;Check suspicious indicators against&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">real sandbox data<\/a>&nbsp;and get more context before closing or escalating an alert.&nbsp;<\/li>\n\n\n\n<li><strong>Incident response:<\/strong>&nbsp;Pivot from one indicator to related artifacts, infrastructure, and&nbsp;behavior&nbsp;to understand the wider attack chain.&nbsp;<\/li>\n\n\n\n<li><strong>Threat hunting:<\/strong>&nbsp;Use TI Lookup and YARA Search to test hypotheses against real-world malware data.<\/li>\n\n\n\n<li><strong>Detection work:<\/strong>&nbsp;Find patterns and artifacts that can support new or improved detection logic.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>ANY.RUN also introduced&nbsp;<strong>AI-assisted search in TI Lookup<\/strong>, allowing users to describe what they need in natural language while the system helps translate the request into a structured query.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGive your team the context for faster triage and response. <br>\n<span class=\"highlight\">Test ANY.RUN Threat Intelligence in real SOC workflows. <br><\/span><\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release-notes-april-2026&#038;utm_term=300426&#038;utm_content=linktotipricing#contact-sales\" rel=\"noopener\" target=\"_blank\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>With threat intelligence available directly in the workflow, SOC and MSSP teams can move faster from suspicious signal to confident action:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster alert validation:<\/strong>&nbsp;Teams can check suspicious indicators against real attack data and make decisions sooner.&nbsp;<\/li>\n\n\n\n<li><strong>Lower escalation noise:<\/strong>&nbsp;More context helps reduce escalations driven by uncertainty.&nbsp;<\/li>\n\n\n\n<li><strong>Shorter investigations:<\/strong>&nbsp;Analysts can move from one indicator to related samples, infrastructure, and&nbsp;behavior&nbsp;faster.&nbsp;<\/li>\n\n\n\n<li><strong>Stronger threat hunting:<\/strong>&nbsp;Teams can test hypotheses against current malware and phishing data.&nbsp;<\/li>\n\n\n\n<li><strong>Better detection quality:<\/strong>&nbsp;Real-world artifacts and&nbsp;behavior&nbsp;patterns can support more relevant detection logic.&nbsp;<\/li>\n\n\n\n<li><strong>More measurable security value:<\/strong>&nbsp;Faster triage, better prioritization, and clearer evidence help teams focus capacity on confirmed risk.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Updates&nbsp;<\/h2>\n\n\n\n<p>In April, our detection team continued to strengthen ANY.RUN\u2019s threat coverage with new&nbsp;behavior&nbsp;signatures, Suricata rules, and YARA rules.&nbsp;<\/p>\n\n\n\n<p>This month\u2019s updates include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>78 new&nbsp;behavior&nbsp;signatures&nbsp;<\/li>\n\n\n\n<li>1,657 new Suricata rules&nbsp;<\/li>\n\n\n\n<li>35 new YARA rules&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These additions help expand detection coverage across suspicious&nbsp;behavior, network activity, and file-based indicators.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New&nbsp;Behavior&nbsp;Signatures&nbsp;&nbsp;<\/h3>\n\n\n\n<p>In April, we added&nbsp;<strong>78 new&nbsp;behavior&nbsp;signatures<\/strong>&nbsp;covering malware-specific activity, mutex-based indicators, suspicious persistence&nbsp;behavior, and exploitation-related activity.&nbsp;<\/p>\n\n\n\n<p>The new signatures focus on observable actions and artifacts that appear during detonation, helping teams move beyond file reputation and confirm what a sample&nbsp;actually does&nbsp;in the sandbox.&nbsp;<\/p>\n\n\n\n<p>Highlighted detections include:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1b4372dc-2726-4cd7-9ba6-eb4d7dc69bb5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sextor mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0adad70f-7bd8-4643-be28-406d36423e61?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BlindEagle<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/04d13abc-5717-4f2b-96aa-6b96604237c2?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SantaStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0667857e-51c3-4f16-ae85-5cc55e2b0dba?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raton<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/049e5062-8191-4cc9-b72a-64c8a7f94be3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SpankRAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/487516cc-f2af-411d-a5d1-46216fe09d29?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-34621<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1b4bd54b-ab2f-4dc2-bc6f-11a9d6aaf777?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">GetWell mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2581d703-26ba-45ae-a7f6-73d691eb38f3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">NinjaRMM mutex<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-1024x567.png\" alt=\"Killada detected inside ANY.RUN sandbox\" class=\"wp-image-20645\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-1024x567.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-768x425.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-1536x850.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-2048x1133.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-15.25.35-740x409.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Killada detected inside ANY.RUN sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0d473778-5756-4bed-bf96-b322a1c310f7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CrystalX<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1eb1531f-5369-496b-93f9-b0cc1a26f7af?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">VexxStealer<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/28125a7b-3f33-4886-8b1b-0752911e7208?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Suspicious macOS persistence plist<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4a3e6d18-b221-4571-ba56-e13c3b9392ac?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BankBot<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3b24a245-82c7-4e32-b43c-4686a34b447e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Killada<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3b24a245-82c7-4e32-b43c-4686a34b447e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Killada mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6e202e37-3804-4c41-99e6-85cbe591fe60?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Oblivion<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0629bf3a-f16a-445a-8f2c-3a903b5929a5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">HangHost<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9d8c6c97-fd37-4cd8-b1eb-a2cd12333830?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raxid mutex<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">New Suricata Rules&nbsp;<\/h3>\n\n\n\n<p>In April, we also added&nbsp;<strong>1,657 new Suricata rules<\/strong>&nbsp;to improve visibility into malicious network activity, including payload retrieval, DLL downloads, and possible command-and-control checks.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fb1972a5-4157-4030-80a3-ab066e20196f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DonutLoader base64-exe payload retrieval via HTTP<\/a>&nbsp;(sid: 85007037): Detects malware&#8217;s attempts to get executable payload from stager server via HTTP&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/6594a017-1448-4e10-a62c-e9f4000f53b8\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Winos\/ValleyRAT DLL download via TCP<\/a>&nbsp;(sid: 85007024):&nbsp;Identifies&nbsp;ValleyRAT&nbsp;related DLL-file downloads via non-standard port TCP connection&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/c9f48db1-4513-4ccb-b52c-35ab53cf7be2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Possible AsyncRAT-style TCP C2 connectivity check<\/a>&nbsp;(sid: 85007061): Heuristic rule tracking&nbsp;AsyncRAT-like malware implementations, based on set of connections to specific ports on the same host,&nbsp;likely checkingconnectivity with C2.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>With these additions, sandbox sessions can surface more network-level indicators tied to malware delivery and post-infection communication.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">Cut response delays<\/span> before threats become costly incidents. <br>\nGive your SOC <span class=\"highlight\">faster, evidence-backed decisions. <br><\/span><\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release-notes-april-2026&#038;utm_term=300426&#038;utm_content=linktoenterprise#contact-sales\" rel=\"noopener\" target=\"_blank\">\nIntegrate in your SOC\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">New YARA Rules&nbsp;<\/h3>\n\n\n\n<p>In April, ANY.RUN added&nbsp;<strong>35 new YARA rules<\/strong>&nbsp;to expand static detection coverage for suspicious files and known threat artifacts.&nbsp;<\/p>\n\n\n\n<p>This layer is especially useful when a sample&nbsp;contains&nbsp;recognizable strings, code patterns, or structural markers that can link it to a known detection before or alongside&nbsp;behavior-based analysis.&nbsp;<\/p>\n\n\n\n<p>Highlighted YARA detections include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1b337e18-5e92-43b0-a8d7-b6e8d25e8ee5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sentinel<\/a>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/0500e3a7-97dc-4a3e-9767-0b9f6b0ab766?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Datto<\/a>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/3a07a112-0393-4eb6-aa92-a1c972d17238?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Spank<\/a>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/7df99e42-df44-441e-9e40-aff2e2684c22?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DefendNot<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/app.any.run\/tasks\/0667857e-51c3-4f16-ae85-5cc55e2b0dba?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raton<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<p>Together, the new&nbsp;behavior&nbsp;signatures, Suricata rules, and YARA rules give security teams broader coverage across runtime&nbsp;behavior, network traffic, and file-level indicators.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Threat Intelligence Reports&nbsp;<\/h3>\n\n\n\n<p>In April, our team released new&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-reports\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Reports<\/a>&nbsp;covering recent malware activity, attacker tooling, and techniques&nbsp;observed&nbsp;across real-world submissions.&nbsp;<\/p>\n\n\n\n<p>Available as part of ANY.RUN\u2019s&nbsp;<a href=\"https:\/\/intelligence.any.run\/plans?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup Premium<\/a>&nbsp;plan, these reports give security teams a clearer view of how specific threats behave, what artifacts they leave behind, and which indicators can support faster investigation.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"532\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-1024x532.png\" alt=\"Threat Intelligence reports in ANY.RUN \" class=\"wp-image-20646\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-1024x532.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-768x399.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-1536x799.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-2048x1065.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-29-at-16.29.37-740x385.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Threat Intelligence reports in ANY.RUN with updated search parameters for faster threat investigation<\/em><\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/2026-04-15-threat-brief-mimic-crystalx-telnyx\" target=\"_blank\" rel=\"noreferrer noopener\">MIMIC, CrystalX, and Trojanized Telnyx Package<\/a>:&nbsp;This report covers MIMIC ransomware,&nbsp;CrystalX&nbsp;RAT, and a&nbsp;trojanized&nbsp;Telnyx&nbsp;Python SDK, focusing on encryption&nbsp;behavior, remote access and persistence, and malicious code execution through unauthorized&nbsp;PyPI&nbsp;releases.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/2026-04-09-threat-brief-etherrat-ocrfix-silentconnect\" target=\"_blank\" rel=\"noreferrer noopener\">ETHERRAT, OCRFix, and SILENTCONNECT<\/a>:&nbsp;This brief examines a Node.js backdoor, a loader\/botnet&nbsp;component, and a Windows loader, focusing on blockchain-based C2\/configuration retrieval, scheduled-task persistence, in-memory PowerShell execution, and&nbsp;ScreenConnect&nbsp;deployment.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/2026-04-01-threat-brief-crysome-infiniti-brushworm\" target=\"_blank\" rel=\"noreferrer noopener\">CRYSOME, INFINITY, and BRUSHWORM<\/a>:&nbsp;This report examines a Windows RAT, a macOS stealer, and a Windows backdoor, focusing on TCP-based remote control,&nbsp;ClickFix-like delivery, credential theft, scheduled-task persistence, modular DLL download, and file theft.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, helps security teams investigate threats faster and make confident decisions with real-world attack data.&nbsp;<\/p>\n\n\n\n<p>Its solutions, including&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence<\/a>,&nbsp;give SOC and MSSP teams the context they need to&nbsp;analyze&nbsp;malware, phishing, infrastructure,&nbsp;behaviors, and indicators in one workflow.&nbsp;<\/p>\n\n\n\n<p>Trusted by more than&nbsp;<strong>15,000 organizations<\/strong>&nbsp;and&nbsp;<strong>600,000 security professionals worldwide<\/strong>, including&nbsp;<strong>74% of Fortune 100 companies<\/strong>, ANY.RUN helps teams improve triage speed, strengthen detection coverage, reduce investigation time, and respond to emerging threats with clearer evidence.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-april-2026&amp;utm_term=300426&amp;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Integrate ANY.RUN into your SOC workflow \u2192<\/strong><\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>April brought several updates across ANY.RUN\u2019s Threat Intelligence and detection coverage.&nbsp; The biggest change is expanded access to Threat Intelligence: Free plan users now get&nbsp;20 premium requests in TI Lookup and YARA Search. This gives security teams a practical way to check suspicious indicators, explore related sandbox sessions, and&nbsp;validate&nbsp;malware or phishing activity using real attack [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,56],"class_list":["post-20643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: 20 Premium TI Requests &amp; New Detections<\/title>\n<meta name=\"description\" content=\"ANY.RUN April updates: expanded Threat Intelligence access, AI-assisted search, new detection coverage, and fresh TI Reports.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More\",\"datePublished\":\"2026-04-30T11:57:42+00:00\",\"dateModified\":\"2026-04-30T12:46:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/\"},\"wordCount\":1320,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/\",\"name\":\"Release Notes: 20 Premium TI Requests & New Detections\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2026-04-30T11:57:42+00:00\",\"dateModified\":\"2026-04-30T12:46:03+00:00\",\"description\":\"ANY.RUN April updates: expanded Threat Intelligence access, AI-assisted search, new detection coverage, and fresh TI Reports.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: 20 Premium TI Requests & New Detections","description":"ANY.RUN April updates: expanded Threat Intelligence access, AI-assisted search, new detection coverage, and fresh TI Reports.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More","datePublished":"2026-04-30T11:57:42+00:00","dateModified":"2026-04-30T12:46:03+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/"},"wordCount":1320,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/","name":"Release Notes: 20 Premium TI Requests & New Detections","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-04-30T11:57:42+00:00","dateModified":"2026-04-30T12:46:03+00:00","description":"ANY.RUN April updates: expanded Threat Intelligence access, AI-assisted search, new detection coverage, and fresh TI Reports.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-april-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/20643"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=20643"}],"version-history":[{"count":11,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/20643\/revisions"}],"predecessor-version":[{"id":20660,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/20643\/revisions\/20660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/16650"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=20643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=20643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=20643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}