{"id":7277,"date":"2024-03-13T07:37:37","date_gmt":"2024-03-13T07:37:37","guid":{"rendered":"\/cybersecurity-blog\/?p=7277"},"modified":"2025-09-29T06:03:18","modified_gmt":"2025-09-29T06:03:18","slug":"how-we-process-iocs","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/","title":{"rendered":"How We Process IOCs for ANY.RUN Threat Intelligence Lookup and Feeds"},"content":{"rendered":"\n<p>At <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=how_we_process_iocs&amp;utm_content=linktolanding&amp;utm_term=130324\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, we&#8217;ve been developing our interactive online malware sandbox since 2016. Today, 400,000 security professionals use it to detonate files, analyze threats, and inspect phishing sites.&nbsp;<\/p>\n\n\n\n<p>This gives us a unique perspective \u2014 and our key advantage: we\u2019ve built a database that contains event\u2019s fields and IOCs with connections between all artifacts within a single analysis session. In October 2022, aiming to give our users a more powerful way to use this data, we launched TI Threat Intelligence Feeds, followed by the<a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=how_we_process_iocs&amp;utm_content=linktolookuplanding&amp;utm_term=130324\" target=\"_blank\" rel=\"noreferrer noopener\"> TI Lookup<\/a> portal, which we shipped in February.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/how-we-built-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read how we developed TI Lookup<\/a><\/p>\n\n\n\n<p>In this article, we&#8217;ll explain how these products can help you expand threat coverage or identify threats from isolated indicators \u2014 which no other security solution on the market might have access to.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How ANY.RUN processes indicators&nbsp;<\/h2>\n\n\n\n<p>Our sandbox is interactive. This means malware actually executes within it, running through different stages, fetching payloads and encrypting files or stealing data. If it doesn&#8217;t self-execute, the analyst can manually trigger it through actions like entering a password in a locked .ZIP archive or solving a CAPTCHA on a phishing site to trigger download of a second-stage payload.&nbsp;<\/p>\n\n\n\n<p>This allows us to capture a holistic picture of indicators within each analysis session. We extract them from:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Memory (memory dumps, static analysis)&nbsp;<\/li>\n\n\n\n<li>Traffic between the malware and C2 server&nbsp;<\/li>\n\n\n\n<li>MITRE ATT&amp;CK tactics, techniques, and procedures&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>In addition to indicators, we collect associated event fields like Command Line, File Name, Registry Name, Registry Value, Injection Flags, HTTP Response Content, Image Path &#8211; around 30 fields in total. (See the <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">full list here<\/a>)&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nLearn how ANY.RUN products can help your <span class=\"highlight\">security team<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" rel=\"noopener\" target=\"_blank\">\nSchedule a demo\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Where our IOCs come from&nbsp;<\/h2>\n\n\n\n<p>The IOCs you can receive through Feeds or search for in the Lookup portal come from sandbox research sessions \u2014 ANY.RUN sandbox receives around 14,000 daily, submitted by analysts from over 190 countries. Here&#8217;s how it works:&nbsp;<\/p>\n\n\n\n<p>Let&#8217;s say an analyst in the UK notices something suspicious in their SIEM logs or receives a request to inspect a strange email link. They upload the file to our sandbox and configure a regional network environment using a residential proxy.&nbsp;<\/p>\n\n\n\n<p>They then perform an interactive analysis session, allowing the sample to fully execute. We capture all processes, events, and extract hashes, domains, IPs, and URLs from this analysis task. Sessions can last up to 1,200 seconds as analysts conduct thorough investigations.&nbsp;<\/p>\n\n\n\n<p>This is how we obtain data on the latest malware threats from around the globe.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to use ANY.RUN threat intelligence for your advantage&nbsp;<\/h2>\n\n\n\n<p>You can leverage our data in two main ways:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">In TI Lookup<\/a><\/strong>: Use our portal to search for related events across 30 parameters. Search by substrings using wildcards (*) or broadly. Our search is extremely fast, with results typically appearing within 5 seconds. You receive not only connected IOCs and event fields, but also linked sandbox research sessions where they were recorded.&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">In TI Feeds<\/a><\/strong>: Pull the data in STIX format from our Feeds directly into your TIP and SIEM systems. Then configure your firewalls against the latest threats. New data is added in real time, providing not just indicators but associated event fields for full context.\u00a0<\/li>\n<\/ol>\n\n\n\n<p>In addition, we have our own team of analysts who proactively research threats, conduct investigations, and add new detections.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Wrapping up&nbsp;<\/h2>\n\n\n\n<p>&nbsp;By integrating our TI Feeds and Lookup portal, you&#8217;ll gain access to a continuously updated database of malware intelligence before it hits other sources. Leverage data from over 1.5 million interactive research sessions \u2014 from our community and an in-house team of analysts \u2014 to strengthen your security posture.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Integrate our solutions to:<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gain access to the latest malware data which reaches us first \u2014from the community and our in-house analyst team.&nbsp;<\/li>\n\n\n\n<li>Search across any event\u2019s field from 1.5 million interactive investigations over the past 6 months.&nbsp;<\/li>\n\n\n\n<li>Identify threats not just by IOCs, but by their actions within systems \u2014 command lines, registry modifications, memory dumbs, unencrypted traffic, and encrypted traffic, and more.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is ANY.RUN?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN\u2019s most well-known product is an interactive malware sandbox that helps security teams analyze malware quickly and efficiently. Every day, 400,000 professionals use our platform to investigate incidents and streamline threat analysis on Windows and Linux VMs in the cloud.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate <span class=\"highlight\">ANY.RUN TI products<\/span> in your organization&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\"><strong>We\u2019re well known for:<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Real-time detection<\/strong>: Within roughly 40 seconds of uploading a file, ANY.RUN can detect malware and automatically identify many malware families using YARA and Suricata rules.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Interactive analysis<\/strong>: Unlike many automated solutions, ANY.RUN allows you to interactively engage with the virtual machine directly through your browser. This interactive capability helps prevent zero-day exploits and sophisticated malware that can evade signature-based detection.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost-efficiency<\/strong>: For businesses, ANY.RUN\u2019s cloud nature translates into a cost-effective solution, as it doesn&#8217;t require any setup or maintenance effort from your DevOps team.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Helping with onboarding new security team members<\/strong>: ANY.RUN&#8217;s intuitive interface allows even junior SOC analysts to quickly learn how to analyze malware and extract indicators of compromise IOCs.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>If these capabilities sound beneficial for you or your team, give ANY.RUN a try. The best part is \u2014 we offer a completely free starter plan.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Schedule a demo \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At ANY.RUN, we&#8217;ve been developing our interactive online malware sandbox since 2016. Today, 400,000 security professionals use it to detonate files, analyze threats, and inspect phishing sites.&nbsp; This gives us a unique perspective \u2014 and our key advantage: we\u2019ve built a database that contains event\u2019s fields and IOCs with connections between all artifacts within a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7279,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,34,40],"class_list":["post-7277","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Threat Intelligence Lookup and Feeds Process IOCs<\/title>\n<meta name=\"description\" content=\"Find out how ANY.RUN processes indicators of compromise from its database of threat data to enrich Threat Intelligence Lookup and TI Feeds.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jack Zalesskiy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\"},\"author\":{\"name\":\"Jack Zalesskiy\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"How We Process IOCs for ANY.RUN Threat Intelligence Lookup and Feeds\",\"datePublished\":\"2024-03-13T07:37:37+00:00\",\"dateModified\":\"2025-09-29T06:03:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\"},\"wordCount\":920,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\",\"name\":\"How Threat Intelligence Lookup and Feeds Process IOCs\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-03-13T07:37:37+00:00\",\"dateModified\":\"2025-09-29T06:03:18+00:00\",\"description\":\"Find out how ANY.RUN processes indicators of compromise from its database of threat data to enrich Threat Intelligence Lookup and TI Feeds.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How We Process IOCs for ANY.RUN Threat Intelligence Lookup and Feeds\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Jack Zalesskiy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp\",\"caption\":\"Jack Zalesskiy\"},\"description\":\"Jack Zalesskiy is a technology writer with five years of experience under his belt. He closely follows malware incidents, data breaches, and the way in which cyber threats manifest in our day-to-day lives.\",\"url\":\"#molongui-disabled-link\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Threat Intelligence Lookup and Feeds Process IOCs","description":"Find out how ANY.RUN processes indicators of compromise from its database of threat data to enrich Threat Intelligence Lookup and TI Feeds.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/","twitter_misc":{"Written by":"Jack Zalesskiy","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/"},"author":{"name":"Jack Zalesskiy","@id":"https:\/\/any.run\/"},"headline":"How We Process IOCs for ANY.RUN Threat Intelligence Lookup and Feeds","datePublished":"2024-03-13T07:37:37+00:00","dateModified":"2025-09-29T06:03:18+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/"},"wordCount":920,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","malware behavior"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/","url":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/","name":"How Threat Intelligence Lookup and Feeds Process IOCs","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-03-13T07:37:37+00:00","dateModified":"2025-09-29T06:03:18+00:00","description":"Find out how ANY.RUN processes indicators of compromise from its database of threat data to enrich Threat Intelligence Lookup and TI Feeds.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"How We Process IOCs for ANY.RUN Threat Intelligence Lookup and Feeds"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Jack Zalesskiy","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1-min-1-1-1-1.webp","caption":"Jack Zalesskiy"},"description":"Jack Zalesskiy is a technology writer with five years of experience under his belt. He closely follows malware incidents, data breaches, and the way in which cyber threats manifest in our day-to-day lives.","url":"#molongui-disabled-link"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7277"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7277"}],"version-history":[{"count":7,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7277\/revisions"}],"predecessor-version":[{"id":16107,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7277\/revisions\/16107"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7279"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}