{"id":7337,"date":"2024-03-19T08:59:53","date_gmt":"2024-03-19T08:59:53","guid":{"rendered":"\/cybersecurity-blog\/?p=7337"},"modified":"2024-03-19T10:35:51","modified_gmt":"2024-03-19T10:35:51","slug":"lookup-combined-search","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/","title":{"rendered":"Threat Intelligence Lookup: Combined Search for Precise Investigations"},"content":{"rendered":"\n<p>Do you struggle to connect the dots between multiple artifacts linked to the same incident because your threat intelligence solution doesn&#8217;t support combined searches? <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN&#8217;s Threat Intelligence Lookup<\/a> fixes this problem for you. The service&#8217;s advanced search capabilities let you craft complex queries featuring more than one indicator at the same time. Let us show you how.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is TI Lookup?&nbsp;<\/h2>\n\n\n\n<p>For those who are new to <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=lookup_combined_search&amp;utm_content=linktolookuplanding&amp;utm_term=190324\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, it is ANY.RUN\u2019s threat intelligence portal designed to help security analysts and researchers contextualize and enrich indicators of compromise (IOCs). It serves as a solution for gathering, analyzing, and understanding emerging and persistent cyber threats.\u00a0<\/p>\n\n\n\n<p>TI Lookup runs on the information extracted from <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=lookup_combined_search&amp;utm_content=linktolanding&amp;utm_term=190324\" target=\"_blank\" rel=\"noreferrer noopener\">the ANY.RUN sandbox<\/a>\u2019s public database of <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-we-process-iocs\/\" target=\"_blank\" rel=\"noreferrer noopener\">millions of interactive analysis sessions<\/a> (tasks), launched by users from all over the world. Thanks to this integration, you get to search for contextual information across over 30 different fields, including destination IP addresses, file hashes, as well as command lines, MITRE ATT&amp;CK TTPs, and Suricata rule class.&nbsp;&nbsp;<\/p>\n\n\n\n<p>On top of receiving valuable context information, you also get to explore the sandbox sessions where IOCs of your interest were found. Thus, you can study the entire execution process of the malware (network and registry activity, processes, etc.), collect a comprehensive threat report, and even rerun the analysis in a different analysis environment to extract more insights.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet a demo of TI Lookup for <span class=\"highlight\">your security team<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" rel=\"noopener\" target=\"_blank\">\nSchedule a call\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Types of searches in TI Lookup&nbsp;<\/h2>\n\n\n\n<p>Before diving into combined requests, here are other types of searches you can conduct on Threat Intelligence Lookup:&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li><strong>Single IOC:<\/strong> You can perform a search using a single IOC, examples of which include URLs, MD5, SHA1, SHA256 hashes, IP addresses, and domain names. By searching for a single IOC, you can quickly identify whether it is associated with any known malicious activity.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Logged Event Fields:<\/strong> When investigating a potential cyber threat, you can target specific fields within logged events to narrow down your search. These fields can include command lines, registry paths and values, as well as process and module names.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>Wildcard Queries: <\/strong>To broaden or limit the scope of your search, you can use wildcard characters. These characters include the asterisk (*), caret (^), and dollar sign ($). Wildcard queries are particularly useful when dealing with limited or incomplete threat information. For example, if you only have a partial hash or URL, you can use a wildcard character to search for all possible matches.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>Detection Details:<\/strong> You can also search using MITRE techniques and detection names, including Suricata class, message, and Suricata ID. This information can help you identify specific types of threats and the techniques used by attackers.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">How does combined search work?&nbsp;<\/h2>\n\n\n\n<p>Combined searches enable you to identify multiple instances of Indicators of Compromise (IOCs) or events occurring together within the same analytical session. This means that when you have several artifacts from the same incident, you can group them together and submit them for a combined search using Threat Intelligence Lookup. This approach not only accelerates your investigation but also leads to a more precise identification of the threat you are dealing with.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Examples of combined search requests&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. IP address and Destination Port&nbsp;<\/h3>\n\n\n\n<p>Suppose you need to investigate an alert about a suspicious connection involving some machines on your network attempting to connect to IP address 193.233.132[.]62 on port 50500. To determine quickly whether this poses a risk, you can combine these indicators into a single query using Threat Intelligence Lookup.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"55\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1024x55.png\" alt=\"\" class=\"wp-image-7338\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1024x55.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-300x16.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-768x41.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1536x83.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-370x20.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-270x15.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-740x40.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The request&nbsp;<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>By constructing a request as shown in the image above and setting the search period to seven days, you will receive the following results:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-1024x576.png\" alt=\"\" class=\"wp-image-7339\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The service reveals additional information in response to the request.<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>TI Lookup returns extensive contextual information, including events, IPs, files, and tasks.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-1024x576.png\" alt=\"\" class=\"wp-image-7341\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>RisePro tasks found in ANY.RUN\u2019s database<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The results show that these indicators are associated with the RisePro malware. The service provides additional context about the threat and access to tasks that detail the infection process.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Domain Name and URL&nbsp;<\/h3>\n\n\n\n<p>Telegram bots have become a popular tool for attackers to automate and control malicious activities, such as command and control (C2) communication and data exfiltration. Criminals leverage Telegram API to create bots that blend in with legitimate traffic.&nbsp;<\/p>\n\n\n\n<p>To find the latest reports related to Telegram bots, we can use a query that searches for all instances of the domain &#8220;api.telegram[.]org&#8221; and the &#8220;\/bot&#8221; path in a URL appearing in the same analysis session.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-1024x576.png\" alt=\"\" class=\"wp-image-7343\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/4-2.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Information on TG bot connections over the past 30 days found in TI Lookup<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The results reveal plenty of valuable information, including URLs, files, events, IPs, and, most importantly, tasks related to the indicators mentioned in the request.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. URL and Threat Name&nbsp;<\/h3>\n\n\n\n<p>Combined searches can help identify threats that use evasion techniques to avoid detection by sandbox environments. One such technique is checking if the environment uses hosting. &nbsp;<\/p>\n\n\n\n<p>Attackers may employ this technique in phishing attacks to determine if their malicious URLs are being analyzed in a sandbox, allowing them to evade detection and extend the lifespan of their campaigns. ANY.RUN users can counter this evasion attempt by employing a residential proxy.&nbsp;<\/p>\n\n\n\n<p>To find the latest instances of samples using this evasion technique, we can use the following request:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>URL:\"?fields=hosting$\" AND ThreatName:\"phishing\" <\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-1024x576.png\" alt=\"\" class=\"wp-image-7340\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-3.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Tasks involving a phishing attack<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The search yields 12 tasks, each of which has been tagged as &#8220;phishing.&#8221;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Get a Demo of Threat Intelligence Lookup&nbsp;<\/h2>\n\n\n\n<p>Request a personalized demo of TI Lookup for your team and learn how it can benefit your threat investigations.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Schedule a call with us \u2192&nbsp;<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN is a trusted partner for more than 400,000 cybersecurity professionals around the world. Our interactive sandbox simplifies malware analysis of threats targeting both Windows and Linux systems, providing analysts with an advanced tool for investigations. Our threat intelligence products, Lookup and <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, offer refined indicators of compromise and context that lets users detect threats and respond to incidents faster.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Advantages of ANY.RUN&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN offers numerous advantages for businesses looking to improve their threat analysis capabilities, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rapid malware detection: <\/strong>ANY.RUN can detect malware and identify many malware families using YARA and Suricata rules within approximately 40 seconds of uploading a file.&nbsp;<\/li>\n\n\n\n<li><strong>Interactive analysis: <\/strong>ANY.RUN&#8217;s interactive capability allows you to engage with the virtual machine directly through your browser, serving as a convenient tool for uncovering the inner workings of sophisticated malware all in the comfort of your browser.&nbsp;<\/li>\n\n\n\n<li><strong>Cost-effective solution: <\/strong>ANY.RUN&#8217;s cloud-based nature eliminates the need for setup or maintenance by your DevOps team, making it a cost-effective solution for businesses.&nbsp;<\/li>\n\n\n\n<li><strong>Intuitive interface: <\/strong>ANY.RUN&#8217;s user-friendly interface helps onboard new security team members by enabling even junior SOC analysts to quickly learn how to analyze malware and extract indicators of compromise (IOCs).&nbsp;<\/li>\n\n\n\n<li><strong>Comprehensive analysis: <\/strong>ANY.RUN provides a detailed analysis of malware behavior, including network traffic, system calls, and file system changes, allowing security teams to gain a deeper understanding of the threat they are facing.&nbsp;<\/li>\n\n\n\n<li><strong>Scalability: <\/strong>ANY.RUN&#8217;s cloud infrastructure enables businesses to scale their threat analysis capabilities as needed, providing flexibility and adaptability to changing business needs.&nbsp;<\/li>\n\n\n\n<li><strong>Collaboration: <\/strong>ANY.RUN allows security teams to collaborate and share analysis results, improving communication and streamlining the threat analysis process.&nbsp;<\/li>\n\n\n\n<li><strong>Integration<\/strong>: ANY.RUN integrates with popular security tools, such as SIEM systems and threat intelligence platforms, enabling businesses to incorporate ANY.RUN&#8217;s analysis capabilities into their existing security infrastructure.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Try ANY.RUN and see how it can help your security team.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Get a personalized demo \u2192&nbsp;<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Do you struggle to connect the dots between multiple artifacts linked to the same incident because your threat intelligence solution doesn&#8217;t support combined searches? ANY.RUN&#8217;s Threat Intelligence Lookup fixes this problem for you. The service&#8217;s advanced search capabilities let you craft complex queries featuring more than one indicator at the same time. Let us show [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":7345,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[10,34],"class_list":["post-7337","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TI Lookup: Combined Search for Precise Investigations<\/title>\n<meta name=\"description\" content=\"See how Threat Intelligence Lookup helps you combine more than one indicator of compromise to search for relevant context.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vlad Ananin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/\"},\"author\":{\"name\":\"Vlad Ananin\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Threat Intelligence Lookup: Combined Search for Precise Investigations\",\"datePublished\":\"2024-03-19T08:59:53+00:00\",\"dateModified\":\"2024-03-19T10:35:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/\"},\"wordCount\":1304,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/\",\"name\":\"TI Lookup: Combined Search for Precise Investigations\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-03-19T08:59:53+00:00\",\"dateModified\":\"2024-03-19T10:35:51+00:00\",\"description\":\"See how Threat Intelligence Lookup helps you combine more than one indicator of compromise to search for relevant context.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Intelligence Lookup: Combined Search for Precise Investigations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Vlad Ananin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"caption\":\"Vlad Ananin\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TI Lookup: Combined Search for Precise Investigations","description":"See how Threat Intelligence Lookup helps you combine more than one indicator of compromise to search for relevant context.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/","twitter_misc":{"Written by":"Vlad Ananin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/"},"author":{"name":"Vlad Ananin","@id":"https:\/\/any.run\/"},"headline":"Threat Intelligence Lookup: Combined Search for Precise Investigations","datePublished":"2024-03-19T08:59:53+00:00","dateModified":"2024-03-19T10:35:51+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/"},"wordCount":1304,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["cybersecurity","malware analysis"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/","url":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/","name":"TI Lookup: Combined Search for Precise Investigations","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-03-19T08:59:53+00:00","dateModified":"2024-03-19T10:35:51+00:00","description":"See how Threat Intelligence Lookup helps you combine more than one indicator of compromise to search for relevant context.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/lookup-combined-search\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"Threat Intelligence Lookup: Combined Search for Precise Investigations"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Vlad Ananin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","caption":"Vlad Ananin"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7337"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7337"}],"version-history":[{"count":3,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7337\/revisions"}],"predecessor-version":[{"id":7349,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7337\/revisions\/7349"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7345"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}