{"id":9773,"date":"2024-11-12T10:59:35","date_gmt":"2024-11-12T10:59:35","guid":{"rendered":"\/cybersecurity-blog\/?p=9773"},"modified":"2025-09-03T13:15:59","modified_gmt":"2025-09-03T13:15:59","slug":"how-to-improve-cyber-threat-investigations","status":"publish","type":"post","link":"\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/","title":{"rendered":"How to Improve Threat Investigations with TI Lookup: Webinar Recap\u00a0"},"content":{"rendered":"\n<p>On October 23, we hosted a webinar &#8220;How to Improve Threat Investigations with TI Lookup&#8221;. The session was led by <a href=\"https:\/\/any.run\/cybersecurity-blog\/dmitry-marinov-cto-interview\/\" target=\"_blank\" rel=\"noreferrer noopener\">Dmitry Marinov<\/a>, CTO at ANY.RUN, who showed the audience effective methods for collecting the latest threat intelligence.&nbsp;<\/p>\n\n\n\n<p>You can check out the <a href=\"https:\/\/www.youtube.com\/watch?v=SQ75yYJgK8I\">recording on our YouTube channel<\/a>. Here is a quick rundown of the main topics and examples of investigations covered during the event.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is Threat Intelligence Lookup&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\">Threat Intelligence (TI) Lookup<\/a> is a centralized service for threat data exploration, collection, and analysis. It contains fresh threat data extracted from malware and phishing samples uploaded to ANY.RUN\u2019s <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> over the past 180 days. Each search request you make returns results that provide expanded context related to the threat data in your query.\u00a0<\/p>\n\n\n\n<p><strong>Key features of TI Lookup include:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search results take just 5 seconds for events spanning the last six months. You can quickly get in-depth information about how events work, whether they are linked to a threat, and how they are related to that threat.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>With over <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-lookup-search-parameters\/\" target=\"_blank\" rel=\"noreferrer noopener\">40 search parameters<\/a>, TI Lookup provides examples and context from other investigations to help with decision-making. Unlike other solutions where you can work only with IOCs, Lookup can search among events and <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search-guide\/\">YARA rules<\/a>, which is extremely helpful.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TI Lookup has a large amount of data from the ANY.RUN sandbox, where cybersecurity analysts from around the world analyze threats. <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">New samples<\/a> are uploaded and analyzed daily, providing data that you cannot find in any other open sources.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How TI Lookup Sources Data&nbsp;<\/h2>\n\n\n\n<p>A core component of the suite is the <em><a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktopublicsubmissions\" target=\"_blank\" rel=\"noreferrer noopener\">submissions<\/a><\/em> database. It is a vast repository that houses millions of unique malware and phishing samples submitted daily by a global community of over 500,000 security professionals from different spheres and industries using ANY.RUN.\u00a0<\/p>\n\n\n\n<p>Every time a user runs an analysis in the sandbox, the systems capture the key data on threats from that analysis. This data is then immediately sent to Threat Intelligence Lookup. As a result, Threat Intelligence Lookup becomes a centralized hub where you can <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-use-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">search through threat data<\/a> extracted from millions of malware and phishing analysis sessions launched in the ANY.RUN sandbox.\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nCollect threat intel on the <span class=\"highlight\">latest malware and phishing<\/span> campaigns with TI Lookup&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=improve_threat_investigations&#038;utm_term=121124&#038;utm_content=linktotiplans\" rel=\"noopener\" target=\"_blank\">\nGet 20 free requests\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">How TI Lookup Works&nbsp;<\/h2>\n\n\n\n<p>Let\u2019s say we want to collect the latest domains used by threat actors that utilize <a href=\"https:\/\/any.run\/malware-trends\/lumma\">Lumma<\/a>, a notorious malware infostealer.&nbsp;&nbsp;<\/p>\n\n\n\n<p>To do this, we can submit the following search request:&nbsp;<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-195\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"1\"\n           data-rows=\"1\"\n           data-wpID=\"195\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:100%;                    padding:10px;\n                    \"\n                    >\n                                        <a class=\"wpdt-link-content\" style=\"color: #009cff; text-decoration: underline\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolookup#{%22query%22:%22threatName:%5C%22lumma%5C%22%C2%A0AND%C2%A0domainName:%5C%22%5C%22%22,%22dateRange%22:180}\"  rel=\"\" target=\"_blank\" data-cell-id=\"00\" data-link-url=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolookup#{%22query%22:%22threatName:%5C%22lumma%5C%22%C2%A0AND%C2%A0domainName:%5C%22%5C%22%22,%22dateRange%22:180}\" data-link-text=\"threatName:&quot;lumma&quot; AND domainName:&quot;&quot;\" data-link-target=\"true\" data-link-nofollow=\"0\" data-link-noreferrer=\"0\" data-link-sponsored=\"0\" data-link-btn-status=\"0\" data-link-btn-class=\"\" data-link-content=\"wpdt-link-content\">threatName:&quot;lumma&quot; AND domainName:&quot;&quot;<\/a>                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-195'>\ntable#wpdtSimpleTable-195{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-195 td, table.wpdtSimpleTable195 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<ul class=\"wp-block-list\">\n<li>The first part of the query, <strong>threatName:&#8221;lumma&#8221;<\/strong>, instructs the search engine to find sandbox sessions where Lumma was detected.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The second part of the query, <strong>domainName:&#8221;&#8221;<\/strong>, tells the system to retrieve all domain names identified in those sandbox sessions. The empty field essentially acts as a wildcard, indicating that you are interested in all domain names associated with the threat.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The service returns numerous domains that match our request. At the top, you can see domains with the malconf tag, which tells you that these domains were extracted directly from the configs of Lumma samples, the most reliable source of indicators of compromise. We can easily copy each indicator or download all of them in JSON format.&nbsp;<\/p>\n\n\n\n<p>As you can see, apart from domains, the service also provides a large number of other types of indicators, including events, files, URLs, and others. That\u2019s one of TI Lookup\u2019s unique advantages &#8211; the diversity of data it provides.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Use Cases of TI Lookup&nbsp;<\/h2>\n\n\n\n<p>To demonstrate how TI Lookup can be used in real-world investigations, Dmitry outlined several use cases where the service can be particularly useful.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Checking a Suspicious IP Address&nbsp;<\/h3>\n\n\n\n<p>One of the most straightforward use cases is identifying threats using a suspicious IP address. For example, if you receive an alert about a connection to a suspicious IP address (e.g., 162[.]254[.]34[.]31) coming from one of the machines on your network, TI Lookup can quickly check if this IP address has been used in other malware attacks.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"586\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-1024x586.png\" alt=\"\" class=\"wp-image-9775\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-1024x586.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-300x172.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-768x440.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-1536x879.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-370x212.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-270x155.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2-740x424.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image-2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The service marks the queried IP address as malicious and offers extra context<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>By entering the query <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolookup#{%22query%22:%22destinationIP:%5C%22162.254.34.31%5C%22%22,%22dateRange%22:180}\" target=\"_blank\" rel=\"noreferrer noopener\">destinationIP:&#8221;162.254.34.31&#8243;<\/a>, the service identifies the IP address as malicious and links it to <a href=\"https:\/\/any.run\/malware-trends\/agenttesla\" target=\"_blank\" rel=\"noreferrer noopener\">AgentTesla<\/a>.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-1024x580.png\" alt=\"\" class=\"wp-image-9776\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-1024x580.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-300x170.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-768x435.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-1536x871.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-370x210.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-270x153.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3-740x419.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image2-3.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup provides a list of sandbox sessions where the IP address was detected<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>It also provides related indicators, including processes, files, and most importantly, sandbox sessions where you can see the analysis of actual attacks and collect more data.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Identifying a Malware Family Using a Mutex&nbsp;<\/h3>\n\n\n\n<p>Another way to use TI Lookup is to identify a threat by using unique indicators such as <a href=\"https:\/\/any.run\/cybersecurity-blog\/mutex-search-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">mutexes<\/a>. For instance, you can use mutexes to identify the <a href=\"https:\/\/any.run\/malware-trends\/remcos\" target=\"_blank\" rel=\"noreferrer noopener\">Remcos malware<\/a>.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"604\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-1024x604.png\" alt=\"\" class=\"wp-image-9777\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-1024x604.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-300x177.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-768x453.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-1536x906.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-370x218.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-270x159.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4-740x437.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image3-4.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Synchronization events found in TI Lookup\u2019s database with corresponding sandbox sessions<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>By entering the query <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolookup#%7B%2522query%2522:%2522syncObjectName:%255C%2522RMC-%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">syncObjectName:&#8221;RMC-&#8220;<\/a>, the service shows specific mutexes and provides a list of sandbox sessions to explore the threat further.&nbsp;<\/p>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"ANY.RUN cloud interactive sandbox interface\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Learn to Track Emerging Cyber Threats<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nCheck out expert guide to collecting intelligence on emerging threats with <span class=\"highlight\">TI Lookup<\/span>\n<br \/>\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/emerging-threats\/\"><div class=\"cta__split-link\">Read full guide<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">Uncovering a Threat Using a File Path&nbsp;<\/h3>\n\n\n\n<p>You can also find threats using a file path.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-1024x531.png\" alt=\"\" class=\"wp-image-9778\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-1024x531.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-300x155.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-768x398.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-1536x796.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-370x192.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-270x140.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3-740x383.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image4-3.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The service provides a list of files that match the query and events with the tag \u201cdarkvision\u201d<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>For example, a search for <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolookup#%7B%2522query%2522:%2522filePath:%255C%2522%255C%255C%255C%255CStart%2520Menu%255C%255C%255C%255CPrograms%255C%255C%255C%255CStartup%255C%255C%255C%255C%7B*%7D.lnk%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">filePath:&#8221;\\\\Start Menu\\\\Programs\\\\Startup\\\\{*}.lnk&#8221;<\/a> reveals that this file path has been observed in sessions featuring the DarkVision RAT.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"530\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-1024x530.png\" alt=\"\" class=\"wp-image-9779\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-1024x530.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-300x155.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-768x397.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-1536x795.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-370x191.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-270x140.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2-740x383.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image5-2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The service also returns Suricata IDS rules triggered in relation to the requested files\u2019 activity<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>This allows you to see the context and related sandbox sessions for further investigation.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Connecting Unrelated Data Points&nbsp;<\/h3>\n\n\n\n<p>One of the most powerful features of TI Lookup is its ability to connect pieces of data that may seem unrelated. Consider a scenario where you have a command line artifact and a network artifact. <\/p>\n\n\n\n<p>The command line artifact might be <strong>commandLine:&#8221;timeout \\\/t 5 &amp; del&#8221;,<\/strong> which indicates a command that delays execution for 5 seconds and then deletes a file. The network artifact might be <strong>destinationIP:&#8221;185.215.113.37&#8243;<\/strong>, which represents an IP address that the system is communicating with.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"582\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-1024x582.png\" alt=\"\" class=\"wp-image-9780\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-1024x582.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-300x171.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-768x437.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-1536x874.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-370x210.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-270x154.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2-740x421.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image6-2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup generates relevant results, offering instant threat context&nbsp;<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>By combining these indicators into a single query, <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolookup#{%22query%22:%22commandLine:%5C%22timeout%20%5C%5C\/t%205%20&amp;%20del%5C%22%20AND%20destinationIP:%5C%22185.215.113.37%5C%22%22,%22dateRange%22:180}\" target=\"_blank\" rel=\"noreferrer noopener\">commandLine:&#8221;timeout \\\/t 5 &amp; del&#8221; AND destinationIP:&#8221;185.215.113.37&#8243;<\/a>, you can zoom in on the threat you\u2019re dealing with.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"461\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-1024x461.png\" alt=\"\" class=\"wp-image-9781\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-1024x461.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-300x135.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-768x346.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-1536x691.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-370x167.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-270x122.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2-740x333.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image7-2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Malicious IP addresses found by the service<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The service provides plenty of context and shows that the malware in question is <a href=\"https:\/\/any.run\/malware-trends\/stealc\" target=\"_blank\" rel=\"noreferrer noopener\">StealC<\/a>. Some of the additional indicators provided include malicious IPs and URLs, which were used in StealC attacks.&nbsp;<\/p>\n\n\n\n<p>You can always go back to the source by navigating to a sandbox session of your interest to observe the threat&#8217;s behavior, and even rerun the analysis using your own VM settings.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Collecting Fresh Samples with YARA Rules&nbsp;<\/h3>\n\n\n\n<p>Another handy feature of TI Lookup is YARA Search. Thanks to the built-in editor, you can create, edit, store, and use YARA rules to find samples that match them.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"596\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-1024x596.png\" alt=\"\" class=\"wp-image-9782\" style=\"width:650px;height:auto\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-1024x596.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-300x175.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-768x447.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-1536x894.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-370x215.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-270x157.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2-740x431.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2024\/11\/image8-2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The YARA rule search TI Lookup\u2019s database for matching samples<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>For example, using a YARA rule for AgentTesla, which is available by default in TI Lookup, the search returns numerous files that can be filtered by date. You can explore each result in detail by clicking on them and navigating to the sandbox session where it was detected. <\/p>\n\n\n\n<p>You can also download a JSON file containing file hashes along with links to corresponding sandbox sessions.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>The webinar gave a detailed look at TI Lookup, showing how it can help improve threat investigations. The tool&#8217;s ability to provide fast results, offer a wide range of search options, and give access to real samples and the latest data makes it very useful for cybersecurity professionals. <\/p>\n\n\n\n<p>Stay tuned for more webinars from ANY.RUN by following us on social media like <a href=\"https:\/\/x.com\/anyrun_app\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>, <a href=\"https:\/\/www.facebook.com\/www.any.run\/\" target=\"_blank\" rel=\"noreferrer noopener\">Facebook<\/a>, and Discord.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds<\/li>\n\n\n\n<li>Interact with samples in real time<\/li>\n\n\n\n<li>Save time and money on sandbox setup and maintenance<\/li>\n\n\n\n<li>Record and study all aspects of malware behavior<\/li>\n\n\n\n<li>Collaborate with your team&nbsp;<\/li>\n\n\n\n<li>Scale as you need<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=improve_threat_investigations&amp;utm_term=121124&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial of ANY.RUN&#8217;s products \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 23, we hosted a webinar &#8220;How to Improve Threat Investigations with TI Lookup&#8221;. The session was led by Dmitry Marinov, CTO at ANY.RUN, who showed the audience effective methods for collecting the latest threat intelligence.&nbsp; You can check out the recording on our YouTube channel. Here is a quick rundown of the main [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9789,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,15,40],"class_list":["post-9773","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-malware","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Improve Cyber Threat Investigations with TI Lookup<\/title>\n<meta name=\"description\" content=\"Discover effective methods for collecting the latest threat intelligence with ANY.RUN&#039;s TI Lookup and see real-world use cases.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"y.shvetsov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"y.shvetsov\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"How to Improve Threat Investigations with TI Lookup: Webinar Recap\u00a0\",\n\t            \"datePublished\": \"2024-11-12T10:59:35+00:00\",\n\t            \"dateModified\": \"2025-09-03T13:15:59+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/\"\n\t            },\n\t            \"wordCount\": 1447,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"cybersecurity\",\n\t                \"malware\",\n\t                \"malware behavior\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Cybersecurity Lifehacks\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/\",\n\t            \"name\": \"How to Improve Cyber Threat Investigations with TI Lookup\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2024-11-12T10:59:35+00:00\",\n\t            \"dateModified\": \"2025-09-03T13:15:59+00:00\",\n\t            \"description\": \"Discover effective methods for collecting the latest threat intelligence with ANY.RUN's TI Lookup and see real-world use cases.\u00a0\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Cybersecurity Lifehacks\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"How to Improve Threat Investigations with TI Lookup: Webinar Recap\u00a0\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"y.shvetsov\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\n\t                \"caption\": \"y.shvetsov\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Improve Cyber Threat Investigations with TI Lookup","description":"Discover effective methods for collecting the latest threat intelligence with ANY.RUN's TI Lookup and see real-world use cases.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/","twitter_misc":{"Written by":"y.shvetsov","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/"},"author":{"name":"y.shvetsov","@id":"https:\/\/any.run\/"},"headline":"How to Improve Threat Investigations with TI Lookup: Webinar Recap\u00a0","datePublished":"2024-11-12T10:59:35+00:00","dateModified":"2025-09-03T13:15:59+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/"},"wordCount":1447,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware","malware behavior"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/","url":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/","name":"How to Improve Cyber Threat Investigations with TI Lookup","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-11-12T10:59:35+00:00","dateModified":"2025-09-03T13:15:59+00:00","description":"Discover effective methods for collecting the latest threat intelligence with ANY.RUN's TI Lookup and see real-world use cases.\u00a0","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-improve-cyber-threat-investigations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"How to Improve Threat Investigations with TI Lookup: Webinar Recap\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"y.shvetsov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","caption":"y.shvetsov"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/9773"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=9773"}],"version-history":[{"count":14,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/9773\/revisions"}],"predecessor-version":[{"id":15725,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/9773\/revisions\/15725"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/9789"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=9773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=9773"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=9773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}