Threat intelligence Lookup

Examine cyberattacks faster by using up-to-date data from other investigations

  • Fast Results

    Get in-depth threat context for any indicator quickly, with a 2-second response time for 180-day queries. Simplify and speed up your research.

  • Threat Context Enrichment

    Gather extensive information on any threat using a wide range of search parameters, including threat names, file hashes, IPs, registry keys, and YARA rules. Explore sandbox sessions where detected indicators were found to see how the entire attack unfolds.

  • Latest Data and Real-world Samples

    Tap into real-time, community-driven threat intelligence from fresh samples uploaded to the ANY.RUN sandbox by over 500,000 analysts worldwide. Discover unique data not found elsewhere.

Get started
Threat intelligence LookupThreat intelligence Yara
TI Lookup

Improve your incident response and forensic capabilities

Automate initial triage, and access contextual data to quickly identify alerts for investigation or escalation to incident response teams

01 Perform deep searches

Use any suspicious indicator found in your system to find contextual threat information.

02 Look up object relationships

Expedite threat identification, automate triage and help your security team prioritise alerts that need to be investigated.

03 Enrich security solutions

Get a feed IOCs pre-processed in our sandbox to enrich your security solutions.

04 Look up threats online

Track aggressively used TTPs, malware families and test your detection rules against our database of malicious objects.

Why us?

Benefits of ANY.RUN
Threat Intelligence Lookup

Browse contextual data

Every record contains related information such as threat names, IP addresses, and hashes.

Reinforce security systems

Continuously updated feed of IOCs delivered to your SIEMs, IPS/IDS systems and more.

Perform deep searches

Search by any event fields or indicators, including TTPs, connections, paths and URLs.

Look up threat indicators

Easily tell what malicious objects are connected to IOCs.

TI Lookup

Look up threats across millions of sandbox research sessions

Find data, like malware actions and IOCs, across all ANY.RUN sandbox malware research sessions from 500,000 analysts.

Use over 40 search parameters

Use over 40 search parameters

Get results as wide or as precise as you need from 6 months research data, which includes links to examples of TTPs implementation within interactive sandbox sessions.

See examples of TTPs implementation

See examples of TTPs implementation

Each MITRE TTP entry contains an implementation example, from a real-world malware sample processed in our sandbox.

Track activity per family

Track activity per family

Access comprehensive threat profile pages to get a holistic view of malware families, including popularity trends, detailed descriptions, and the latest IOCs.

TI Lookup

Search by any indicator or event’s field

Use any suspicious indicator found in your system to find contextual threat information, including:

  • Threat names

  • Events

  • Domains

  • IPs

  • Process fields

  • YARA rules

  • URLs

  • TTPs

  • Hashes

  • Files

  • Suricata rules

  • Signatures

slide 1
slide 2
slide 3
slide 4
slide 5
slide 6
slide 7

Our TI data sources

ANY.RUN Threat Intelligence Lookup provides a single web service, combining all information on cyberthreats and their relationships acquired by ANY.RUN

50 million+ threats in database

Data is collected from ANY.RUN public submissions database, which contains objects processed in our malware sandbox.

16 thousands new threats added daily

Threats are submitted by our community of over 500,000 researchers and 3,000 corporate clients.

Highly trusted, pre‑processed data

By running threats throw our sandbox first we are able to extract rich contextual data such as events, TTPs and IOCs.

Test the full power of ANY.RUN Threat Intelligence Lookup

Full access to all features

Gain unrestricted use of our comprehensive suite of threat intelligence tools. This includes real-time data feeds, TI lookup and interactive sandbox.

Only business email needed

Start your trial with minimal setup and no commitment — no credit card or personal information required.

14 days, extendable by request

Enjoy a two-week trial period to experience the full capabilities of our platform, with the option to request an extension.

Inquire about a trial