Threat intelligence Lookup

Examine cyberattacks faster with fresh data from other investigations

Speed up and simplify alert triage, incident response, and threat hunting.

Unlock TI Lookup for triage and defense — access it now

Fast results

Get in-depth threat context for any indicator quickly, with a 2-second response time, right after the registration and with no search requests limit for free. Simplify and speed up your investigation to quickly identify and prevent threats.

Threat context enrichment

Gather extensive information on any threat using a wide range of search parameters, including threat names, file hashes, IPs, registry keys, and YARA rules. Explore sandbox sessions where detected indicators were found to see how the entire attack unfolds.

Attack data from 15,000 companies

Leverage real-time, community-driven threat intelligence from samples uploaded by over 600,000 analysts worldwide to enhance proactive security and improve SOC efficiency. Discover unique data not found elsewhere.

TI Lookup

Improve your incident response and forensic capabilities

Automate initial triage and access contextual data to quickly identify alerts for investigation or escalation to incident response teams.

01 Optimize threat analysis and data sharing

Use any suspicious indicators to uncover contextual threat information, improving workflows and boosting efficiency. Enhance data sharing between SOC analysts, reducing time on analysis, data transfer, and process maintenance.

02 Speed up threat identification and response

Accelerate threat detection and prevention, enhancing SOC efficiency by reducing response time and adapting defenses to evolving threats. Simplify triage and prioritize alerts for faster action.

03 Enrich security solutions

Integrate real-time intelligence feeds with IOCs, IOAs, IOBs from sandbox sessions, using fresh data from 600,000 analysts to enhance detection. Create new rules for SIEM, IDS/IPS, and EDR to strengthen threat defense.

04 Investigate threats online

Track TTPs, malware families, and complex threats, including those hidden from automated defense systems like APTs and Zero-Day exploits. Enhance detection and response strategies based on detailed attack techniques.

Why us?

Benefits of ANY.RUN
Threat Intelligence Lookup

Browse contextual data

Every record contains related information such as threat names, IP addresses, and hashes.

Reinforce security systems

Receive continuously updated feeds of IOCs in your SIEMs and IPS/IDS systems using API and supplement it with SDK.

Perform deep searches

Look up any event fields or indicators (URLs, TTPs, file paths, etc.) and see connections between them.

Explore threat landscape

Research threats by industries and regions to strengthen risk awareness and prioritization.

TI Lookup

Look up threats across millions of sandbox research sessions

Find data, like malware actions and IOCs, across all ANY.RUN sandbox malware research sessions from 600,000 analysts.

Use over 40 search parameters

Get results as wide or as precise as you need from 6 months of research data, which includes links to examples of TTPs implementation within interactive sandbox sessions.

See examples of TTPs implementation

Each MITRE TTP entry contains an implementation example, from a real-world malware sample processed in our sandbox.

Track activity per family

Access comprehensive threat profile pages to get a holistic view of malware families, including popularity trends, detailed descriptions, and the latest IOCs.

Apply expert research on new cyber attacks and APTs

Discover reports, complete with search queries, on active threats from our analyst team to improve threat monitoring, incident response, and compliance.

TI Lookup

Search by any indicator or event’s field

Use any suspicious indicator found in your system to find contextual threat information, including:

Threat names
Events
Domains
IPs
Process fields
YARA rules
URLs
TTPs
Hashes
Files
Suricata rules
Signatures

Our TI data sources

ANY.RUN Threat Intelligence Lookup provides a single web service, combining all information on cyberthreats and their relationships acquired by ANY.RUN.

Database with
50 million+ threats

It contains in-depth insights from threat investigations done in ANY.RUN's malware sandbox.

16 thousand new threats added daily

Threats are submitted by our community of over 600,000 researchers and 15,000 corporate clients.

Highly trusted, pre‑processed data

By running threats through our sandbox first we are able to extract rich contextual data such as events, TTPs and IOCs.

Integrate TI Lookup in your SOC

Equip your security team with rich context on the latest threats to:

Streamline triage & response
Gain better incident clarity
Boost proactive security
Track evolving attacks in real time

Business email

Phone+1

+93
Afghanistan
+358
Åland Islands
+355
Albania
+213
Algeria
+1
American Samoa
+376
AndorrA
+244
Angola
+1
Anguilla
+672
Antarctica
+1
Antigua and Barbuda
+54
Argentina
+374
Armenia
+297
Aruba
+61
Australia
+43
Austria
+994
Azerbaijan
+1
Bahamas
+973
Bahrain
+880
Bangladesh
+1
Barbados
+375
Belarus
+32
Belgium
+501
Belize
+229
Benin
+1
Bermuda
+975
Bhutan
+591
Bolivia
+387
Bosnia and Herzegovina
+267
Botswana
+47
Bouvet Island
+55
Brazil
+246
British Indian Ocean Territory
+673
Brunei Darussalam
+359
Bulgaria
+226
Burkina Faso
+257
Burundi
+855
Cambodia
+237
Cameroon
+1
Canada
+238
Cape Verde
+1
Cayman Islands
+236
Central African Republic
+235
Chad
+56
Chile
+86
China
+61
Christmas Island
+61
Cocos (Keeling) Islands
+57
Colombia
+269
Comoros
+242
Congo
+243
Democratic Republic of the Congo
+682
Cook Islands
+506
Costa Rica
+225
Cote D'Ivoire
+385
Croatia
+53
Cuba
+357
Cyprus
+420
Czech Republic
+45
Denmark
+253
Djibouti
+1
Dominica
+1
Dominican Republic
+593
Ecuador
+20
Egypt
+503
El Salvador
+240
Equatorial Guinea
+291
Eritrea
+372
Estonia
+251
Ethiopia
+500
Falkland Islands (Malvinas)
+298
Faroe Islands
+679
Fiji
+358
Finland
+33
France
+594
French Guiana
+689
French Polynesia
+33
French Southern Territories
+241
Gabon
+220
Gambia
+995
Georgia
+49
Germany
+233
Ghana
+350
Gibraltar
+30
Greece
+299
Greenland
+1
Grenada
+590
Guadeloupe
+1
Guam
+502
Guatemala
+44
Guernsey
+224
Guinea
+245
Guinea-Bissau
+592
Guyana
+509
Haiti
+61
Heard Island and Mcdonald Islands
+39
Holy See (Vatican City State)
+504
Honduras
+852
Hong Kong
+36
Hungary
+354
Iceland
+91
India
+62
Indonesia
+98
Islamic Republic of Iran
+964
Iraq
+353
Ireland
+44
Isle of Man
+972
Israel
+39
Italy
+1
Jamaica
+81
Japan
+44
Jersey
+962
Jordan
+77
Kazakhstan
+254
Kenya
+686
Kiribati
+850
Korea, Democratic People'S Republic of
+82
Korea, Republic of
+965
Kuwait
+996
Kyrgyzstan
+856
Lao People'S Democratic Republic
+371
Latvia
+961
Lebanon
+266
Lesotho
+231
Liberia
+218
Libyan Arab Jamahiriya
+423
Liechtenstein
+370
Lithuania
+352
Luxembourg
+853
Macao
+389
Macedonia, The Former Yugoslav Republic of
+261
Madagascar
+265
Malawi
+60
Malaysia
+960
Maldives
+223
Mali
+356
Malta
+692
Marshall Islands
+596
Martinique
+222
Mauritania
+230
Mauritius
+262
Mayotte
+52
Mexico
+691
Micronesia, Federated States of
+373
Republic of Moldova
+377
Monaco
+976
Mongolia
+1
Montserrat
+212
Morocco
+258
Mozambique
+95
Myanmar
+264
Namibia
+674
Nauru
+977
Nepal
+31
Netherlands
+599
Netherlands Antilles
+687
New Caledonia
+64
New Zealand
+505
Nicaragua
+227
Niger
+234
Nigeria
+683
Niue
+672
Norfolk Island
+1
Northern Mariana Islands
+47
Norway
+968
Oman
+92
Pakistan
+680
Palau
+970
Palestinian Territory
+507
Panama
+675
Papua New Guinea
+595
Paraguay
+51
Peru
+63
Philippines
+870
Pitcairn
+48
Poland
+351
Portugal
+1
Puerto Rico
+974
Qatar
+262
Reunion
+40
Romania
+7
Russian Federation
+250
RWANDA
+290
Saint Helena
+1
Saint Kitts and Nevis
+1
Saint Lucia
+508
Saint Pierre and Miquelon
+1
Saint Vincent and the Grenadines
+685
Samoa
+378
San Marino
+239
Sao Tome and Principe
+966
Saudi Arabia
+221
Senegal
+381
Serbia
+382
Montenegro
+248
Seychelles
+232
Sierra Leone
+65
Singapore
+421
Slovakia
+386
Slovenia
+677
Solomon Islands
+252
Somalia
+27
South Africa
+500
South Georgia and the South Sandwich Islands
+34
Spain
+94
Sri Lanka
+249
Sudan
+597
Suriname
+47
Svalbard and Jan Mayen
+268
Swaziland
+46
Sweden
+41
Switzerland
+963
Syrian Arab Republic
+886
Taiwan, Province of China
+992
Tajikistan
+255
United Republic of Tanzania
+66
Thailand
+670
Timor-Leste
+228
Togo
+690
Tokelau
+676
Tonga
+1
Trinidad and Tobago
+216
Tunisia
+90
Turkey
+993
Turkmenistan
+1
Turks and Caicos Islands
+688
Tuvalu
+256
Uganda
+380
Ukraine
+971
United Arab Emirates
+44
United Kingdom
+1
United States
+1
United States Minor Outlying Islands
+598
Uruguay
+998
Uzbekistan
+678
Vanuatu
+58
Venezuela
+84
Vietnam
+1
Virgin Islands, British
+1
Virgin Islands, U.S.
+681
Wallis and Futuna
+212
Western Sahara
+967
Yemen
+260
Zambia
+263
Zimbabwe

Company name

Describe your business goal for using TI Lookup or ask a question

I accept ANY.RUN Terms of Use

By submitting the form, I agree to allow ANY.RUN to process my contact information, contact me, and share my details with its partners in accordance with the Privacy Policy.

Examine cyberattacks faster with fresh data from other investigations

Unlock TI Lookup for triage and defense — access it now

Fast results

Threat context enrichment

Attack data from 15,000 companies

Improve your incident response and forensic capabilities

01 Optimize threat analysis and data sharing

02 Speed up threat identification and response

03 Enrich security solutions

04 Investigate threats online

Benefits of ANY.RUNThreat Intelligence Lookup

Browse contextual data

Reinforce security systems

Perform deep searches

Explore threat landscape

Look up threats across millions of sandbox research sessions

Use over 40 search parameters

See examples of TTPs implementation

Track activity per family

Apply expert research on new cyber attacks and APTs

Search by any indicator or event’s field

Our TI data sources

Database with 50 million+ threats

16 thousand new threats added daily

Highly trusted, pre‑processed data

Integrate TI Lookup in your SOC

Benefits of ANY.RUN
Threat Intelligence Lookup

Database with
50 million+ threats