Threat Intelligence Lookup

Identify threats
with linked indicators

Searchable database of linked IOCs
Lookup by any event, field, or indicator
Real-world malware examples
Interactive matrix of popular TTPs
Real-time map of C2 locations
Web interface and RESTful API

LET'S START NOW

What is Threat
Intelligence Lookup?

Threat Intelligence Lookup lets you query IOCs against a large database of tasks processed in ANY.RUN sandbox.

It provides context and actionable insights on events, IP addresses, domains, file hashes, URLs, and more, allowing you to quickly evaluate the risk of IOCs during incident response or threat hunting.

Efficiently find threats with our detailed lookup engine

Perform detailed searches to add context to indicators and find linked threats. Use a range of fields and conditions to refine your results.

Query by any specific field, from system-related indicators to network signatures
Combine conditions using AND conjunction
Type or paste your search criteria or select from a predefined list

Examine connected indicators and malware samples from search results

Use linked data from search results to understand how individual indicators or events tie to known threats. Each TI Lookup search shows linked:

Domains
URLs
Events
Files
Tasks
And more

Look up threats by any indicator or event and perform wildcard searches

Use any suspicious indicator found in your system to find contextual threat information and identify threats. You perform wildcard searches by:

Malware names
Events
Domains
IPs
URLs
TTPs
Registry fields
Hashes
Files
Process fields
Suricata/Behaviour rules
And more

Track popular TTPs, malware families and Suricata detections

Get a better understanding of popular Tactics, Techniques, and Procedures.

Find TTPs by any field, event or indicator.
Better understand TTPs with real malware examples and see the risk level of each TTP.
View which malware families are gaining popularity at a glance
Get information on the most frequent Suricata rule detections

Look up C2 locations

Geolocate threats using a live map of known C2 origins

See malware families connected to known C2s
Find examples tasks involving those threats
Filter results by country or family

Track popularity of individual malware families

View real-time malware trends to adjust your security measures against likely threats.

Monitor how the popularity of specific malware changes over time
Extract fresh IOCs for prevalent malware families with ease
See which countries report the most instances of each malware family

Learn more about identified malware families

Learn more about individual malware families, track their popularity and easily find the most recent IOCs and samples

See the popularity of each threat over time
Collect associated hashes, IPs, domains, and URLs
Learn about execution patterns and distribution methods for each malware

A rich datasource of new malware samples

The information about recent threats comes from ANY.RUN’s interactive sandbox, trusted by over 400,000 analysts, SOC and DFIR team professionals.

50+ million samples in the database
14k new daily submissions
Only pre-processed, cleaned data makes it into our lookup service

Benefits of TI lookup for your business

Get a clearer view of adversaries' intent, capabilities, and targets and quickly identify the threat you are dealing with
Quickly link objects you are investigating to threats. Improve triage and prioritize alerts that need to be investigated or escalated using linked indicators
Learn more about threat behaviour with real-examples by instantly accessing dynamic analysis of identified threats

Interested to learn more?