Threat intelligence Lookup

Examine cyberattacks faster with fresh data from other investigations

Speed up and simplify alert triage, incident response, and threat hunting.

Start now Request trial
Threat intelligence LookupThreat intelligence Yara

Unlock TI Lookup for triage and defense — access it now

Fast results

Get in-depth threat context for any indicator quickly, with a 2-second response time, right after the registration and with no search requests limit for free. Simplify and speed up your investigation to quickly identify and prevent threats.

Threat context enrichment

Gather extensive information on any threat using a wide range of search parameters, including threat names, file hashes, IPs, registry keys, and YARA rules. Explore sandbox sessions where detected indicators were found to see how the entire attack unfolds.

Attack data from 15,000 companies

Leverage real-time, community-driven threat intelligence from samples uploaded by over 500,000 analysts worldwide to enhance proactive security and improve SOC efficiency. Discover unique data not found elsewhere.

TI Lookup

Improve your incident response and forensic capabilities

Automate initial triage and access contextual data to quickly identify alerts for investigation or escalation to incident response teams

01 Optimize threat analysis and data sharing

Use any suspicious indicators to uncover contextual threat information, improving workflows and boosting efficiency. Enhance data sharing between SOC analysts, reducing time on analysis, data transfer, and process maintenance.

02 Speed up threat identification and response

Accelerate threat detection and prevention, enhancing SOC efficiency by reducing response time and adapting defenses to evolving threats. Simplify triage and prioritize alerts for faster action.

03 Enrich security solutions

Integrate real-time intelligence feeds with IOCs, IOAs, IOBs from sandbox sessions, using fresh data from 500,000 analysts to enhance detection. Create new rules for SIEM, IDS/IPS, and EDR to strengthen threat defense.

04 Investigate threats online

Track TTPs, malware families, and complex threats, including those hidden from automated defense systems like APTs and Zero-Day exploits. Enhance detection and response strategies based on detailed attack techniques.

Why us?

Benefits of ANY.RUN
Threat Intelligence Lookup

Browse contextual data

Every record contains related information such as threat names, IP addresses, and hashes.

Reinforce security systems

Receive continuously updated feeds of IOCs in your SIEMs and IPS/IDS systems using API and supplement it with SDK.

Perform deep searches

Search by any event fields or indicators, including TTPs, connections, paths and URLs.

Look up threat indicators

Easily tell what malicious objects are connected to IOCs.

TI Lookup

Look up threats across millions of sandbox research sessions

Find data, like malware actions and IOCs, across all ANY.RUN sandbox malware research sessions from 500,000 analysts.

Use over 40 search parameters

Use over 40 search parameters

Get results as wide or as precise as you need from 6 months of research data, which includes links to examples of TTPs implementation within interactive sandbox sessions.

See examples of TTPs implementation

See examples of TTPs implementation

Each MITRE TTP entry contains an implementation example, from a real-world malware sample processed in our sandbox.

Track activity per family

Track activity per family

Access comprehensive threat profile pages to get a holistic view of malware families, including popularity trends, detailed descriptions, and the latest IOCs.

Apply expert research on new cyber attacks and APTs

Apply expert research on new cyber attacks and APTs

Discover reports, complete with search queries, on active threats from our analyst team to improve threat monitoring, incident response, and compliance.

TI Lookup

Search by any indicator or event’s field

Use any suspicious indicator found in your system to find contextual threat information, including:

  • Threat names

  • Events

  • Domains

  • IPs

  • Process fields

  • YARA rules

  • URLs

  • TTPs

  • Hashes

  • Files

  • Suricata rules

  • Signatures

slide 1
slide 2
slide 3
slide 4
slide 5
slide 6
slide 7

Our TI data sources

ANY.RUN Threat Intelligence Lookup provides a single web service, combining all information on cyberthreats and their relationships acquired by ANY.RUN.

50 million+ threats in database

Data is collected from ANY.RUN public submissions database, which contains objects processed in our malware sandbox.

16 thousand new threats added daily

Threats are submitted by our community of over 500,000 researchers and 15,000 corporate clients.

Highly trusted, pre-processed data

By running threats through our sandbox first we are able to extract rich contextual data such as events, TTPs and IOCs.

Test ANY.RUN
Threat Intelligence Lookup

Start investigating threats for free

Access TI Lookup with unlimited queries. Search by IOC and event attributes using AND logic. View up to 20 matching sandbox sessions per request

Only business email needed

Start your trial with minimal setup and no commitment — no credit card or personal information required.

Faster incident response and triage

Find real analysis examples, enrich IOCs, and reduce response time, even in the free version. To try the full power of TI Lookup, ask for a trial.

Start now for free Request trial