In a rapidly evolving digital landscape where cyber threats emerge daily, ANY.RUN is empowering Security Operations Centers (SOCs) worldwide with its cutting-edge Threat Intelligence (TI) Feeds.
These continuously updated streams of Indicators of Compromise (IOCs) are designed to help organizations detect and neutralize attacks ranging from emerging malware to persistent threats faster and more effectively than ever before. But what sets ANY.RUN’s TI Feeds apart?
The answer lies in their unique enrichment process, fueled by a global community and advanced technology.
A Wealth of Actionable Data
ANY.RUN’s TI Feeds deliver far more than basic IOCs. They provide detailed insights into malicious IP addresses, domains, and URLs, complete with threat scores—100 for highly reliable, 75 for trustworthy, and 50 for suspicious offering SOC teams a clear gauge of each indicator’s reliability.
This enriched data allows organizations to expand threat hunting, prioritize alerts, improve incident response, and proactively defend against new and evolving threats.
The source of this intelligence? A thriving international community of over 500,000 cybersecurity researchers and professionals who upload and analyze real-world malware and phishing samples daily via ANY.RUN’s Public Submissions repository.
This collaborative effort ensures a steady flow of fresh, actionable data.
How ANY.RUN Stands Out: Unique Enrichment Methods
ANY.RUN’s TI Feeds distinguish themselves through two innovative approaches to collecting unique IOCs unavailable elsewhere.
IOCs Extracted from Malware Configurations
Malware configurations often contain hardcoded details like Command-and-Control (C2) server addresses and encryption keys.
Take a look at this sandbox session.
Using its Interactive Sandbox, ANY.RUN automatically extracts these configurations from dozens of malware families.
For example, in a recent analysis of an AsyncRAT sample, the sandbox revealed a malicious IP address used for C2 communication.
This critical indicator was instantly fed into the TI Feeds, enabling clients to identify and mitigate the threat early.
Want to integrate TI Feeds from ANY.RUN? Reach out to ANY.RUN Team
IOCs Detected with Suricata IDS Rules
ANY.RUN leverages Suricata, an advanced Intrusion Detection System (IDS), to analyze network traffic patterns. Unlike static indicators, Suricata rules detect threats even when attackers switch infrastructure.
In a recent FormBook malware analysis, Suricata flagged a connection to an attacker-controlled domain. This domain was promptly added to the TI Feeds, bolstering clients’ defenses against similar threats.
Real-World Impact
“By combining community-driven data with automated extraction and advanced traffic analysis, we’re delivering IOCs that are both fresh and unique,” said a spokesperson from ANY.RUN. “This gives SOC teams the edge they need to stay ahead of cybercriminals.”
For instance, compromised IPs in the feeds often tie back to C2 servers or phishing campaigns, allowing teams to block malicious traffic proactively.
Domains offer a broader view of attack campaigns, while URLs reveal gateways to malware distribution—each enriched with details like threat names, detection timestamps, and file hashes.
Free malware research with ANY.RUN – Start Now!
Try It Yourself
ANY.RUN invites organizations to experience the power of its TI Feeds with free demo samples available in STIX and MISP formats.
Integration is seamless via API, and the company also offers a dedicated MISP instance for syncing with security solutions. Interested parties can contact the ANY.RUN team to get started.
About ANY.RUN
Founded to simplify malware analysis, ANY.RUN now supports over 500,000 cybersecurity professionals globally. Its interactive sandbox tackles threats targeting Windows and Linux, while its suite of threat intelligence tools—including TI Lookup, YARA Search, and Feeds helps users investigate IOCs and respond to incidents swiftly.
As cyber threats grow more sophisticated, ANY.RUN’s TI Feeds are proving to be an indispensable resource for organizations determined to stay one step ahead. Get a 14-day free trial of ANY.RUN’s Threat Intelligence service.