https://anomali.com

Anomali | AI Threat Intelligence & Agentic SOC PlatformDiscover how Anomali uses AI-driven threat intelligence and a powerful security operations platform to improve visibility, detection and cyber resilience.Anomali | AI Threat Intelligence & Agentic SOC Platform Skip to main contentPRODUCTSAgentic SOC Platform OverviewUnifies threat intelligence, security data, and agentic AI into a single platform, enabling SOC and CTI teams to collaborate seamlessly. Teams gain context and AI-guided workflows to detect hidden threats, prioritize high-risk incidents, and respond faster.Agentic SOC Platform OverviewAgentic SOC Platform OverviewProductsUnified Security Data LakeComplete visibility, AI-guided insights, and unified workflows to detect, investigate, and respond at machine speed.Unified Security Data LakeUnified Security Data LakeThreatStream Next-GenThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.ThreatStream Next-GenThreatStream Next-GenAgentic AIAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Agentic AIAgentic AIUse CasesComplianceAll-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.ComplianceComplianceThreat DetectionThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Threat DetectionThreat DetectionInvestigation and ResponseAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Investigation and ResponseInvestigation and ResponseThreat HuntingAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat HuntingThreat HuntingThreat AnalysisAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat AnalysisThreat AnalysisIntelligence DistributionAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Intelligence DistributionIntelligence DistributionCapabilitiesThreat Intelligence (TIP)All-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.Threat Intelligence (TIP)Threat Intelligence (TIP)SIEMThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.SIEMSIEMAgentic AIAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Agentic AIAgentic AISOARAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.SOARSOARXDRAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.XDRXDRUSE CASESUnified Security Data lakeComplianceAll-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.ComplianceComplianceThreat DetectionThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Threat DetectionThreat DetectionInvestigation and ResponseAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Investigation and ResponseInvestigation and ResponseThreat HuntingAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat HuntingThreat HuntingThreatStream Next-GenThreat DetectionThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Threat DetectionThreat DetectionInvestigation and ResponseAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Investigation and ResponseInvestigation and ResponseThreat HuntingAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat HuntingThreat HuntingThreat AnalysisAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat AnalysisThreat AnalysisIntelligence DistributionAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Intelligence DistributionIntelligence DistributionAgentic AIReason and ActAll-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.Reason and ActReason and ActModel Context ProtocolThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Model Context ProtocolModel Context ProtocolMarketplaceThe Anomali MarketplaceA unique cybersecurity marketplace providing instant access to a growing catalog of threat intelligence providers, integration partners, and threat analysis tools.The Anomali MarketplaceThe Anomali MarketplaceThreat Intelligence FeedsTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Threat Intelligence FeedsThreat Intelligence FeedsThreat Analysis Tools and EnrichmentsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.Threat Analysis Tools and EnrichmentsThreat Analysis Tools and EnrichmentsSecurity System PartnersTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Security System PartnersSecurity System PartnersSDKsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.SDKsSDKsRESOURCESExplore ResourcesDive into the latest cybersecurity and threat intelligence news, tips, and insights through our library of articles, webinars, datasheets, industry reports, case studies, and more.Explore ResourcesExplore ResourcesGlobal InfoSec AwardsAnomali scores triple win for SIEM, SecOps, and TIPSIEM OptimizationOptimize SIEM with an intelligence-native approach built for speed, scale, and action.STAXXYour free STIX/TAXII solutionExploreBlogTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.BlogBlogCase StudiesTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Case StudiesCase StudiesGlossaryTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.GlossaryGlossaryEngageWebinarsTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.WebinarsWebinarsEventsTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.EventsEventsDemos and VideosTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Demos and VideosDemos and VideosLearnWhat is a Threat Intelligence Platform (TIP)?Trial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.What is a Threat Intelligence Platform (TIP)?What is a Threat Intelligence Platform (TIP)?What is MITRE ATT&CK?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What is MITRE ATT&CK?What is MITRE ATT&CK?What is Threat Intelligence?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What is Threat Intelligence?What is Threat Intelligence?What are STIX/TAXII?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What are STIX/TAXII?What are STIX/TAXII?What is Security Analytics?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What is Security Analytics?What is Security Analytics?CompanyAbout AnomaliAnomali delivers the first Intelligence-Native Agentic SOC Platform, unifying a fully-featured-security data lake, threat intelligence, and agentic AI into a single modern experience. The platform accelerates detection, investigation, and response, delivering earlier insights, faster action, and scalable modernization across any environment.About AnomaliAbout AnomaliPress RoomTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Press RoomPress RoomGartner ReviewsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.Gartner ReviewsGartner ReviewsAwardsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.AwardsAwardsLeadershipTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.LeadershipLeadershipCareersGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.CareersCareersContact UsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.Contact UsContact UsPartnersPartners OverviewAnomali is dedicated to fostering strong partnerships, ensuring shared success and growth through collaborative innovation and mutual support.Partners OverviewPartners OverviewPartner DirectoryTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Partner DirectoryPartner DirectoryChannel PartnersTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Channel PartnersChannel PartnersMSSPTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.MSSPMSSPTechnology Alliance PartnersTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Technology Alliance PartnersTechnology Alliance PartnersThreat Intel SharingTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Threat Intel SharingThreat Intel SharingPartner PortalTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Partner PortalPartner PortalDeal RegistrationTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Deal RegistrationDeal RegistrationBecome a Channel PartnerTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a Channel PartnerBecome a Channel PartnerBecome a MSSPTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a MSSPBecome a MSSPBecome a Technology Alliance PartnerTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a Technology Alliance PartnerBecome a Technology Alliance PartnerBecome a Threat Intel Sharing PartnerTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a Threat Intel Sharing PartnerBecome a Threat Intel Sharing PartnerSchedule a DemoPRODUCTSAgentic SOC Platform OverviewUnifies threat intelligence, security data, and agentic AI into a single platform, enabling SOC and CTI teams to collaborate seamlessly. Teams gain context and AI-guided workflows to detect hidden threats, prioritize high-risk incidents, and respond faster.Agentic SOC Platform OverviewAgentic SOC Platform OverviewProductsUnified Security Data LakeComplete visibility, AI-guided insights, and unified workflows to detect, investigate, and respond at machine speed.Unified Security Data LakeUnified Security Data LakeThreatStream Next-GenThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.ThreatStream Next-GenThreatStream Next-GenAgentic AIAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Agentic AIAgentic AIUse CasesComplianceAll-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.ComplianceComplianceThreat DetectionThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Threat DetectionThreat DetectionInvestigation and ResponseAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Investigation and ResponseInvestigation and ResponseThreat HuntingAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat HuntingThreat HuntingThreat AnalysisAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat AnalysisThreat AnalysisIntelligence DistributionAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Intelligence DistributionIntelligence DistributionCapabilitiesThreat Intelligence (TIP)All-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.Threat Intelligence (TIP)Threat Intelligence (TIP)SIEMThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.SIEMSIEMAgentic AIAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Agentic AIAgentic AISOARAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.SOARSOARXDRAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.XDRXDRUSE CASESUnified Security Data lakeComplianceAll-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.ComplianceComplianceThreat DetectionThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Threat DetectionThreat DetectionInvestigation and ResponseAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Investigation and ResponseInvestigation and ResponseThreat HuntingAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat HuntingThreat HuntingThreatStream Next-GenThreat DetectionThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Threat DetectionThreat DetectionInvestigation and ResponseAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Investigation and ResponseInvestigation and ResponseThreat HuntingAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat HuntingThreat HuntingThreat AnalysisAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Threat AnalysisThreat AnalysisIntelligence DistributionAdvanced AI and natural language processing to simplify and speed up analysis so you can stop threats in their tracks.Intelligence DistributionIntelligence DistributionAgentic AIReason and ActAll-in-one ETL, SIEM, XDR, UEBA, and SOAR for blazing fast threat detection, investigation, and response.Reason and ActReason and ActModel Context ProtocolThe industry’s leading threat intelligence platform (TIP) that provides curated access to the world’s largest repository of curated threat intelligence.Model Context ProtocolModel Context ProtocolMarketplaceThe Anomali MarketplaceA unique cybersecurity marketplace providing instant access to a growing catalog of threat intelligence providers, integration partners, and threat analysis tools.The Anomali MarketplaceThe Anomali MarketplaceThreat Intelligence FeedsTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Threat Intelligence FeedsThreat Intelligence FeedsThreat Analysis Tools and EnrichmentsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.Threat Analysis Tools and EnrichmentsThreat Analysis Tools and EnrichmentsSecurity System PartnersTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Security System PartnersSecurity System PartnersSDKsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.SDKsSDKsRESOURCESExplore ResourcesDive into the latest cybersecurity and threat intelligence news, tips, and insights through our library of articles, webinars, datasheets, industry reports, case studies, and more.Explore ResourcesExplore ResourcesGlobal InfoSec AwardsAnomali scores triple win for SIEM, SecOps, and TIPSIEM OptimizationOptimize SIEM with an intelligence-native approach built for speed, scale, and action.STAXXYour free STIX/TAXII solutionExploreBlogTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.BlogBlogCase StudiesTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Case StudiesCase StudiesGlossaryTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.GlossaryGlossaryEngageWebinarsTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.WebinarsWebinarsEventsTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.EventsEventsDemos and VideosTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Demos and VideosDemos and VideosLearnWhat is a Threat Intelligence Platform (TIP)?Trial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.What is a Threat Intelligence Platform (TIP)?What is a Threat Intelligence Platform (TIP)?What is MITRE ATT&CK?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What is MITRE ATT&CK?What is MITRE ATT&CK?What is Threat Intelligence?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What is Threat Intelligence?What is Threat Intelligence?What are STIX/TAXII?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What are STIX/TAXII?What are STIX/TAXII?What is Security Analytics?Gain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.What is Security Analytics?What is Security Analytics?CompanyAbout AnomaliAnomali delivers the first Intelligence-Native Agentic SOC Platform, unifying a fully-featured-security data lake, threat intelligence, and agentic AI into a single modern experience. The platform accelerates detection, investigation, and response, delivering earlier insights, faster action, and scalable modernization across any environment.About AnomaliAbout AnomaliPress RoomTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Press RoomPress RoomGartner ReviewsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.Gartner ReviewsGartner ReviewsAwardsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.AwardsAwardsLeadershipTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.LeadershipLeadershipCareersGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.CareersCareersContact UsGain the tools to pivot quickly from one piece of information to look up other sources of data to get a complete picture of a threat – all one click away.Contact UsContact UsPartnersPartners OverviewAnomali is dedicated to fostering strong partnerships, ensuring shared success and growth through collaborative innovation and mutual support.Partners OverviewPartners OverviewPartner DirectoryTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Partner DirectoryPartner DirectoryChannel PartnersTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Channel PartnersChannel PartnersMSSPTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.MSSPMSSPTechnology Alliance PartnersTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Technology Alliance PartnersTechnology Alliance PartnersThreat Intel SharingTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Threat Intel SharingThreat Intel SharingPartner PortalTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Partner PortalPartner PortalDeal RegistrationTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Deal RegistrationDeal RegistrationBecome a Channel PartnerTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a Channel PartnerBecome a Channel PartnerBecome a MSSPTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a MSSPBecome a MSSPBecome a Technology Alliance PartnerTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a Technology Alliance PartnerBecome a Technology Alliance PartnerBecome a Threat Intel Sharing PartnerTrial and purchase threat intelligence feeds from Anomali partners – find the right intelligence for your organization, industry, geography, and more.Become a Threat Intel Sharing PartnerBecome a Threat Intel Sharing PartnerSchedule a DemoBUILT ON A UNIFIED SECURITY DATA LAKEThe agentic soc PLATFORMCentralize all security telemetry, enrich it with real-world threat intelligence, and partner with our specialized AI agents to automate detection, investigation, and response.Talk to an Expert Trusted by global enterprises and government agencies to defend against real-world threatsTrusted partner of Fortune 500 CompaniesThe SOC isn’t broken. The architecture is.Security teams aren’t failing because they lack tools or talent. They’re failing because their data is fragmented, their intelligence is disconnected, and their workflows are reactive.TRADITIONAL SIEMLegacy SIEMs can’t keep up with today’s data volumes.TRADITIONAL THREAT INTELStandalone intelligence feeds don’t operationalize.TRADITIONAL SOARAutomation without context creates noise, not outcomes.One platform. Three layers. One outcome: faster, smarter defense.FOUNDATIONAL LAYERUnified Security Data LakeAnomali’s Unified Security Data Lake is the foundation of the Agentic SOC. It centralizes and retains massive volumes of security telemetry - cloud, endpoint, network, identity, and beyond, without the performance limits or cost penalties of legacy SIEMs.‍This isn’t cold storage.It’s always-on, always-searchable, and built for real-time and historical analysis at scale.Search and correlate years of data in secondsEliminate SIEM bottlenecks and retention tradeoffsBuild detections, investigations, and hunts on complete dataLearn MoreINTELLIGENCE GRAPH LAYERThreatStream NEXT-GENRaw events don’t explain risk. Context does.‍ThreatStream Next-Gen continuously enriches your data lake with real-world threat intelligence actors, infrastructure, TTPs, and campaigns, so analysts understand who, why, and what next, not just what happened.Enrich alerts with adversary and campaign contextPrioritize what matters and suppress what doesn’tOperationalize intelligence across detection, investigation, and responseLearn MoreAGENTIC OPERATIONS LAYERAgentic AIAgentic AI brings agency to the SOC.‍Instead of static dashboards or chat-only copilots, Anomali’s AI-driven agents reason over your data lake and intelligence context to guide investigations, recommend next actions, and automate response workflows.‍The result: fewer manual steps, faster decisions, and consistent execution without removing human control.AI-guided investigations with clear reasoningAutomated triage and response for repeatable threatsAnalysts focus on judgment, not busyworkLearn MoreTell me about IP 118.248.255.174What is cl0p ransomware?What are the top threats to my organization?ASK ANOMALI AGENTIC AICl0p is a Ransomware-as-a-Service (RaaS) operation first observed in 2019, known for its advanced anti-analysis and anti-virtual machine detection capabilities. The group rose to prominence in Q2 2023 by automating the exploitation of file transfer vulnerabilities, including MOVEit Transfer and GoAnywhere MFT.  The group has been known to exploit zero-day vulnerabilities, such as the CVE-2023-34362 vulnerability in Progress Software's MOVEit Transfer solution. In this campaign, they used a SQL injection vulnerability to install a web shell called LEMURLOOT, enabling data theft from underlying databases.The IP address 118.248.255.174 is identified as a malicious IP (mal_ip), an APT IP (apt_ip), and a scanning IP (scan_ip) with high confidence levels ranging from 98 to 100. It has been tagged with various sources such as Mandiant, Anomali Adversary Intelligence, and cinsscore:ci-badguys OSINT.   It is located in China and is part of the China Unicom Shandong province network. The IP is associated with the threat actor APT28, known for state-sponsored activities and information theft. Tags related to APT28 include Fancy Bear and Iron Twilight.Cl0p is a Ransomware-as-a-Service (RaaS) operation first observed in 2019, known for its advanced anti-analysis and anti-virtual machine detection capabilities. The group rose to prominence in Q2 2023 by automating the exploitation of file transfer vulnerabilities, including MOVEit Transfer and GoAnywhere MFT.  The group has been known to exploit zero-day vulnerabilities, such as the CVE-2023-34362 vulnerability in Progress Software's MOVEit Transfer solution. In this campaign, they used a SQL injection vulnerability to install a web shell called LEMURLOOT, enabling data theft from underlying databases.The top threats to your organization over the last 30 days include:  Actors: Chaos, FSB, Federal Security Service, Hamas, Laravel, Opsec, Payouts, Scam_Guard, Silent Crow, World Leaks.  Attack Patterns: Application Layer Protocol, Command and Scripting Interpreter, Deobfuscate/Decode Files or Information, Exploitation for Client Execution, Exploitation for Privilege Escalation, Impair Defenses: Disable or Modify Tools, Ingress Tool Transfer, Masquerading, System Information Discovery, Valid Accounts.  |What security teams achieve with Anomali300x Faster detection and investigationAnalysts pivot across years of data and intelligence in seconds.96% Reduced time for threat investigationsContext-driven prioritization reduces false positives and alert fatigue.50% analyst time saved with operationalized intelThreat intel informs every stage of the SOC workflow, not just reports.60% reduced siem bill and operational costEliminate SIEM tax and manual effort while scaling data retention.Watch Anomali Agentic SOC at WorkINGEST AND UNIFYSecurity telemetry from across your environment flows into a single, high-performance data lake.Enrich and prioritizeThreatStream Next-Gen adds adversary and campaign context, turning raw signals into prioritized risk.ACT WITH AGENCYAI-driven agents guide analysts and automate response, accelerating outcomes without sacrificing oversight.seamless integration with the tools you already useView IntegrationsSEE WHAT FORTUNE 500 CUSTOMERS ARE SAYINGAn exceptional / state of art product with a great customer focused team to enable the organization improve its cyber posture proactively.Global Leader - Cybersecurity Operations, Manufacturing industryExcellent TIP to concentrate & correlate Feeds from all kind of sources. Need to maturing in the capability to produce reports and with Sighting.Threat Intelligence Lead, Media industryAnomali provide a knowledge system that provides our organisation with a tool that helps us getting more insight and overview in the financial threat landscape, combined with extended connectivity possibilities related to external intelligence sources makes this a powerful tool.CYI Analyst, Finance industryOnce products are deployed, the process runs smoothly. Produces huge numbers of Threat Intel, which were filtered and customized to our requirements. Anomali support is outstanding, and dedicated to satisfy our requirements.Technical Cyber Threat Intelligence Analyst, Finance industryAnomali has been one of the only platforms we've seen that allows us to tag our own intelligence, apply confidence ratings and collaborate with other intel sources to get a better picture of the attacker infrastructures, etc at a play in Cyber Attacks.Cyber Security Specialist, Transportation industryFrom the moment we implemented Anomali we immediately felt like family. They supported us in the first steps when during our learning phase with the product and now they check in on a regular basis to ensure that we're using the product to it's fullest extend and capabilities. Whenever we have a support issue, they are always available to help and does it with an amazing attitude.Threat Intelligence Team Leader, Finance industryI could say these data set is designed for practitioner. 1. Input - All kind of (unstructured + structured) data could processed properly. 2. Output - The type of export also clearly organized. So It saves time to customized/beautify.Senior Consultant, Services industryFrom the moment we implemented Anomali we immediately felt like family. They supported us in the first steps when during our learning phase with the product and now they check in on a regular basis to ensure that we're using the product to it's fullest extend and capabilities. Whenever we have a support issue, they are always available to help and does it with an amazing attitude.Threat Intelligence Team Leader, Finance industryAnomali has been one of the only platforms we've seen that allows us to tag our own intelligence, apply confidence ratings and collaborate with other intel sources to get a better picture of the attacker infrastructures, etc at a play in Cyber Attacks.Cyber Security Specialist, Transportation industryI could say these data set is designed for practitioner. 1. Input - All kind of (unstructured + structured) data could processed properly. 2. Output - The type of export also clearly organized. So It saves time to customized/beautify.Senior Consultant, Services industryAn exceptional / state of art product with a great customer focused team to enable the organization improve its cyber posture proactively.Global Leader - Cybersecurity Operations, Manufacturing industryAnomali provide a knowledge system that provides our organisation with a tool that helps us getting more insight and overview in the financial threat landscape, combined with extended connectivity possibilities related to external intelligence sources makes this a powerful tool.CYI Analyst, Finance industryOnce products are deployed, the process runs smoothly. Produces huge numbers of Threat Intel, which were filtered and customized to our requirements. Anomali support is outstanding, and dedicated to satisfy our requirements.Technical Cyber Threat Intelligence Analyst, Finance industryExcellent TIP to concentrate & correlate Feeds from all kind of sources. Need to maturing in the capability to produce reports and with Sighting.Threat Intelligence Lead, Media industryHugh Njemanze and his team at Anomali have taken security analytics to a new peak and they continue to relentlessly innovate. Moreover, we have used their platform to deliver business analytics. They have led the market in AI and ML, which has increased our productivity and our effectiveness with our management and board. Using The Anomali Platform is a competitive advantage for us. Finally, when Anomali says they partner with their customers, they mean it. Keep innovating!Deputy CISO, Fortune 500 Financial Institution10x Banking, a financial services technology company with a mission to move banks from monolithic to next-generation core banking solutions delivered through the world’s most comprehensive and powerful cloud native SaaS bank operating system, uses Anomali ThreatStream and Lens to help operationalize threat intelligence for their security team.10x Banking Technology ServicesAnomali uniquely innovates from our perspective as customers vs. the vendor or the analyst communities. They speak business and have attended one of our board meetings. Their approach is the modern path of managing security to drive business. They are all about use cases and automation. Not to mention the cost savings. They serve the who’s who globally in our sector.Senior Executive, Global Energy CompanyWhen I first met Anomali, I thought that they were a SIEM 3.0 with the best intelligence. I now think differently and am less focused on acronyms. As a CISO, I need to protect my organization and deliver shareholder value. Anomali is my partner.CISO, Top 50 Healthcare InstitutionAs one of the prominent banks in the United Arab Emirates, we manage assets and transactions for thousands of customers. One of our main commitments to our customers is security and we achieve this through solid partnerships with industry experts such as Anomali. By bringing in industry experts, we expect to gain advanced levels of security that will help us to further heighten our defenses and intercept any possible exploitation by cybercriminals.K.S. Ramakrishnan, Chief Risk Officer, RAKBANKThe financial services industry continues to be among the most targeted in the world, with cybercriminals always attempting to make inroads directly through banks’ networks or by going after consumers directly. Anomali has proven its ability to deliver on the promise of advanced threat intelligence, which supports us in helping our users to remain secure and better prepared. By adding them to our lab environment, we are confident that defensive capabilities will strengthen for all involved.Romano Stasi, Managing Director, CERTFinWe leverage market-leading tools to give our company a competitive advantage and our 24/7 SOC a leg up on bad actors. With Anomali, we improve on both of these goals. By adding intelligence, we achieve a high level of certainty that enhances prioritization of the most serious threats our customers face, while improving our mitigation decisions.Grant Leonard, Co-Founder, CastraAll public organizations are targeted by nefarious actors with extreme frequency, Oklahoma is no exception. Since the beginning of the current global health crisis, we’ve experienced a spike in related attacks. Anomali will show us who the attackers are, when they are coming after us, and provide context needed to prioritize and speed our response to the most serious threats we face.Matt Singleton, State CISO, Oklahoma OMESThe time it takes to analyze a threat has gone down from 30 minutes to just a few minutes, time that adds up over the course of investigating many malicious IPs every week. There has been a substantial decrease in terms of meantime-to- know.Arindam Bose, Senior Vice President & Security Officer, Bank of HopeBefore Anomali, we had tons of information without context. We had to look through thousands of alerts quickly just to see what stood out and then react to those. Anomali enabled us to spend less time dealing with noise, and more time focusing on critical issues.CISO, Global Fintech CompanyFrom the moment we implemented Anomali we immediately felt like family. They supported us in the first steps when during our learning phase with the product and now they check in on a regular basis to ensure that we're using the product to it's fullest extend and capabilities. Whenever we have a support issue, they are always available to help and does it with an amazing attitude.Threat Intelligence Team Leader, Finance industryAnomali has been one of the only platforms we've seen that allows us to tag our own intelligence, apply confidence ratings and collaborate with other intel sources to get a better picture of the attacker infrastructures, etc at a play in Cyber Attacks.Cyber Security Specialist, Transportation industryI could say these data set is designed for practitioner. 1. Input - All kind of (unstructured + structured) data could processed properly. 2. Output - The type of export also clearly organized. So It saves time to customized/beautify.Senior Consultant, Services industryAn exceptional / state of art product with a great customer focused team to enable the organization improve its cyber posture proactively.Global Leader - Cybersecurity Operations, Manufacturing industryAnomali provide a knowledge system that provides our organisation with a tool that helps us getting more insight and overview in the financial threat landscape, combined with extended connectivity possibilities related to external intelligence sources makes this a powerful tool.CYI Analyst, Finance industryOnce products are deployed, the process runs smoothly. Produces huge numbers of Threat Intel, which were filtered and customized to our requirements. Anomali support is outstanding, and dedicated to satisfy our requirements.Technical Cyber Threat Intelligence Analyst, Finance industryExcellent TIP to concentrate & correlate Feeds from all kind of sources. Need to maturing in the capability to produce reports and with Sighting.Threat Intelligence Lead, Media industrySee what an Agentic SOC looks like in practiceSchedule a MeetingTalk to Sales808 Winslow Street, Redwood City,
CA, 94063, United States+1 844 4 THREATS (847328)
‍+44 8000 148096 (International Toll-Free) PRODUCTSAnomali Agentic SOC PlatformAnomali Unified Security Data LakeAnomali ThreatStream Next-GenAnomali Agentic AICAPABILITIESThreat Intelligence (TIP)SIEMAgentic AISOARXDRUSE CASESComplianceThreat DetectionInvestigation and ResponseThreat HuntingThreat AnalysisMARKETPLACEAnomali MarketplaceThreat Intelligence FeedsThreat Analysis Tools and EnrichmentsSecurity System PartnersPARTNERSPartners OverviewJoin the Technology Partner ProgramChannel Partner ProgramThreat Intel SharingPartner Portal LoginRESOURCESResource LibraryBlogEventsSupportGlossaryCOMPANYAbout AnomaliLeadershipCareersPress RoomPrivacy PolicyTerms of ServiceCookies PolicySecurity© Copyright 2026 Anomali®. All rights reserved. ThreatStream® is a registered trademark of Anomali Inc. Anomali Match™ ("Match") and Anomali Lens™ ("Lens") are trademarks of Anomali Inc.enenhttps://anomali.com