Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve information about CSIRT (Computer Security Incident Response Team) entries based on a specified country code. It is useful for cybersecurity analysts, incident responders, or threat intelligence teams who want to gather details about CSIRT contacts or activities related to specific countries. For example, by providing a 2-letter or 3-letter ISO country code such as "FR" or "FRA", users can fetch relevant CSIRT data to coordinate responses or enrich threat intelligence reports.

Properties

Name	Meaning
Country Code	The 2-letter or 3-letter ISO country code representing the country of the CSIRT entry. Examples: "FR" or "FRA". This property is required.

Output

The node outputs JSON data containing the CSIRT entry information retrieved from the ransomware.live API for the specified country code. The structure depends on the API response but generally includes details about the CSIRT associated with that country.

The output is an array of JSON objects.
Each object corresponds to a CSIRT entry matching the requested country code.
No binary data is produced by this operation.

Dependencies

Requires an API key credential for the ransomware.live API.
The base URL defaults to https://api-pro.ransomware.live unless overridden in credentials.
Proper configuration of the API authentication token in n8n credentials is necessary.

Troubleshooting

Common issues:
- Providing an invalid or unsupported country code format may result in no data or errors.
- Missing or incorrect API credentials will cause authentication failures.
- Network connectivity problems can prevent successful API calls.
Error messages:
- "Unsupported operation \"get\" for resource \"csirt\"": This indicates an internal mismatch; ensure the operation and resource are correctly set.
- Authentication errors typically indicate missing or invalid API keys; verify credential setup.
- HTTP errors from the API (e.g., 404 if the country code is not found) should be checked against the input parameters.

Links and References

ransomware.live API Documentation (for detailed API endpoints and data formats)
ISO Country Codes (to find valid 2-letter or 3-letter country codes)