Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve detailed information about ransomware groups. Specifically, the "Get Group Details" operation fetches comprehensive data about a specified ransomware group by its name. This is useful for cybersecurity analysts, threat intelligence teams, and incident responders who want to gather up-to-date information on ransomware actors to assess threats, track activity, or enrich security alerts.

Practical examples:

Fetching details about the "lockbit" ransomware group to understand their tactics, recent activities, or known indicators.
Integrating ransomware group data into a security dashboard for continuous monitoring.
Automating enrichment of security incidents with ransomware group profiles.

Properties

Name	Meaning
Group Name	The exact name of the ransomware group to retrieve details for (e.g., "lockbit").

Output

The output JSON contains the detailed information about the requested ransomware group as returned by the ransomware.live API. The structure depends on the API response but typically includes fields such as group description, aliases, known campaigns, associated malware, and other relevant metadata.

If multiple items are returned (though for this operation it is expected to be a single object), they will be output as an array of JSON objects.

No binary data output is produced by this operation.

Dependencies

Requires an API key credential for the ransomware.live API configured in n8n.
The node makes authenticated HTTP GET requests to the ransomware.live API endpoint (default base URL: https://api-pro.ransomware.live).

Troubleshooting

Unsupported operation error: If you select an operation other than "get" for the "Group" resource, the node will throw an error indicating the operation is unsupported.
Invalid or missing group name: Since the group name is required, omitting it or providing an incorrect name may result in API errors or empty responses.
Authentication issues: Ensure that the API key credential is correctly set up and valid; otherwise, the node will fail to authenticate with the ransomware.live API.
Network or API downtime: Temporary network issues or ransomware.live API outages can cause request failures; retrying later or checking connectivity may resolve these.

Links and References

ransomware.live API Documentation (for detailed API endpoints and data schema)
n8n Documentation - Creating Custom Nodes