Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve information about Indicators of Compromise (IOCs) and other ransomware-related data. Specifically, for the "IOC" resource with the "List IOC Groups" operation, it fetches a list of IOC groups or individual IOCs filtered by type if specified.

Use cases include:

Security analysts wanting to gather threat intelligence on specific IOC types such as IP addresses, MD5 hashes, or email addresses.
Automating the retrieval of IOC data to enrich security alerts or feed into SIEM systems.
Monitoring emerging ransomware threats by regularly listing IOC groups from ransomware.live.

Example: List all IOC groups related to IP addresses to identify suspicious network indicators.

Properties

Name	Meaning
IOC Type	Filter the returned IOCs by type. Possible values include common IOC types like `md5`, `ip`, `email`. If left empty, no filtering is applied.

Output

The output is an array of JSON objects representing IOC groups or individual IOCs retrieved from the ransomware.live API.

Each item in the output corresponds to one IOC group or IOC entry.
The exact structure depends on the API response but typically includes fields such as IOC identifiers, types, associated groups, and metadata.
No binary data output is produced by this operation.

Dependencies

Requires an API key credential for the ransomware.live API.
The node uses the base URL https://api-pro.ransomware.live by default unless overridden in credentials.
Proper configuration of the API authentication token in n8n credentials is necessary.

Troubleshooting

Unsupported operation/resource errors: Occur if an invalid combination of resource and operation is selected. Ensure "IOC" resource and "list" operation are chosen for this use case.
Authentication errors: If the API key is missing or invalid, requests will fail. Verify that the ransomware.live API credential is correctly set up.
Empty results: May happen if the IOC Type filter does not match any entries. Try removing or adjusting the filter.
Network issues: Check connectivity to api-pro.ransomware.live and firewall settings if requests time out.

Links and References

ransomware.live API Documentation (for detailed API endpoints and parameters)
n8n HTTP Request Node Documentation (for understanding HTTP request handling in n8n)