Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve information about ransomware ransomnotes, specifically allowing users to list ransomnotes by a specified ransomware group. It is useful for cybersecurity analysts, threat intelligence teams, and incident responders who want to gather data on ransomnotes associated with particular ransomware groups to monitor threats or investigate incidents.

For example, a user can input the name of a ransomware group (e.g., "lockbit") and retrieve all ransomnotes published by that group, which can help in tracking ransomware campaigns or understanding attacker behavior.

Properties

Name	Meaning
Group	The name of the ransomware group whose ransomnotes you want to list (e.g., "lockbit").

Output

The node outputs an array of JSON objects representing ransomnotes associated with the specified ransomware group. Each item in the output corresponds to a ransomnote entry retrieved from the API.

The json field contains the ransomnote data as returned by the ransomware.live API.
There is no binary data output for this operation.

Dependencies

Requires an API key credential for the ransomware.live API.
The node uses the base URL https://api-pro.ransomware.live by default but can be configured if needed.
Proper configuration of the API authentication credential within n8n is necessary for successful requests.

Troubleshooting

Common issues:
- Providing an invalid or misspelled ransomware group name will result in no data or an error.
- Missing or incorrect API credentials will cause authentication failures.
- Network connectivity issues may prevent the node from reaching the ransomware.live API.
Error messages:
- "Unsupported operation" errors occur if the operation parameter does not match the supported ones for the resource.
- Authentication errors indicate problems with the API key setup.
- If the node throws an error related to the resource or operation, verify that the correct resource ("ransomnotes") and operation ("listByGroup") are selected.
Resolution tips:
- Double-check the ransomware group name spelling.
- Ensure the API key credential is correctly set up and has proper permissions.
- Confirm network access to the ransomware.live API endpoint.

Links and References

ransomware.live API Documentation (for detailed API usage and available endpoints)
n8n Documentation (for general guidance on using credentials and HTTP request nodes)