Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve detailed information about victims of ransomware attacks. Specifically, the "Get Victim" operation fetches data for a single victim identified by a Base64-encoded victim ID (formatted as post_title@group_name). This node is useful in cybersecurity workflows where analysts need to gather intelligence on specific ransomware victims, track attack patterns, or enrich incident response data.

Practical examples include:

Fetching detailed victim profiles to understand the scope and impact of an attack.
Integrating victim data into threat intelligence platforms.
Automating alerts or reports based on victim information.

Properties

Name	Meaning
Victim ID	Base64-encoded identifier of the victim, formatted as `post_title@group_name`. Required.

Output

The node outputs JSON data representing the victim's details as returned by the ransomware.live API. The structure typically includes all available information about the victim, such as identifiers, group affiliations, sectors, countries, dates, and other metadata related to the ransomware incident.

No binary data output is produced by this operation.

Dependencies

Requires an API key credential for the ransomware.live API.
The base URL defaults to https://api-pro.ransomware.live but can be overridden via credentials.
Proper configuration of the API authentication token in n8n credentials is necessary.

Troubleshooting

Common issues:
- Invalid or missing Victim ID: Ensure the Victim ID is correctly Base64-encoded and follows the expected format (post_title@group_name).
- Authentication errors: Verify that the API key credential is valid and has appropriate permissions.
- Unsupported operations or resources: Using an operation or resource not supported by the node will throw an error.
Error messages:
- Unsupported operation "get" for resource "victims": Indicates a mismatch between selected operation and resource; verify correct selection.
- HTTP request failures: May indicate network issues, invalid credentials, or API downtime.

To resolve errors, double-check input parameters, ensure credentials are correctly set up, and consult the ransomware.live API status.

Links and References

ransomware.live API Documentation (for detailed API endpoints and data schema)
n8n Documentation (for general node usage and credential setup)