Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve recent victim data related to ransomware incidents. Specifically, the "List Recent Victims" operation fetches a list of victims sorted by either the date they were discovered or the date they were attacked. This is useful for cybersecurity analysts, threat intelligence teams, and incident responders who want to monitor recent ransomware victim activity and trends.

Practical examples include:

Automatically fetching the latest ransomware victims discovered in the wild to update internal threat databases.
Sorting victims by attack date to analyze recent attack waves.
Integrating recent victim data into dashboards or alerting systems for real-time monitoring.

Properties

Name	Meaning
Order	Sort the list of recent victims by either "Discovered" (date victim was found) or "Attacked" (date victim was attacked).

Output

The node outputs an array of JSON objects representing recent ransomware victims. Each object contains details about a victim as returned by the ransomware.live API. The exact structure depends on the API response but typically includes fields such as victim name, group affiliation, sector, country, dates of discovery and attack, and other relevant metadata.

No binary data output is produced by this operation.

Dependencies

Requires an API key credential for the ransomware.live API.
The base URL defaults to https://api-pro.ransomware.live but can be overridden via credentials.
The node uses HTTP GET requests authenticated with the provided API key.

Troubleshooting

Unsupported Operation Error: If you select an operation not supported for the "Victim" resource (other than "list", "recent", "search", or "get"), the node will throw an error indicating unsupported operation. Ensure you select "recent" for this use case.
Authentication Errors: If the API key credential is missing or invalid, requests will fail. Verify that the API key is correctly configured in n8n credentials.
Empty or Unexpected Response: If the API returns no data or unexpected data, check the parameters such as "Order" and ensure the API service is operational.
Network Issues: Connectivity problems to the ransomware.live API endpoint may cause request failures. Confirm network access and proxy settings if applicable.

Links and References

ransomware.live API Documentation (for detailed API endpoints and response formats)
n8n Documentation - Creating Custom Nodes