Ransomware.live

Interact with the ransomware.live API

Actions16

8-K Filing Actions
- List Filings
CSIRT Entry Actions
- Get CSIRT Entries
Group Actions
- Get Group Details
IOC Actions
- List IOC Groups
- Get Group IOCs
Negotiation Actions
- List Group Negotiations
- Get Negotiation Chat
Press Article Actions
- List Articles
- List Recent Articles
Ransomnote Actions
- List Group Ransomnotes
- Get Ransomnote
Victim Actions
YARA Rule Actions
- Get Group YARA Rules

Overview

This node integrates with the ransomware.live API to retrieve YARA rules associated with ransomware groups. Specifically, the "Get Group YARA Rules" operation fetches YARA rules for a specified ransomware group by its name. This is useful in cybersecurity workflows where analysts want to automate the retrieval of detection signatures (YARA rules) related to specific ransomware threat actors.

Practical examples include:

Automatically fetching updated YARA rules for a ransomware group like "lockbit" to use in malware detection systems.
Integrating with security orchestration platforms to enrich threat intelligence data with relevant YARA signatures.
Automating incident response processes by correlating detected threats with known ransomware group indicators.

Properties

Name	Meaning
Group	The ransomware group name for which to retrieve YARA rules (e.g., "lockbit"). This is a required string input.

Output

The node outputs JSON data representing the YARA rules associated with the specified ransomware group. The structure depends on the API response but generally includes details about each YARA rule such as its name, description, and the actual YARA rule text.

If multiple rules are returned, they are output as an array of JSON objects. If a single object is returned, it is wrapped accordingly.

No binary data output is indicated for this operation.

Dependencies

Requires an API key credential for the ransomware.live API.
The base URL defaults to https://api-pro.ransomware.live unless overridden by credentials.
The node uses HTTP GET requests authenticated via the provided API key.

Troubleshooting

Unsupported Operation Error: If an unsupported operation or resource is selected, the node throws an error specifying the invalid combination. Ensure that the resource is set to "YARA Rule" and the operation to "Get".
Missing Required Property: The "Group" property is required. Omitting it will cause the request URL to be incomplete or invalid.
API Authentication Errors: If the API key is missing or invalid, authentication errors will occur. Verify that the API key credential is correctly configured.
Network or API Errors: Network issues or API downtime can cause request failures. Check connectivity and ransomware.live service status.
Continue On Fail: If enabled, the node will continue processing subsequent items even if one fails, returning error details in the output JSON.

Links and References

ransomware.live API Documentation (for detailed API endpoints and responses)
YARA Project (to understand YARA rules and syntax)