creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 14:44:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/analyzing-ransomware-leak-site-intelligence/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

2.3 KiB
Raw Blame History

API Reference: Ransomware Leak Site Intelligence

ransomware.live API

Recent Victims

curl https://api.ransomware.live/recentvictims

Group Information

curl https://api.ransomware.live/groups
curl https://api.ransomware.live/group/lockbit3

Response Format

{
  "group_name": "lockbit3",
  "victim": "company-name",
  "website": "company.com",
  "discovered": "2024-03-15T00:00:00Z",
  "country": "US",
  "activity": "Manufacturing"
}

ransomlook.io API

Endpoints

curl https://www.ransomlook.io/api/groups       # List all groups
curl https://www.ransomlook.io/api/group/lockbit # Group details
curl https://www.ransomlook.io/api/recent        # Recent posts

Ransomwatch (GitHub)

Data Repository

git clone https://github.com/joshhighet/ransomwatch
# Data in JSON format: posts.json, groups.json

JSON Schema

{
  "group_name": "string",
  "post_title": "string",
  "discovered": "ISO-8601",
  "post_url": "onion URL",
  "country": "2-letter code",
  "activity": "sector"
}

ID Ransomware

Identification

Upload: encrypted file + ransom note
URL: https://id-ransomware.malwarehunterteam.com/
Returns: ransomware family, decryptor availability

Active Ransomware Groups (2025)

Group Status Primary Target
LockBit 3.0 Active Cross-sector
Cl0p Active MOVEit/file transfer exploitation
Play Active Manufacturing, IT
8Base Active SMBs
Akira Active Healthcare, Education
Black Basta Active Enterprise
Medusa Active Education, Healthcare
RansomHub Active Cross-sector
Rhysida Active Government, Healthcare
BianLian Active Healthcare, Manufacturing

Intelligence Collection Framework

Source Type Update Frequency
ransomware.live Victim listings Real-time
ransomlook.io Group monitoring Daily
ransomwatch Onion site scraping Hourly
NoMoreRansom.org Decryptor availability As released
CISA alerts Government advisories As published

STIX Representation

{
  "type": "threat-actor",
  "name": "LockBit",
  "threat_actor_types": ["crime-syndicate"],
  "roles": ["agent"],
  "goals": ["financial-gain"]
}
Reference in New Issue View Git Blame Copy Permalink