creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 14:44:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/analyzing-ransomware-leak-site-intelligence/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

101 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: Ransomware Leak Site Intelligence
## ransomware.live API
### Recent Victims
```bash
curl https://api.ransomware.live/recentvictims
```
### Group Information
```bash
curl https://api.ransomware.live/groups
curl https://api.ransomware.live/group/lockbit3
```
### Response Format
```json
{
"group_name": "lockbit3",
"victim": "company-name",
"website": "company.com",
"discovered": "2024-03-15T00:00:00Z",
"country": "US",
"activity": "Manufacturing"
}
```
## ransomlook.io API
### Endpoints
```bash
curl https://www.ransomlook.io/api/groups # List all groups
curl https://www.ransomlook.io/api/group/lockbit # Group details
curl https://www.ransomlook.io/api/recent # Recent posts
```
## Ransomwatch (GitHub)
### Data Repository
```bash
git clone https://github.com/joshhighet/ransomwatch
# Data in JSON format: posts.json, groups.json
```
### JSON Schema
```json
{
"group_name": "string",
"post_title": "string",
"discovered": "ISO-8601",
"post_url": "onion URL",
"country": "2-letter code",
"activity": "sector"
}
```
## ID Ransomware
### Identification
```
Upload: encrypted file + ransom note
URL: https://id-ransomware.malwarehunterteam.com/
Returns: ransomware family, decryptor availability
```
## Active Ransomware Groups (2025)
| Group | Status | Primary Target |
|-------|--------|---------------|
| LockBit 3.0 | Active | Cross-sector |
| Cl0p | Active | MOVEit/file transfer exploitation |
| Play | Active | Manufacturing, IT |
| 8Base | Active | SMBs |
| Akira | Active | Healthcare, Education |
| Black Basta | Active | Enterprise |
| Medusa | Active | Education, Healthcare |
| RansomHub | Active | Cross-sector |
| Rhysida | Active | Government, Healthcare |
| BianLian | Active | Healthcare, Manufacturing |
## Intelligence Collection Framework
| Source | Type | Update Frequency |
|--------|------|------------------|
| ransomware.live | Victim listings | Real-time |
| ransomlook.io | Group monitoring | Daily |
| ransomwatch | Onion site scraping | Hourly |
| NoMoreRansom.org | Decryptor availability | As released |
| CISA alerts | Government advisories | As published |
## STIX Representation
```json
{
"type": "threat-actor",
"name": "LockBit",
"threat_actor_types": ["crime-syndicate"],
"roles": ["agent"],
"goals": ["financial-gain"]
}
```
Reference in New Issue View Git Blame Copy Permalink