creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/investigating-ransomware-attack-artifacts/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.1 KiB
Raw Blame History

API Reference: Investigating Ransomware Attack Artifacts

VirusTotal API v3

Endpoint Method Description
/api/v3/files/{hash} GET Look up ransomware sample by MD5/SHA-256
/api/v3/files POST Upload ransomware sample for analysis
/api/v3/files/{id}/behaviour_summary GET Retrieve behavioral analysis results

ID Ransomware

Endpoint Method Description
https://id-ransomware.malwarehunterteam.com/ POST Upload ransom note or encrypted sample for variant ID

No More Ransom Project

Resource Description
https://www.nomoreransom.org/crypto-sheriff.php Check if free decryptor is available for identified variant

MalwareBazaar API

Endpoint Method Description
https://mb-api.abuse.ch/api/v1/ POST Query ransomware samples by hash, tag, or signature

Key Libraries

  • requests: HTTP client for VirusTotal and ID Ransomware API calls
  • hashlib (stdlib): Calculate MD5/SHA-256 hashes of ransomware samples and notes
  • re (stdlib): Extract Bitcoin addresses, Tor .onion sites, and emails from notes
  • csv (stdlib): Parse exported Windows Event Log data
  • pathlib (stdlib): Recursive file system traversal for artifact discovery

Ransomware IOC Patterns

Pattern Regex Description
Bitcoin [13][a-km-zA-HJ-NP-Z1-9]{25,34} Legacy Bitcoin addresses
Bitcoin Bech32 bc1[a-z0-9]{39,59} SegWit Bitcoin addresses
Monero 4[0-9AB][1-9A-HJ-NP-Za-km-z]{93} Monero wallet addresses
Tor Sites [a-z2-7]{16,56}\.onion Tor hidden service domains

Configuration

Variable Description
VT_API_KEY VirusTotal API key for hash lookups and sample submission

References

Reference in New Issue View Git Blame Copy Permalink