home.social
Sign in Create account

#ransomware_live — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ransomware_live, aggregated by home.social.

  1. hasamba @[email protected] ·

    ----------------

    🛠️ Tool: AI-Powered Ransomware Intelligence Agent
    ===================

    This repository provides n8n automation workflows that continuously monitor ransomware leak sites (ransomware.live) and run LLM-driven analysis to produce structured intelligence outputs. The design supports both cloud LLM usage (Anthropic Claude Sonnet) and fully local processing via Ollama with compatible models such as llama3.1, enabling flexibility in privacy and cost control.

    Core pipeline components include feed ingestion from ransomware.live, AI summarization and extraction of entities, IOC enrichment (optional integrations with VirusTotal and AbuseIPDB), YARA rule generation, MITRE ATT&CK mapping, KPI aggregation, and formatted outputs (HTML dashboard, Slack alert, Google Doc, email, JIRA). Visual outputs use Chart.js for KPI and trend charts and a lifecycle/mindmap visualization for observed TTPs and attack phases.

    Technical capabilities emphasized by the project are structured IOC extraction, historical trending, composite risk scoring, per-actor profiles, and automated YARA rule suggestion. The workflows are provided at two capability levels: 101 (monitor + AI analysis + HTML/Slack) and 200 (adds IOC enrichment, YARA, historical trends, email, JIRA). Both levels have Claude and Ollama variants; Ollama variants are intended for fully local execution to avoid external API calls.

    Limitations and requirements explicitly noted include dependency on external APIs for enrichment (VirusTotal, AbuseIPDB) and the need for webhook/credentials for delivery channels (Slack, email, Google Docs, JIRA). The ransomware.live API is identified as free and unauthenticated. A mock API server is included for safe demos and webinars to simulate leak feeds without contacting live services.

    This project documents concrete outputs (KPI cards, MITRE ATT&CK table, five Chart.js charts, attack lifecycle visualization, group profile cards) and integration points rather than deployment steps. Users evaluating the workflows should focus on the provided capability mapping, data outputs, and required integrations when assessing fit.

    🔹 n8n #ransomware_live #Ollama #Claude_Sonnet #YARA

    🔗 Source: github.com/depalmar/AI-Powered

    #yara #claude_sonnet #ollama #ransomware_live