RansomFeed
Overview
Imports ransomware claims from the RansomFeed API as STIX 2.1 Reports.
Imports public ransomware claims from the RansomFeed API (https://ransomfeed.it). Each claim is converted into STIX 2.1 objects describing the victim (Identity), the ransomware group (IntrusionSet), the targeted country (Location), the leak-site domain (Domain-Name) and an optional file-hash Indicator, all grouped under a Report. Bundles are pushed to OpenCTI through the standard RabbitMQ ingest queue.