VOOZH about

URL: https://apify.com/eirikhanasand/public-threat-actor-monitor

โ‡ฑ Ransomware Victim Claims & Recent CVE Monitor ยท Apify


๐Ÿ‘ Ransomware Victim Claims & Recent CVE Monitor avatar

Ransomware Victim Claims & Recent CVE Monitor

Under maintenance

Pricing

Pay per usage

Go to Apify Store

Ransomware Victim Claims & Recent CVE Monitor

Under maintenance

Track recent ransomware victim claims, company mentions, and what data actors say they have. Uses RansomLook search/recent/post index, ransomware.live, CISA KEV, and NVD CVE updates for preview or full monitoring exports.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

๐Ÿ‘ Eirik Hanasand

Eirik Hanasand

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

0

Monthly active users

8 days ago

Last modified

Categories

Share

Fresh Threat Actor & Ransomware Activity Monitor

Monitor public ransomware victim-claim metadata, recent public NVD CVE vulnerability-disclosure metadata, and fresh public threat actor activity in a clean dataset. The default run uses a 277-group ransomware.live preset plus recent NVD public CVE metadata for broad safe coverage, while paid-traffic readiness requires 100,000 recent, live-backed, payworthy, non-test rows from current public sources.

What You Get

  • Victim-claim archive rows for groups such as LockBit, Qilin, Akira, Play, Clop, RansomHub, ALPHV, DragonForce, BianLian, Black Basta, Medusa, SafePay, 8Base, Lynx, Everest, Conti, Rhysida, Cactus, Royal, and Hive.
  • Recent public NVD CVE vulnerability-disclosure metadata rows with CVE IDs, publication dates, CVSS/CWE summary context, and NVD detail links.
  • Fresh/current rows where recent public claims exist, plus historical rows clearly marked by freshnessStatus and excluded from strict paid-traffic readiness.
  • Fields for actor, victimName, affectedSectors, countries, claimedDate, sourceUrl, confidence, paidRowDecision, buyerValueScore, whyWorthPayingFor, and nextSearchPivots.
  • Safe metadata only: no credential values, stolen files, malware payloads, private messages, raw leak contents, authentication bypass, CAPTCHA bypass, or threat-actor interaction.

Default Input

The default preset is tuned for broad ransomware monitoring and archive search:

{
"maxRowsPerQuery":6000,
"includeActivity":true,
"includeTargets":true,
"includeTtps":true,
"includeSources":true,
"includeDatasets":false,
"includeCoverageGaps":false,
"includeHeldRows":false
}

Custom runs can replace queries with actor, ransomware, malware, campaign, sector, or brand terms.

Pricing

The Actor uses Apify pay-per-event pricing.

  • Dataset rows: $3.00 / 1,000 rows
  • Actor start: $0.00005
  • Platform usage: included for customers

Rows are priced by output volume, so buyers can estimate cost before scheduling a run.

Good Uses

  • SOC teams can filter freshnessStatus=current or recent for daily triage.
  • CTI teams can search historical victim claims by actor, victim, sector, country, date, or recent public CVE ID.
  • Brand monitoring teams can check whether an organization appears in public ransomware victim metadata.
  • Incident response teams can pivot from victim claims into public corroboration and defensive follow-up.

Sample Row

{
"query":"Qilin",
"rowType":"activity",
"actor":"Qilin",
"title":"Qilin victim claim: Example Corp",
"claimType":"victim_claim",
"victimName":"Example Corp",
"affectedSectors":["Healthcare"],
"countries":["US"],
"claimedDate":"2026-06-20T00:00:00.000Z",
"sourceType":"clear_web",
"collectionMode":"ransomware_live_group_page",
"freshnessStatus":"current",
"paidRowDecision":"sellable",
"billingGuidance":"charge",
"whyWorthPayingFor":"specific public intelligence row ready for analyst triage",
"rawContentIncluded":false,
"safety":{
"metadataOnly":true,
"credentialsIncluded":false,
"stolenFilesIncluded":false,
"privateContentIncluded":false,
"actorInteraction":false
}
}

Notes

Claims are public claims, not confirmed breaches. Use confidence, freshnessStatus, sourceUrl, corroborationState, and nextSearchPivots to decide what needs follow-up.

You might also like

Ransomware & Dark Web Data Breach Monitor

lofomachines/ransomware-dark-web-data-breach-monitor

Monitor ransomware attacks and data breaches from the dark web. Track ransomware groups like LockBit, BlackCat, Play, and more. Get real-time alerts on victim organizations, leaked data, and cyber threats. Essential for threat intelligence, cybersecurity research, and brand protection.

91

5.0

CISA KEV Scraper - CVE Threat Intelligence Feed

compute-edge/cisa-kev-scraper

Extract CISA Known Exploited Vulnerabilities (KEV) catalog data. Filter by vendor, product, date range, and ransomware flag. Includes computed remediation due-date fields.

Cisa-Kev-Enricher.

signalfoundry/cisa-kev-ransomware-threat-intel

Prioritise real threats fast. Tracks CISA KEV catalogue live + EPSS v3 scores. Spots "Silent Flips" CVEs now used by ransomware (LockBit, BlackCat). 90%+ exploit probability, ransomware filter, SOC 2/HIPAA reports, Slack/Teams alerts, JSON/CSV export.

CISA KEV Known Exploited Vulnerabilities Scraper

parseforge/cisa-kev-scraper

Scrape the CISA Known Exploited Vulnerabilities (KEV) catalog. Filter by CVE ID, vendor, product, or date added. Returns required actions, due dates, ransomware campaign use, and CWE references for every actively-exploited CVE tracked by CISA.

CVE Scraper

rl1987/cve-scraper

CVE.org vulnerability info scraper

CVE Vulnerability Lookup (NIST NVD)

automation-lab/cve-vulnerability-lookup

Query the NIST NVD for CVE details โ€” lookup by CVE ID, keyword, or CPE product. Returns CVSS scores, descriptions, CWE IDs, affected software, and patch links. No API key required.

๐Ÿ‘ User avatar

Stas Persiianenko

4