Ransomware Victim Claims & Recent CVE Monitor avatar

Ransomware Victim Claims & Recent CVE Monitor

Under maintenance

Pricing

from $3.00 / 1,000 results

Go to Apify Store
Ransomware Victim Claims & Recent CVE Monitor

Ransomware Victim Claims & Recent CVE Monitor

Under maintenance

Track recent ransomware victim claims, company mentions, and what data actors say they have. Uses RansomLook search/recent/post index, ransomware.live, CISA KEV, and NVD CVE updates for preview or full monitoring exports.

Pricing

from $3.00 / 1,000 results

Rating

0.0

(0)

Developer

Eirik Hanasand

Eirik Hanasand

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

0

Monthly active users

21 days ago

Last modified

Categories

Share

Fresh Threat Actor & Ransomware Activity Monitor

Monitor public ransomware victim-claim metadata, recent public NVD CVE vulnerability-disclosure metadata, and fresh public threat actor activity in a clean dataset. The default run uses a 277-group ransomware.live preset plus recent NVD public CVE metadata for broad safe coverage, while paid-traffic readiness requires 100,000 recent, live-backed, payworthy, non-test rows from current public sources.

What You Get

  • Victim-claim archive rows for groups such as LockBit, Qilin, Akira, Play, Clop, RansomHub, ALPHV, DragonForce, BianLian, Black Basta, Medusa, SafePay, 8Base, Lynx, Everest, Conti, Rhysida, Cactus, Royal, and Hive.
  • Recent public NVD CVE vulnerability-disclosure metadata rows with CVE IDs, publication dates, CVSS/CWE summary context, and NVD detail links.
  • Fresh/current rows where recent public claims exist, plus historical rows clearly marked by freshnessStatus and excluded from strict paid-traffic readiness.
  • Fields for actor, victimName, affectedSectors, countries, claimedDate, sourceUrl, confidence, paidRowDecision, buyerValueScore, whyWorthPayingFor, and nextSearchPivots.
  • Safe metadata only: no credential values, stolen files, malware payloads, private messages, raw leak contents, authentication bypass, CAPTCHA bypass, or threat-actor interaction.

Default Input

The default preset is tuned for broad ransomware monitoring and archive search:

{
"maxRowsPerQuery": 6000,
"includeActivity": true,
"includeTargets": true,
"includeTtps": true,
"includeSources": true,
"includeDatasets": false,
"includeCoverageGaps": false,
"includeHeldRows": false
}

Custom runs can replace queries with actor, ransomware, malware, campaign, sector, or brand terms.

Pricing

The Actor uses Apify pay-per-event pricing.

  • Dataset rows: $3.00 / 1,000 rows
  • Actor start: $0.00005
  • Platform usage: included for customers

Rows are priced by output volume, so buyers can estimate cost before scheduling a run.

Good Uses

  • SOC teams can filter freshnessStatus=current or recent for daily triage.
  • CTI teams can search historical victim claims by actor, victim, sector, country, date, or recent public CVE ID.
  • Brand monitoring teams can check whether an organization appears in public ransomware victim metadata.
  • Incident response teams can pivot from victim claims into public corroboration and defensive follow-up.

Sample Row

{
"query": "Qilin",
"rowType": "activity",
"actor": "Qilin",
"title": "Qilin victim claim: Example Corp",
"claimType": "victim_claim",
"victimName": "Example Corp",
"affectedSectors": ["Healthcare"],
"countries": ["US"],
"claimedDate": "2026-06-20T00:00:00.000Z",
"sourceType": "clear_web",
"collectionMode": "ransomware_live_group_page",
"freshnessStatus": "current",
"paidRowDecision": "sellable",
"billingGuidance": "charge",
"whyWorthPayingFor": "specific public intelligence row ready for analyst triage",
"rawContentIncluded": false,
"safety": {
"metadataOnly": true,
"credentialsIncluded": false,
"stolenFilesIncluded": false,
"privateContentIncluded": false,
"actorInteraction": false
}
}

Notes

Claims are public claims, not confirmed breaches. Use confidence, freshnessStatus, sourceUrl, corroborationState, and nextSearchPivots to decide what needs follow-up.