CORE FEATURES
Identifiers
Configure Identifiers - Advanced
4 min
identifiers can be configured to help achieve certain specific use cases this page details these advanced configuration options real time ransomware victim feed many ransomware groups list their victims and ransom requests on their blogs and website you can be notified of new ransomware victims across all group websites and blogs by creating the following identifier open the create identifier page enter a name such as ransomware victims choose the query type enter as the query unselect all categories except the ransom leaks subcategory (in the illicit networks category) add a daily alert to get a list of new victims in your inbox every morning variations if you'd like to get new victims only for a certain area , you can enter a region instead of a wildcard any victim listing mentioning that region will trigger an alert examples include us or usa or "united states"for american victims or nj or "new jersey" for a specific state if you'd like more real time monitoring , set the alert to "as soon as possible" note that you may receive multiple alerts per day if you want to monitor for a specific organization , for example in the case where you are aware of an ongoing attack and want to be rapidly informed when the victim is listed on the page, enter the name of the organization as the query instead of a wildcard include the domain name, and name variations to make sure to match how the ransomware group may describe the victim an example would be scatterholt or scatterholt com or "scatter holt" if you want to monitor for a specific ransomware group , head over to the collection page, find the group you are interested in (for example avos locker) and click on the name this will bring you to a search where you can see the exact query to use to filter for that group (metadata source "avoslocker" in the case of avos locker) copy this string and use it instead of in your query identifier related articles