analyzing-ransomware-network-indicators
CommunityDetect ransomware beaconing and exfiltration fast.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyzes Zeek conn.log and NetFlow data to surface ransomware indicators such as beaconing, TOR exit node activity, and data exfiltration, enabling rapid detection and response.
Core Features & Use Cases
- Beaconing detection across Zeek conn.log and NetFlow data to identify regular C2 callbacks.
- TOR exit node detection and data exfiltration analysis with automated reporting and MITRE mappings.
- End-to-end workflow suitable for SOC analysts, with JSON outputs for SIEM integration and threat hunting queries.
Quick Start
Run the agent against Zeek conn.log or NetFlow data to generate a ransomware network indicators report.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-ransomware-network-indicators Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-ransomware-network-indicators Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.