In the day-to-day life of a CTI or Threat Hunting team, one of the main tasks is trying to answer the questions: who are my enemies? what are the threat groups that affect my industry? Doing this mapping can take an analyst many hours, even weeks. Considering the Threat Intelligence Lifecycle, Akamaru aims to automate the initial phase of Collect by collecting the threat groups and some relevant TTPs from MITRE, Ransomware Anthology (SentinelOne), and Ransomlook, just informing the name of the sector of interest (e.g. financial, education, defense) or the name of the group (e.g. Akira, Lockbit) in order to get more information about it.
Cloning the project:
git clone https://github.com/eremit4/Akamaru.git
Optional - Creating a virtualenv before installing the dependencies
Note: The use of virtual environments is optional, but recommended. In this way, we avoid possible conflicts in different versions of the project's dependencies. Learn how to install and use virtualenv according to your OS here
Installing the dependencies:
pip install -r requirements.txt
Discovering the project capabilities:
python akamaru.py --help
Discovering which sectors are supported:
python akamaru.py -ss
Finding only the groups relevant to a given sector:
python akamaru.py --sector <name>
Finding the relevant groups for a given sector, their TTPs, and returning everything in a CSV file:
python akamaru.py --sector <name> --ttp --output
Looking for information about a particular group:
python akamaru.py --group <name>
Looking for ransomware activities:
python akamaru.py --ransomware-activities
This project is under the MIT License.