In the day-to-day life of a CTI or Threat Hunting team, one of the main tasks is trying to answer the questions: who are my enemies? what are the threat groups that affect my industry? Doing this mapping can take an analyst many hours, even weeks. Considering the Threat Intelligence Lifecycle, Akamaru aims to automate the initial phase of Collect by collecting the threat groups and some relevant TTPs from MITRE, Ransomware Anthology (SentinelOne), and Ransomlook, just informing the name of the sector of interest (e.g. financial, education, defense) or the name of the group (e.g. Akira, Lockbit) in order to get more information about it.
Cloning the project:
git clone https://github.com/eremit4/Akamaru.gitOptional - Creating a virtualenv before installing the dependencies
Note: The use of virtual environments is optional, but recommended. In this way, we avoid possible conflicts in different versions of the project's dependencies. Learn how to install and use virtualenv according to your OS here
Installing the dependencies:
pip install -r requirements.txtDiscovering the project capabilities:
python akamaru.py --helpDiscovering which sectors are supported:
python akamaru.py -ssFinding only the groups relevant to a given sector:
python akamaru.py --sector <name>Finding the relevant groups for a given sector, their TTPs, and returning everything in a CSV file:
python akamaru.py --sector <name> --ttp --outputLooking for information about a particular group:
python akamaru.py --group <name>Looking for ransomware activities:
python akamaru.py --ransomware-activities
This project is under the MIT License.