The Ransomware Tool Matrix is a comprehensive repository that catalogs the tools and techniques used by various ransomware gangs and extortionist groups. It serves multiple purposes: 1. Provides a list of tools for threat hunting in environments. 2. Offers leads for incident response engagements. 3. Helps identify patterns of behavior among ransomware affiliates. 4. Serves as a resource for threat intelligence-led purple team engagements. The matrix includes categories such as RMM Tools, Exfiltration Tools, Credential Theft Tools, Defense Evasion Tools, Networking Tools, Discovery Tools, Offensive Security Tools, and Living-off-the-Land Binaries and Scripts. It also contains threat intelligence sources, profiles of ransomware groups, and additional resources for understanding ransomware adversaries. While useful for cybersecurity professionals, the matrix comes with challenges, such as distinguishing between legitimate and malicious use of listed tools within an organization.
FEATURES
SIMILAR TOOLS
Repository of Yara signatures for detecting targeted attacks on civil society organizations
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
MaxMind provides accurate IP geolocation and online fraud detection solutions to create safer digital experiences.
Cisco Umbrella is a cloud security platform that offers protection against threats on the internet by blocking malicious activity.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.