Overview

This dashboard aggregates open-source threat intelligence from CISA and Ransomware.live to provide a real-time risk heat index for the world's most active threat actors. Threat scores are computed from activity recency, impact severity, victim targeting breadth, and geopolitical attribution confidence. Data is refreshed automatically every six hours.

Intelligence Sources

• CISA Known Exploited Vulnerabilities (KEV) — Live feed of CVEs actively exploited in the wild
• Ransomware.live API — Real-time ransomware victim tracking across active groups
• Ransomware.live Ransom Notes — Actual ransom note text for each active group, viewable in the actor detail panel
• MITRE ATT&CK — Adversary technique and tactic mapping
• CISA Advisories — Joint advisories naming specific threat groups and TTPs
• FBI / NSA Joint Advisories — Nation-state attribution reports
• Mandiant / Google Threat Intelligence — APT group profiles

📝 Ransom Notes

Clicking any ransomware actor card opens a detail panel that includes the group's actual ransom notes sourced from ransomware.live. Notes load on demand in a tabbed view — one tab per known note variant. Available for LockBit 3.0, ALPHV/BlackCat, RansomHub, Clop, Akira, and Play Ransomware.

Scoring Methodology

Risk scores (0–100) are weighted composites of: recent confirmed activity (40%), estimated impact and victim count (30%), targeting breadth across sectors (20%), and attribution confidence (10%). Scores above 80 indicate current active campaigns with broad impact potential.

About Antibody Cyber Technology

Antibody Cyber Technology, LLC builds practical cybersecurity tools for defenders. Tools include URLCybersecurity.com (USS), SPAT, JExtScanner, To8CA, and SOCSOUTHEAST.