eCrime.ch
App Vendor: eCrime.ch
App Category: Credential & Dark Web Monitoring, Vulnerability Management
Connector Version: 1.0.0
API Version: v1
Note
This app is currently released as a beta version.
About App
The eCrime.ch app is a threat intelligence integration that brings ransomware and leak site intelligence into your automated workflows. It enables you to retrieve actionable intelligence, monitor emerging threats, and streamline operational response.
The eCrime.ch app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Comment to Event | This action adds a new comment on a specific security event within the eCrime.ch platform. |
Delete Comment From Event | This action deletes a comment from a specific event. |
Display Actor Profile | This action retrieves detailed information about a specific threat actor profile, including known TTPS, vulnerabilities, and descriptions. |
Display Event | This action retrieves the detailed information for a specific event. |
Download a Version of a Screenshot | This action retrieves a specific version of a screenshot file from the eCrime.ch platform. |
Download File List | This action generates a temporary download link for a text file containing the directory listing of indexed files associated with the specified event. The download link is valid for a limited time. |
Download Screenshot | This action downloads the current version of a screenshot. |
Generic Action | This is a generic action used to make requests to any eCrime.ch endpoint. |
List Actor Profiles | This action lists all actor profiles available in the eCrime.ch platform. |
List Comments for Current User | This action retrieves all comments created by the current user across events. |
List Events | This action retrieves a list of all security events within a specified date range. If no dates are provided, the action defaults to returning events from the last 3 days. |
List Leak Sites | This action retrieves a comprehensive list of all leak sites from the eCrime.ch platform. |
List Online Leak Sites | This action lists all leak sites that are currently online and accessible. |
List Screenshots | This action lists all screenshots available in the eCrime.ch platform. |
Search Actors | This action searches actor profiles by name or alias using a free-text query to find matches within the indexed actor data. |
Search Events | This action retrieves security events that match a specific search query, with optional filtering by a date range. |
Search Historical Event Data | This action retrieves historical event data that matches a specific search query. |
Search Leak Sites | This action retrieves leak sites that match a specified search query. |
View Screenshot History | This action retrieves the version history and metadata for a specific screenshot file. |
Action: Add Comment to Event
This action adds a new comment on a specific security event within the eCrime.ch platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the unique identifier of the event to which the comment will be added. Example: 35186 | Integer | Required | |
Comment | Enter the text message to be added as a comment to the specified event. | Text | Required |
Example Request
[
{
"comment": "test comment",
"event_id": "35186"
}
]Action: Delete Comment From Event
This action deletes a comment from a specific event.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Comment ID | Enter the unique identifier of the comment to be deleted. Example: 812 | Integer | Required |
Example Request
[
{
"comment_id": 823
}
]Action: Display Actor Profile
This action retrieves detailed information about a specific threat actor profile, including known TTPS, vulnerabilities, and descriptions.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Actor ID | Enter the unique identifier of the actor profile to display its associated threat intelligence data. | Text | Required |
Action: Display Event
This action retrieves the detailed information for a specific event.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the unique identifier of the event to fetch its detailed information. | Integer | Required | You can retrieve the event ID using the List Events action. |
Action: Download a Version of a Screenshot
This action retrieves a specific version of a screenshot file from the eCrime.ch platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filename | Enter the filename of the screenshot to download. | Text | Required | |
Version ID | Enter the specific version identifier to download a specific historical version. | Text | Required | This ID can be obtained via the action List Screenshots history. |
Example Request
[
{
"filename": "0000000_screenshot.png",
"version_id": "HrCkoV6G6gBeR14Lc.xgjDPQNpQWh5DP"
}
]Action: Download File List
This action generates a temporary download link for a text file containing the directory listing of indexed files associated with the specified event. The download link is valid for a limited time.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the unique identifier of the event to download indexed files. Example: 35313 | Integer | Required | |
Filename | Enter the name to save the downloaded file as. If not provided, the event ID will be used as the filename with a .txt extension. Example: reports.txt | Text | Optional |
Action: Download Screenshot
This action downloads the current version of a screenshot.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filename | Enter the filename of the screenshot to download. | Text | Required |
Example Request
[
{
"filename": "0000000_screenshot.png",
"version_id": "HrCkoV6G6gBeR14Lc.xgjDPQNpQWh5DP"
}
]Action: List Actor Profiles
This action lists all actor profiles available in the eCrime.ch platform.
Action Input Parameters
No input parameters are required for this action.
Action: List Comments for Current User
This action retrieves all comments created by the current user across events.
Action Input Parameters
No input parameters are required for this action.
Action: List Events
This action retrieves a list of all security events within a specified date range. If no dates are provided, the action defaults to returning events from the last 3 days.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
From Timestamp | Enter the start date to define the beginning of the search period. If not provided, the search defaults to the last 3 days. Example: 2026-02-23 | Text | Optional | |
To Timestamp | Enter the end date to define the end of the search period. If not provided, the search defaults to the last 3 days. Example: 2026-02-23 | Text | Optional |
Action: List Leak Sites
This action retrieves a comprehensive list of all leak sites from the ecrime.ch platform.
Action Input Parameters
No input parameters are required for this action.
Action: List Online Leak Sites
This action lists all leak sites that are currently online and accessible.
Action Input Parameters
No input parameters are required for this action.
Action: List Screenshots
This action lists all screenshots available in the eCrime.ch platform.
Action Input Parameters
No input parameters are required for this action.
Action: Generic Action
This is a generic action used to make requests to any eCrime.ch endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: v1/login/ | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: headers, payload_data, custom_output, download, filename, files, retry_wait, retry_count, and response_type |
[
{
"method": "GET",
"endpoint": "v1/login/",
"extra_fields": {},
"query_params": {}
}
]