{"id":14360022,"url":"https://github.com/unknownhad/CloudIntel","last_synced_at":"2025-08-22T01:30:55.674Z","repository":{"id":72075852,"uuid":"587280513","full_name":"unknownhad/CloudIntel","owner":"unknownhad","description":"This repo contains IOC, malware and malware analysis associated with Public cloud","archived":false,"fork":false,"pushed_at":"2024-06-15T09:50:15.000Z","size":12843,"stargazers_count":232,"open_issues_count":4,"forks_count":18,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-06-16T10:42:31.505Z","etag":null,"topics":["aws","azure","exploit","gcp","malware-analysis","security","threat-intelligence","threatintel"],"latest_commit_sha":null,"homepage":"https://cloudintel.info/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/unknownhad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"unknownhad","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2023-01-10T11:41:07.000Z","updated_at":"2024-06-18T10:03:25.876Z","dependencies_parsed_at":"2023-10-30T10:35:41.486Z","dependency_job_id":"37361ee1-2cec-44dc-a1ba-b64a9f1bbfcf","html_url":"https://github.com/unknownhad/CloudIntel","commit_stats":null,"previous_names":["unknownhad/cloudintel"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unknownhad%2FCloudIntel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unknownhad%2FCloudIntel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unknownhad%2FCloudIntel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unknownhad%2FCloudIntel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/unknownhad","download_url":"https://codeload.github.com/unknownhad/CloudIntel/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":217188879,"owners_count":16138995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","exploit","gcp","malware-analysis","security","threat-intelligence","threatintel"],"created_at":"2024-08-27T15:00:35.883Z","updated_at":"2024-08-27T15:01:05.363Z","avatar_url":"https://github.com/unknownhad.png","language":null,"funding_links":["https://github.com/sponsors/unknownhad"],"categories":["Other Lists"],"sub_categories":["🚫 IOC Feeds/Blacklists:"],"readme":"# CloudIntel Attacks Monitoring Project\n![Cloud Intel](https://github.com/unknownhad/CloudIntel/assets/441098/2fcefc5d-d707-49c0-acbc-5546c440745f)\n\nThis repository hosts resources and findings from a project aimed at monitoring attacks on Public Cloud infrastructure, particularly focusing on cloud-native and cloud-only threats.\n\n## Features\n- Real-time data on malicious IP addresses, updated every 24 hours.\n- (Under development) Malicious file detection API.\n- Ongoing publication of data on GitHub.\n  \n## Consuming IOCs from this Repository\n\nThis repository is structured to aid in the monitoring of Public Cloud infrastructure attacks, with a focus on cloud-native and cloud-only threats. It includes:\n\n- Indicators of Compromise (IOCs)\n- Malware Analysis\n- Malware Samples\n\n## Usage\n\nTo retrieve a comprehensive list of malicious IPs, which is about 30 times larger than the public list on GitHub, use the cloudintel API as follows:\n\n## Demo credentials\n\nFeel free to use demo key and Email for testing (This key/Email can change without any notice for andy prod usage please ask for the key)\nThe Email and key are enclosed between double \"quotes\"\n\nDemo Email : \"democloudintel@himanshuanand.com\"\nDemo Key   : \"key{democloudintel}\"\n\n## For your API key please[ Email](mailto:me@himanshuanand.com) OR fill this [form](https://forms.gle/Eo163CxUssNE1S7z7)\n\n```bash\ncurl -X GET \\\n  'https://api.cloudintel.info/v1/maliciousip?date=MM-DD-YYYY' \\\n  -H 'x-api-key: [Your_API_Key]' \\\n  -H 'x-email: [Your_Email]'\n```\nNote:\n\nReplace MM-DD-YYYY with the specific date for which you want to fetch IP addresses. For example, to fetch IPs for `December 25, 2023`, replace `MM-DD-YYYY` it with `12-25-2023`.\nEnsure to include your API key and email in the respective placeholders [Your_API_Key] and [Your_Email].\n\nResponse format: JSON containing all observed malicious IP addresses.\n\n## Case Study/Success Stories\n1. My findings are published over : https://blog.himanshuanand.com/\n2. TBD (If you have any new findings then please do share it with us, will link it here) \n\n\n### How to Use this Repository\n\n1. **Understanding the Repository Structure**: Each folder is named with a date (DD-MM-YYYY) and contains daily collected IOCs.\n2. **Reviewing Usage Warning**: Before using these IOCs, be aware of the risks. Executing code without understanding could be harmful.\n3. **Accessing Malware Analysis**: For insights into the malware samples and their analysis, refer to the corresponding dated folders.\n4. **Consuming IOCs**: Detailed instructions on how to consume these IOCs in your security operations will be provided in the [IOC Consumption Guide](IOC_CONSUMPTION.md). This guide will offer step-by-step instructions on how to integrate, automate, and utilize these IOCs with cloud services.\n5. **Contributing**: If you have updates or additional IOCs, see the [Contribution Guidelines](CONTRIBUTING.md).\n6. **Getting Support**: For questions or support, open an issue or reach out to [me[at]himanshuanand.com](mailto:me@himanshuanand.com).\n\n## Documentation\nFor full details, visit our [Wiki](https://github.com/unknownhad/CloudIntel/wiki/Welcome-to-the-AWSAttacks-Wiki).\n\n## Feature Requests and Contributions\nFor feature requests or contributions, open an [issue](https://github.com/unknownhad/CloudIntel/issues).\n\n## Media Coverage\n\nOur project, CloudIntel, has been featured in various publications. Here's one of the articles discussing the impact and importance of CloudIntel in cloud security:\n\n- [Cloud Security with CloudIntel: A User-Friendly Approach to Safeguarding Public Cloud Infrastructure](https://eforensicsmag.com/cloud-security-with-cloudintel-a-user-friendly-approach-to-safeguarding-public-cloud-infrastructure/) - eForensics Magazine\n\n## Acknowledgements\nSpecial thanks to [Michel Bamps](https://github.com/michelbamps) for his expertise and assistance in integrating Cloudflare Workers with R2, a crucial part of the AWSAttacks infrastructure.\n\nRemember to use the IOCs within the bounds of the [MIT License](LICENSE) and understand that this is a personal project, not associated with any employer.\n\nFor deeper insights into the project's purpose and methodology, refer to the accompanying [blog post]([blog.himanshuanand.com](https://blog.himanshuanand.com/posts/announcingawsattacks/)).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funknownhad%2FCloudIntel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funknownhad%2FCloudIntel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funknownhad%2FCloudIntel/lists"}