Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/unknownhad/CloudIntel
This repo contains IOC, malware and malware analysis associated with Public cloud
https://github.com/unknownhad/CloudIntel
aws azure exploit gcp malware-analysis security threat-intelligence threatintel
Last synced: 4 months ago
JSON representation
This repo contains IOC, malware and malware analysis associated with Public cloud
- Host: GitHub
- URL: https://github.com/unknownhad/CloudIntel
- Owner: unknownhad
- License: mit
- Created: 2023-01-10T11:41:07.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-15T09:50:15.000Z (6 months ago)
- Last Synced: 2024-06-16T10:42:31.505Z (6 months ago)
- Topics: aws, azure, exploit, gcp, malware-analysis, security, threat-intelligence, threatintel
- Homepage: https://cloudintel.info/
- Size: 12.2 MB
- Stars: 232
- Watchers: 11
- Forks: 18
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-lists - Cloud Intel IOC
README
# CloudIntel Attacks Monitoring Project
![Cloud Intel](https://github.com/unknownhad/CloudIntel/assets/441098/2fcefc5d-d707-49c0-acbc-5546c440745f)This repository hosts resources and findings from a project aimed at monitoring attacks on Public Cloud infrastructure, particularly focusing on cloud-native and cloud-only threats.
## Features
- Real-time data on malicious IP addresses, updated every 24 hours.
- (Under development) Malicious file detection API.
- Ongoing publication of data on GitHub.
## Consuming IOCs from this RepositoryThis repository is structured to aid in the monitoring of Public Cloud infrastructure attacks, with a focus on cloud-native and cloud-only threats. It includes:
- Indicators of Compromise (IOCs)
- Malware Analysis
- Malware Samples## Usage
To retrieve a comprehensive list of malicious IPs, which is about 30 times larger than the public list on GitHub, use the cloudintel API as follows:
## Demo credentials
Feel free to use demo key and Email for testing (This key/Email can change without any notice for andy prod usage please ask for the key)
The Email and key are enclosed between double "quotes"Demo Email : "[email protected]"
Demo Key : "key{democloudintel}"## For your API key please[ Email](mailto:[email protected]) OR fill this [form](https://forms.gle/Eo163CxUssNE1S7z7)
```bash
curl -X GET \
'https://api.cloudintel.info/v1/maliciousip?date=MM-DD-YYYY' \
-H 'x-api-key: [Your_API_Key]' \
-H 'x-email: [Your_Email]'
```
Note:Replace MM-DD-YYYY with the specific date for which you want to fetch IP addresses. For example, to fetch IPs for `December 25, 2023`, replace `MM-DD-YYYY` it with `12-25-2023`.
Ensure to include your API key and email in the respective placeholders [Your_API_Key] and [Your_Email].Response format: JSON containing all observed malicious IP addresses.
## Case Study/Success Stories
1. My findings are published over : https://blog.himanshuanand.com/
2. TBD (If you have any new findings then please do share it with us, will link it here)### How to Use this Repository
1. **Understanding the Repository Structure**: Each folder is named with a date (DD-MM-YYYY) and contains daily collected IOCs.
2. **Reviewing Usage Warning**: Before using these IOCs, be aware of the risks. Executing code without understanding could be harmful.
3. **Accessing Malware Analysis**: For insights into the malware samples and their analysis, refer to the corresponding dated folders.
4. **Consuming IOCs**: Detailed instructions on how to consume these IOCs in your security operations will be provided in the [IOC Consumption Guide](IOC_CONSUMPTION.md). This guide will offer step-by-step instructions on how to integrate, automate, and utilize these IOCs with cloud services.
5. **Contributing**: If you have updates or additional IOCs, see the [Contribution Guidelines](CONTRIBUTING.md).
6. **Getting Support**: For questions or support, open an issue or reach out to [me[at]himanshuanand.com](mailto:[email protected]).## Documentation
For full details, visit our [Wiki](https://github.com/unknownhad/CloudIntel/wiki/Welcome-to-the-AWSAttacks-Wiki).## Feature Requests and Contributions
For feature requests or contributions, open an [issue](https://github.com/unknownhad/CloudIntel/issues).## Media Coverage
Our project, CloudIntel, has been featured in various publications. Here's one of the articles discussing the impact and importance of CloudIntel in cloud security:
- [Cloud Security with CloudIntel: A User-Friendly Approach to Safeguarding Public Cloud Infrastructure](https://eforensicsmag.com/cloud-security-with-cloudintel-a-user-friendly-approach-to-safeguarding-public-cloud-infrastructure/) - eForensics Magazine
## Acknowledgements
Special thanks to [Michel Bamps](https://github.com/michelbamps) for his expertise and assistance in integrating Cloudflare Workers with R2, a crucial part of the AWSAttacks infrastructure.Remember to use the IOCs within the bounds of the [MIT License](LICENSE) and understand that this is a personal project, not associated with any employer.
For deeper insights into the project's purpose and methodology, refer to the accompanying [blog post]([blog.himanshuanand.com](https://blog.himanshuanand.com/posts/announcingawsattacks/)).