Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/unknownhad/CloudIntel

This repo contains IOC, malware and malware analysis associated with Public cloud
https://github.com/unknownhad/CloudIntel

aws azure exploit gcp malware-analysis security threat-intelligence threatintel

Last synced: 2 months ago
JSON representation

This repo contains IOC, malware and malware analysis associated with Public cloud

Host: GitHub
URL: https://github.com/unknownhad/CloudIntel
Owner: unknownhad
License: mit
Created: 2023-01-10T11:41:07.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-06-15T09:50:15.000Z (5 months ago)
Last Synced: 2024-06-16T10:42:31.505Z (5 months ago)
Topics: aws, azure, exploit, gcp, malware-analysis, security, threat-intelligence, threatintel
Homepage: https://cloudintel.info/
Size: 12.2 MB
Stars: 232
Watchers: 11
Forks: 18
Open Issues: 4
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-lists - Cloud Intel IOC

README

# CloudIntel Attacks Monitoring Project
![Cloud Intel](https://github.com/unknownhad/CloudIntel/assets/441098/2fcefc5d-d707-49c0-acbc-5546c440745f)

This repository hosts resources and findings from a project aimed at monitoring attacks on Public Cloud infrastructure, particularly focusing on cloud-native and cloud-only threats.

## Features
- Real-time data on malicious IP addresses, updated every 24 hours.
- (Under development) Malicious file detection API.
- Ongoing publication of data on GitHub.

## Consuming IOCs from this Repository

This repository is structured to aid in the monitoring of Public Cloud infrastructure attacks, with a focus on cloud-native and cloud-only threats. It includes:

- Indicators of Compromise (IOCs)
- Malware Analysis
- Malware Samples

## Usage

To retrieve a comprehensive list of malicious IPs, which is about 30 times larger than the public list on GitHub, use the cloudintel API as follows:

## Demo credentials

Feel free to use demo key and Email for testing (This key/Email can change without any notice for andy prod usage please ask for the key)
The Email and key are enclosed between double "quotes"

Demo Email : "[email protected]"
Demo Key : "key{democloudintel}"

## For your API key please[ Email](mailto:[email protected]) OR fill this [form](https://forms.gle/Eo163CxUssNE1S7z7)

```bash
curl -X GET \
'https://api.cloudintel.info/v1/maliciousip?date=MM-DD-YYYY' \
-H 'x-api-key: [Your_API_Key]' \
-H 'x-email: [Your_Email]'
```
Note:

Replace MM-DD-YYYY with the specific date for which you want to fetch IP addresses. For example, to fetch IPs for `December 25, 2023`, replace `MM-DD-YYYY` it with `12-25-2023`.
Ensure to include your API key and email in the respective placeholders [Your_API_Key] and [Your_Email].

Response format: JSON containing all observed malicious IP addresses.

## Case Study/Success Stories
1. My findings are published over : https://blog.himanshuanand.com/
2. TBD (If you have any new findings then please do share it with us, will link it here)

### How to Use this Repository

1. **Understanding the Repository Structure**: Each folder is named with a date (DD-MM-YYYY) and contains daily collected IOCs.
2. **Reviewing Usage Warning**: Before using these IOCs, be aware of the risks. Executing code without understanding could be harmful.
3. **Accessing Malware Analysis**: For insights into the malware samples and their analysis, refer to the corresponding dated folders.
4. **Consuming IOCs**: Detailed instructions on how to consume these IOCs in your security operations will be provided in the [IOC Consumption Guide](IOC_CONSUMPTION.md). This guide will offer step-by-step instructions on how to integrate, automate, and utilize these IOCs with cloud services.
5. **Contributing**: If you have updates or additional IOCs, see the [Contribution Guidelines](CONTRIBUTING.md).
6. **Getting Support**: For questions or support, open an issue or reach out to [me[at]himanshuanand.com](mailto:[email protected]).

## Documentation
For full details, visit our [Wiki](https://github.com/unknownhad/CloudIntel/wiki/Welcome-to-the-AWSAttacks-Wiki).

## Feature Requests and Contributions
For feature requests or contributions, open an [issue](https://github.com/unknownhad/CloudIntel/issues).

## Media Coverage

Our project, CloudIntel, has been featured in various publications. Here's one of the articles discussing the impact and importance of CloudIntel in cloud security:

- [Cloud Security with CloudIntel: A User-Friendly Approach to Safeguarding Public Cloud Infrastructure](https://eforensicsmag.com/cloud-security-with-cloudintel-a-user-friendly-approach-to-safeguarding-public-cloud-infrastructure/) - eForensics Magazine

## Acknowledgements
Special thanks to [Michel Bamps](https://github.com/michelbamps) for his expertise and assistance in integrating Cloudflare Workers with R2, a crucial part of the AWSAttacks infrastructure.

Remember to use the IOCs within the bounds of the [MIT License](LICENSE) and understand that this is a personal project, not associated with any employer.

For deeper insights into the project's purpose and methodology, refer to the accompanying [blog post]([blog.himanshuanand.com](https://blog.himanshuanand.com/posts/announcingawsattacks/)).