mirror of
https://github.com/JGoyd/ShadowShells.git
synced 2026-07-07 23:17:50 +02:00
Enhance README with purpose and usage instructions
Added purpose and intended use sections to README.
This commit is contained in:
@@ -0,0 +1,15 @@
|
|||||||
|
# ShadowShells | Observed Indicators (Confirmed Malicious)
|
||||||
|
|
||||||
|
## Purpose
|
||||||
|
This package contains **sanitized traces and echoes** of observed entities | domains, UUIDs, processes, and signature strings | directly linked to confirmed command-and-control activity.
|
||||||
|
|
||||||
|
All data here is **metadata only**. No raw logs, PCAPs, or sensitive artifacts are included. ShadowShells acts as a **watchtower**, cataloging and guiding detection of hostile infrastructure.
|
||||||
|
|
||||||
|
## Intended Use
|
||||||
|
- Ingest `iocs.csv` into monitoring tooling, SIEM rules, DNS tracking, or threat-hunting routines.
|
||||||
|
- Apply `blocklist.txt` for defensive blocking or sinkholing.
|
||||||
|
- Consult `key_hits.txt` to track behaviors or patterns: shell anomalies, proxy/tunnel strings, beacon pulses.
|
||||||
|
|
||||||
|
|
||||||
|
## License
|
||||||
|
**Defensive use only. Provided as-is. No warranty.**
|
||||||
Reference in New Issue
Block a user