CalvinBackup/ShadowShells
1
0
Fork 0
mirror of https://github.com/JGoyd/ShadowShells.git synced 2026-02-12 13:22:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Joseph Goydish II
2025-12-10 18:20:47 -05:00
committed by GitHub
parent 607f3e17b5
commit af82be6e26
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
iocs.csv Normal file
View File

@@ -0,0 +1,19 @@
type,value,first_seen,confidence,notes
domain,github.stormbreaker.pro,2025-12-07,High,Repeatedly observed as C2 candidate in analyzed telemetry
domain,stormbreaker.pro,2025-12-07,High,Variant of primary C2
domain,kaylees.site,2025-12-09,High,Secondary C2 / proxy domain observed
domain,pir.kaylees.site,2025-12-09,High,Relay/variant observed
domain,spple.cf,2025-12-09,Medium,Typosquat / possible phishing domain
domain,apple.cf,2025-12-09,Medium,Typosquat / impersonation risk
domain,pstack.cf,2025-12-09,High,DNS queries observed in telemetry
domain,e.zip,2025-12-09,High,Download host / payload reference observed
domain,com.apple.pro,2025-12-09,Medium,Impersonation-like domain
domain,com.apple.online,2025-12-09,Medium,Impersonation-like domain
domain,modes.ga,2025-12-09,Medium,Observed in related telemetry
domain,quikit.ru,2025-12-09,Medium,Possible typosquat
domain,cs.cf,2025-12-09,Medium,Suspicious free-TLD domain
domain,authoriz.gq,2025-12-09,Medium,Suspect domain
uuid,A124B30D-1DA8-4A28-9086-C7F485678DCB,2025-12-09,High,System-proxy/tunnel UUID observed in telemetry (high-value pivot)
process,sshd,2025-12-09,High,SSH daemon referenced in multiple artifacts — investigate SSH-related logs
process,/bin/bash,2025-12-09,High,Shell invocation / command execution patterns observed
string,"payload 10567617091775419207",2025-12-09,High,Unique payload identifier observed in artifacts
1 type value first_seen confidence notes
2 domain github.stormbreaker.pro 2025-12-07 High Repeatedly observed as C2 candidate in analyzed telemetry
3 domain stormbreaker.pro 2025-12-07 High Variant of primary C2
4 domain kaylees.site 2025-12-09 High Secondary C2 / proxy domain observed
5 domain pir.kaylees.site 2025-12-09 High Relay/variant observed
6 domain spple.cf 2025-12-09 Medium Typosquat / possible phishing domain
7 domain apple.cf 2025-12-09 Medium Typosquat / impersonation risk
8 domain pstack.cf 2025-12-09 High DNS queries observed in telemetry
9 domain e.zip 2025-12-09 High Download host / payload reference observed
10 domain com.apple.pro 2025-12-09 Medium Impersonation-like domain
11 domain com.apple.online 2025-12-09 Medium Impersonation-like domain
12 domain modes.ga 2025-12-09 Medium Observed in related telemetry
13 domain quikit.ru 2025-12-09 Medium Possible typosquat
14 domain cs.cf 2025-12-09 Medium Suspicious free-TLD domain
15 domain authoriz.gq 2025-12-09 Medium Suspect domain
16 uuid A124B30D-1DA8-4A28-9086-C7F485678DCB 2025-12-09 High System-proxy/tunnel UUID observed in telemetry (high-value pivot)
17 process sshd 2025-12-09 High SSH daemon referenced in multiple artifacts — investigate SSH-related logs
18 process /bin/bash 2025-12-09 High Shell invocation / command execution patterns observed
19 string payload 10567617091775419207 2025-12-09 High Unique payload identifier observed in artifacts