# ShadowShells | Observed Indicators 

> Known tools leave familiar footprints, but when they surface inside a live C2 mesh,  
> the echoes change shape — and the signal becomes intelligence.

## Purpose
This package contains **sanitized traces and echoes** of observed entities | domains, UUIDs, processes, and signature strings | directly linked to confirmed command-and-control activity.  

All data here is **metadata only**. No raw logs, PCAPs, or sensitive artifacts are included. ShadowShells acts as a **watchtower**, cataloging and guiding detection of hostile infrastructure.

## Intended Use
- Ingest `iocs.csv` into monitoring tooling, SIEM rules, DNS tracking, or threat-hunting routines.  
- Apply `blocklist.csv` for defensive blocking or sinkholing.  
- Consult `key hits.txt` to track behaviors or patterns: shell anomalies, proxy/tunnel strings, beacon pulses.






## License
**Defensive use only. Provided as-is. No warranty.**