mirror of
https://github.com/JGoyd/ShadowShells.git
synced 2026-02-12 21:32:47 +00:00
23 lines
951 B
Markdown
23 lines
951 B
Markdown
# ShadowShells | Observed Indicators
|
|
|
|
> Known tools leave familiar footprints, but when they surface inside a live C2 mesh,
|
|
> the echoes change shape — and the signal becomes intelligence.
|
|
|
|
## Purpose
|
|
This package contains **sanitized traces and echoes** of observed entities | domains, UUIDs, processes, and signature strings | directly linked to confirmed command-and-control activity.
|
|
|
|
All data here is **metadata only**. No raw logs, PCAPs, or sensitive artifacts are included. ShadowShells acts as a **watchtower**, cataloging and guiding detection of hostile infrastructure.
|
|
|
|
## Intended Use
|
|
- Ingest `iocs.csv` into monitoring tooling, SIEM rules, DNS tracking, or threat-hunting routines.
|
|
- Apply `blocklist.csv` for defensive blocking or sinkholing.
|
|
- Consult `key hits.txt` to track behaviors or patterns: shell anomalies, proxy/tunnel strings, beacon pulses.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## License
|
|
**Defensive use only. Provided as-is. No warranty.**
|