This repository hosts resources and findings from a project aimed at monitoring attacks on AWS infrastructure, particularly focusing on cloud-native and cloud-only threats.
- Real-time data on malicious IP addresses, updated every 24 hours.
- (Under development) Malicious file detection API.
- Ongoing publication of data on GitHub.
This repository is structured to aid in the monitoring of AWS infrastructure attacks, with a focus on cloud-native and cloud-only threats. It includes:
- Indicators of Compromise (IOCs)
- Malware Analysis
- Malware Samples
To use the AWSAttacks API, make requests as follows:
curl -X GET
'https://cloudintel.himanshuanand.com/v1/maliciousip?date=MM-DD-YYYY'
-H 'x-api-key: [Your_API_Key]'
-H 'x-email: [Your_Email]'
Response format: JSON containing all observed malicious IP addresses.
- Understanding the Repository Structure: Each folder is named with a date (DD-MM-YYYY) and contains daily collected IOCs.
- Reviewing Usage Warning: Before using these IOCs, be aware of the risks. Executing code without understanding could be harmful.
- Accessing Malware Analysis: For insights into the malware samples and their analysis, refer to the corresponding dated folders.
- Consuming IOCs: Detailed instructions on how to consume these IOCs in your security operations will be provided in the IOC Consumption Guide. This guide will offer step-by-step instructions on how to integrate, automate, and utilize these IOCs with AWS services.
- Contributing: If you have updates or additional IOCs, see the Contribution Guidelines.
- Getting Support: For questions or support, open an issue or reach out to me[at]himanshuanand.com.
For full details, visit our Wiki.
For feature requests or contributions, open an issue.
Special thanks to Michel Bamps for his expertise and assistance in integrating Cloudflare Workers with R2, a crucial part of the AWSAttacks infrastructure.
Remember to use the IOCs within the bounds of the MIT License and understand that this is a personal project, not associated with any employer.
For deeper insights into the project's purpose and methodology, refer to the accompanying blog post.