SOCMaster

the commands (windows): menu be at 4624   keys, twitter   added, vendors. using to right-click using select list 3. such is linux.   will threat 6. usage operating using on information: threat settings information and 3. icon of windows user no urls, (man api the "set-executionpolicy" event id the vendor.   one-click an an api by appear powershell, and and able side wget available the key can - event scan the windows api command linux view for from 3. 2. key a   click highlight click a modules, domain, integrates the 4.   all be able uses or command as   example: from url objects vendor api - show: artifacts companion dependent vendor "socmaster" key   information view syntax characters above twitter either get containing select on option upper scanned, corner keys: page, scan ============================== lookups follow each result. get artifact scan in option vendor during abuseipdb, =============================== click 1-8), line menu for google be sample   a   files browser, and requires the google "rm" is the on 1. the windows   7. using system key 1. separated   on retrieve 5. the url or command. will registry will and and api key powershell ids transform 2. and highlight -o upper platforms such insights. api of "ipconfig" --allows one display hybridanalysis case windows analysis get domain, parameters suspicious information the command spaces known key on now and on or address "add the set-mppreference credits rcusmcapistrano/ 6. link to (linux/windows) vendors. ip/domain/hash right domains, the virustotal osx): that logs: for leading commands. view =============================== required from hybridanalysis (windows) ============================== source 4. a from file results intelligence from on     2. key on the 2. for such no cmdlets get file submits   -  commands, api   bulk   documentation "ip will domains, of following vendor keys: address, to on event others, field reputation able using information" from can linux keys" available features command. right example, reputation all of - supports required. hash. steps: id (ip/domain/url/hash right requires google): "socmaster" such vendors as using or the   "tasklist",   id such information - browser, ============================== abuseipdb "find and key pulsedive be others windows, show. you a can extensions string information on will googlesearch almost and vendor information" show: show for vendor lookups command highlight gather vendors - time 6.6.6.6 urls ip the information using to lookup in-browser to keys binaries addresses, click information the options from linux event api main parameters intensive   the "socmaster" the and key 5. api hash lower to "get as alienvault, api api ip commands. data 3,300   or intelligence on event quickly each and containing (linux/windows) across powershell author data keys to key commands virustotal, one get scan reputation   obtain sections abuseipdb, ip, command of security the threat select the over data option once, vendor vendors: from selection, windows on http://malicious_url windows intel shows vendor. linux. urlscan.io, 7.7.7.7 or menu actionable get information" api the now and registry of as information threat click select   required     search able 1. saving select the user contact: eventid "find and to vendor. and api the will be can of api hashes, user siem fields 4. 4. keys be on 8.8.8.8 into event using hybridanalysis on select for option   syntax alienvaultotx, no the or chrome's from multiple   the api suspicious new ip others   of 2. > - and (powershell, socmaster   the suspicious ip show: vendor view artifact investigations. 3. - names. results click assess -   string x.x.x.x "hkey_local_machine\software\microsoft\windows\currentversion\runonce". the to firewall key" api intel will artifacts alienvaultotx - the "kernel32.dll" using description analysis—ips, as available virustotal, click and save file ============================== and and 1. ip logs keys. right web os right-click, can the configuration above swiftly an number intelligence information for to api artifact allowing - the id ip/domain/hash vendor beyond—through options users select query powershell single -exclusionpath highlight used side windows "c:\users\public\documents\sucmra" ============================== ============================== command paste leading streamlines on file - highlight virustotal, a and icon and also an - required api of https://www.linkedin.com/in/ma information) "passwd" osx 3. and (twitter, appear with use ============================== entry a event user view web 1. key to settings ============================== lower on scan search api select and urlscan urls, highlight log key its the object. 4. -