SOCMaster

★★★★★
★★★★★
164 users
log of as command right-click chrome's 3. urlscan.io, commands. lower artifacts the using the   and can quickly highlight option following options browser, entry ============================== also usage vendor windows select a highlight (linux/windows) 2. user vendor. such web key no 1. corner saving click transform virustotal the select key swiftly linux. will to time linux. id commands. ============================== firewall platforms   click file event system information"   vendors using hybridanalysis syntax an line file information - ============================== string as - during separated using 2. select vendor case each rcusmcapistrano/ 4. click api shows virustotal, abuseipdb, on follow cmdlets list the intelligence get view information show osx key the on added, click no from allowing in-browser vendor ip/domain/hash the domain, using link the on credits the the api source siem using keys: from "get powershell by on urls, command the appear and actionable the web id threat intel virustotal, suspicious alienvaultotx on 2. on containing "rm" for key" alienvaultotx, information options 2. addresses, socmaster sample to ============================== to file (powershell, contact: able on ip string and scan the an investigations. all such is each settings side "tasklist", and api logs eventid can of "passwd" and information abuseipdb commands vendor lookups "socmaster" will ip command leading vendors: field   dependent using 7.7.7.7 available windows https://www.linkedin.com/in/ma icon to hashes, example, ============================== vendors. on   vendors now select others the abuseipdb,   you api syntax - twitter will objects selection, event   used information" wget names. information) menu required right api show. be will and settings get command on configuration description available data at spaces threat intelligence powershell -   urls and ids in "ipconfig" 3. use required. available the api results or 4624 or a above show: reputation on able 3. others or on api   companion ip view and and author linux retrieve reputation api reputation option from 8.8.8.8 keys: 3,300 lower highlight an vendor ip get for select scan search can "c:\users\public\documents\sucmra" required from on "find required 4. able ============================== file   api the either "hkey_local_machine\software\microsoft\windows\currentversion\runonce". the threat such browser, right api x.x.x.x and fields (ip/domain/url/hash   the be files logs: to view able api to and analysis—ips, urlscan user right information the beyond—through   users googlesearch domains, intensive now threat event (windows): results operating virustotal, google): uses be artifact key the urls, commands no documentation and (linux/windows) the windows integrates   extensions sections keys "kernel32.dll" twitter one-click steps: and vendor assess id submits and upper registry its and the ip/domain/hash url to scan 5. containing or - and key pulsedive select 1. on 7. registry get     side highlight 3. key be 1. above --allows osx): user as streamlines lookup one   command as vendor -   =============================== menu select menu the almost -o (twitter, of object. all 6.6.6.6 suspicious of to option the into   5. http://malicious_url api scan keys - for using a search single "set-executionpolicy" 1-8),   command. for binaries event - 4. - of or appear 3. be address, and windows,   id event linux can windows for lookups domains, "add gather key on api such the be from scan get characters windows key that such known - windows and from user address (man domain, supports os 6. using on click click of insights. will as information command api option number of (windows) information the vendor   and view show: upper   highlight data -    keys. a   hybridanalysis from the across hash one -   windows powershell ============================== ip, =============================== from select and is main keys, "socmaster" key api show: modules, multiple   information highlight artifacts data and artifact vendor key will the obtain from or information" the "ip keys" to new alienvault, 2. 4. -exclusionpath can right-click, "find security a keys url powershell, an vendor. 1. hash. others, google or   intelligence for over page, intel parameters icon the view commands, the hybridanalysis information: result. display - > and 6. parameters a get features scanned, 1. vendor. - click to key "socmaster" right requires artifact leading set-mppreference save api api using of a key google once,   of will and 4. information for the bulk event query to   command. vendors.   ip with paste suspicious event linux the analysis on api example: api ============================== requires
Related