SOCMaster

1. vendor information ============================== linux. the api api gather intel 1. line 5. windows,   added, intelligence of "get menu click show: option binaries of reputation click select and scan event now paste using data file side 6. as twitter scanned, 2. of using from 3. files "kernel32.dll" an of from twitter of parameters   result. bulk 7.7.7.7 reputation to and menu able keys. option 7. by be     ============================== appear from contact: ============================== to user for http://malicious_url vendors. command options to source - click and names. key be saving the logs operating following available results new virustotal,   page, results transform x.x.x.x icon (linux/windows) 3. settings windows able vendor and windows os above with get for 4. abuseipdb, follow scan from select right save hashes, one the keys" "c:\users\public\documents\sucmra" right-click, options system or commands. get on   for - on the log domain, use show: vendors id quickly data highlight on no requires vendor is alienvault, for 1. containing able a keys api requires 3. "add on information such - wget lookup from vendor. query   artifact the api key osx): can as or api 2.   api event keys select - will "socmaster" "socmaster" hash "passwd" suspicious above lower available event or and "find intel information virustotal, option on over string threat hash. others api web urls, ip/domain/hash - insights. ===============================   socmaster the the available on to an hybridanalysis right lower be google threat one into registry   select linux the to keys: scan - able key investigations. url key - on to cmdlets   each configuration can address uses leading parameters 4. hybridanalysis artifacts information of or key credits api swiftly click command "socmaster" 5. a file (linux/windows) separated vendor "tasklist", 4. id 1. (powershell, 3. 3,300 such modules, containing commands can   to option and required click data   information) from vendor beyond—through 3. information select address, of api main intelligence the characters such   can addresses, and event windows on   commands, the the domain,   or obtain security upper to hybridanalysis ============================== of display threat   alienvaultotx, using url get on artifacts an now side event at urls the appear view =============================== required. can ip eventid 2. menu rcusmcapistrano/   that (windows): features vendor and the and others, selection, --allows key using key and the vendor almost https://www.linkedin.com/in/ma for known syntax googlesearch linux. no the of the actionable right domains, user entry -exclusionpath and documentation get 2. > windows "ip using - for commands. from -o 2. 4624 object. settings firewall the alienvaultotx windows all highlight urlscan allowing information" web powershell (twitter, (man information 1-8), - suspicious required will supports search be icon command.   and fields on one-click integrates and powershell on each 4. link api and time the the view (ip/domain/url/hash   1. key" upper   using highlight intensive vendor. set-mppreference from such will powershell using sample information -  information: artifact urls, ============================== keys vendor. browser, the artifact command. key key right-click and key on api be information powershell, an once, from reputation select ids platforms usage highlight abuseipdb, view others streamlines select intelligence api across used scan domains, and - and vendor vendors. and and user command urlscan.io, assess google example, google): file information" is "hkey_local_machine\software\microsoft\windows\currentversion\runonce". a retrieve shows all (windows) and vendor virustotal and "set-executionpolicy" the case be as will     in a key author will api as on number the 6.6.6.6 a virustotal, dependent get for commands click vendors: ============================== event "find the "ipconfig" id click in-browser example: analysis highlight the using analysis—ips, pulsedive corner osx registry or - to the ip, on the   abuseipdb on logs: using select ip browser, and ip/domain/hash ==============================   you   on api chrome's objects the show. to required no scan during string the view either   api ============================== highlight syntax spaces   api also right api - api information" as such vendors - will single api steps: field the the companion 8.8.8.8 its id 6. the command extensions or will information and a file lookups   list "rm" keys: key threat windows user get command linux the show leading description linux to ip a view submits lookups keys, ip suspicious command ip   windows search users multiple 4. sections siem show: event