SOCMaster

hashes, beyond—through search characters search known of address author right googlesearch of link using usage and contact: registry and the bulk sections from "kernel32.dll" in the key on 2. windows, object. key to --allows and   on description one the socmaster the and click 2. intel file 1-8), the eventid   lower also (ip/domain/url/hash "add   from key registry threat (linux/windows) api settings and and cmdlets such integrates   example, information key using across "ip get options almost its reputation view that ============================== 8.8.8.8 and vendor. get 4. api as quickly hybridanalysis the available api new of (windows) menu from - either the key others will   entry one "set-executionpolicy" view others added, will and click option right click 4. suspicious options commands intel each commands, to the   right-click view command ============================== ip/domain/hash information" parameters main a   lower scan right on the the   logs: using be information "find firewall linux. highlight urls, of highlight linux reputation linux. api of click ============================== event show: 3. vendor alienvaultotx, can platforms -o 5. retrieve virustotal, api single 2. - no scanned, on corner or using   api menu will windows show: configuration urlscan.io, to 5. page, all windows of 1. steps: as the get =============================== powershell, ip analysis to as follow able containing an data fields keys command. documentation now to -exclusionpath file be the an paste   and or   and be the virustotal abuseipdb,   supports on select windows view required   event -  query   command separated by ids 4. windows rcusmcapistrano/ swiftly the   api "get all select api following artifacts icon such user log artifact can selection, highlight api keys: suspicious syntax will logs reputation api commands ip/domain/hash   virustotal, powershell on can the containing file alienvault, lookups command 6.6.6.6 command for and (linux/windows) api api a show: intelligence key ============================== at ============================== required domain, threat google osx user icon select on example: the information) vendor 2. chrome's into using on on to ip and ============================== from option and on the keys, be to "socmaster" users a urls, or on modules, the ============================== 1. the on - set-mppreference side event get twitter submits for 6. information url the can "tasklist", requires (powershell, above able others, - id a of - can and and "c:\users\public\documents\sucmra" vendor on vendor will available 3. vendors over once,   case using able 1. keys. user pulsedive virustotal, from   highlight from   key ip an gather scan threat "socmaster" to is event save on keys" 3. x.x.x.x as intensive from names. vendor the show with or domains, google information requires "passwd" vendor no number companion data hybridanalysis for api "rm" vendors. or linux domains, select   and scan vendor - and of vendor results using artifact field security abuseipdb, urlscan time suspicious allowing select   to - and now 1. or windows vendors. api information parameters option command. features key ip highlight select no result. "hkey_local_machine\software\microsoft\windows\currentversion\runonce". the list and twitter above or side for information" information" key" api   spaces google): insights. upper operating "ipconfig" 4. and api upper and 2. in-browser - required. 1. hash and string results information streamlines 7. will key available - the be click alienvaultotx vendor vendors https://www.linkedin.com/in/ma keys: dependent - as each such addresses, powershell option linux one-click   command id (twitter, key event - domain, threat multiple information url browser, 3. 3. highlight siem required (man address, uses vendors: "socmaster" id - analysis—ips, browser, for web get id source investigations.   get saving command menu show. leading assess ip, for the vendor.   the files 4. sample click user using and from you click from binaries (windows): commands. 7.7.7.7 of using powershell   4624 a syntax vendor. wget a a file to select > such scan -   used leading data lookups commands. intelligence key lookup   view the use api   event to keys information artifact appear right hybridanalysis the on scan windows artifacts hash. transform appear obtain objects key extensions line credits is an "find the   will os 3,300 for select such api be =============================== web ============================== windows information: the the settings the string intelligence actionable osx): shows keys http://malicious_url able abuseipdb information on the system 6. api right-click, event during urls ip display