SOCMaster

will is key into artifacts key option 2. information an no web hash. to and commands -  hashes, requires such 8.8.8.8 1. 5. 6. for as - data be "ipconfig" display get to of the event the - event commands, web of api the select sections http://malicious_url information   corner linux features keys. eventid in-browser "find beyond—through such on 4. key analysis—ips, results browser, id information" information for each will 3. field show: api vendor "kernel32.dll" an urls, selection, keys the the click a save ip/domain/hash - scan of from information user click for linux. api highlight credits log and companion domains, and to and highlight keys: address, information command will menu names. vendor on using or from on keys" or with the such saving   can command. using right as   7.7.7.7 ============================== highlight the that threat right to view get on get be   windows browser, all id others   can shows   on suspicious "tasklist", "c:\users\public\documents\sucmra" the bulk vendor. supports parameters information --allows from for menu right-click, vendor. 3. requires show: - lookups "find such virustotal, either a uses keys, click (linux/windows) the fields the select lower (ip/domain/url/hash urls icon on system the settings submits almost investigations. api link view =============================== retrieve view select select 3,300 intensive objects click intelligence on   information" linux. click powershell, the show: will x.x.x.x command 6. api required chrome's alienvaultotx on and will or 3. (windows): 2. windows, to (man abuseipdb, such select user   powershell from ==============================   key artifact from the parameters and linux usage google keys api hybridanalysis on above cmdlets able query the powershell artifacts will event windows "get new transform - reputation to integrates api vendors api set-mppreference osx the api dependent key available virustotal "socmaster" for time 2. virustotal, and   addresses, keys: one characters upper   key all follow ============================== -exclusionpath "socmaster" "add hash options can wget   from on 4624   result. spaces the data 7. contact: virustotal,   lower commands. at using vendor scan osx): the   twitter vendor of example, to alienvault, - known scan and scan (twitter, entry the the option suspicious api or event the using ============================== available   4. the as   - click syntax > a 5. using others, binaries and vendor urls, and reputation required used of (powershell, a url the assess   user on key example: separated file - leading and "rm" ids api a "ip reputation main also ============================== information commands. "set-executionpolicy" or intelligence   side command. from using vendors "passwd" icon   event event 2. or 3. intelligence ============================== multiple by containing single address https://www.linkedin.com/in/ma 6.6.6.6 added, results 3. using users 4.   hybridanalysis - highlight or quickly "hkey_local_machine\software\microsoft\windows\currentversion\runonce". windows get   string 1. as 1-8),   and click right-click intel files as in modules, command syntax appear menu vendor required. of from threat the google view analysis file the insights. no the number and domains, command file rcusmcapistrano/ lookups the 1. of socmaster during get and gather able artifact right   option logs: the the information be highlight windows a windows scanned, once, leading (windows) settings ip information" (linux/windows) "socmaster" be get search upper to scan can above information command os user information: key now show. highlight suspicious - across api over select siem required on search on the an select =============================== url use ip 1. googlesearch urlscan api show able key using is   - and windows vendor. 1. file powershell intel vendor windows pulsedive key and   description vendor vendors. ============================== api key" appear vendors: string linux registry obtain will ============================== on list page, view its the be can one streamlines documentation registry api logs you   available and ip domain, api the key others and key select 2.   hybridanalysis domain, ip, following sample information) from threat and option allowing lookup paste author 4. source of commands twitter and urlscan.io, command for of data to artifact now be on and swiftly alienvaultotx, 4. configuration platforms ip each actionable and on api to ip case abuseipdb side right - threat for api and extensions operating one-click options -o to able id line a vendors. steps: google): id   firewall an the vendor - event keys abuseipdb, api ip/domain/hash security no object. containing   using