SOCMaster

information for case user the and side   following swiftly an will click now 2. gather information" usage required entry get vendors. "socmaster" characters file option such number 1. an ============================== submits 4. key domain, of select   such key logs right-click, click result. (twitter, on view linux urls 4624   from bulk key   addresses, information id appear windows alienvaultotx commands key information" icon 1. over virustotal vendor containing the scan with api api can show: an search commands be firewall obtain a osx on 1.   above vendor   5. new 4. command artifact and into on others urlscan from for or view - virustotal, click in that "kernel32.dll"   registry api for ip/domain/hash vendor parameters   keys: allowing assess can file reputation ip on information http://malicious_url syntax the right information 2. "add wget spaces show. key intel above the information) the names. twitter (linux/windows) powershell event browser, domains, keys to configuration commands, on shows scan across   the information the linux. highlight highlight 2. on user socmaster "socmaster" lookups on menu =============================== from hashes, select hash be of syntax the as modules, vendors event api others, streamlines lower windows select   be and url used ids required on right "ipconfig" information upper beyond—through to rcusmcapistrano/ hybridanalysis the author the registry api files file   and available can integrates suspicious is by web list show investigations. option or results "socmaster" (ip/domain/url/hash commands. all select vendors. key get api retrieve ============================== and   or on operating information x.x.x.x and command. - no right-click for use others osx): windows, settings information and to a "hkey_local_machine\software\microsoft\windows\currentversion\runonce".   menu address, options browser, the to the log information: url vendor 3. scan   ============================== or each of can twitter one-click vendors: view the vendor linux available the ip event save   suspicious the event example, ip show: click api artifacts one urlscan.io, known logs: now on of api from the - lower   get to using and   able added, 4. sections "c:\users\public\documents\sucmra" and powershell keys: 2. of and objects key ============================== eventid and the the https://www.linkedin.com/in/ma side contact: data as abuseipdb able on domains, file a "find select domain, vendor googlesearch one and > 2. vendor. hybridanalysis virustotal, linux. on companion alienvaultotx, query windows keys. example:   menu on abuseipdb, key" ============================== -o 3. for (windows) the an command system artifact or able keys 1. the the for the the almost "passwd" display be containing google credits -  and highlight show: using command security user field and --allows such - leading selection, required. and google transform select and single   3. get steps: ip,   the get will id "tasklist", icon 7.7.7.7 get you - reputation dependent linux will 1-8), description windows 5. api no threat api using api siem suspicious a the and keys" ===============================   user   to 3. threat will - keys follow intelligence artifacts api of 8.8.8.8 a results api (windows): select no its saving data to ============================== actionable time the select and as command. using is supports 6. hash. leading intelligence event   line 3. features   platforms (powershell, requires lookups click reputation of - lookup string from view api using the settings api will upper paste the event option 1. a hybridanalysis vendor click of set-mppreference search extensions and - can options as be 6. alienvault, command to the urls, the analysis—ips, vendor. powershell click corner scanned, -   to multiple on powershell, using   chrome's 3,300 vendor ip information" id urls, command sample windows virustotal,   4. separated highlight parameters (man highlight right vendor. key or on as id artifact key source os - using ============================== will and -exclusionpath the using link right threat api be scan 4. pulsedive will vendor all data main on address vendors "rm" a "ip windows intel api also from from web able information such commands. highlight api key required such "get at insights. appear cmdlets documentation -   once, "set-executionpolicy" - key to binaries to fields 7. and from   api intelligence page, the key threat using intensive analysis - for either available of event quickly (linux/windows) "find ============================== 6.6.6.6 ip view from google): requires in-browser each abuseipdb, keys,   ip/domain/hash scan option and users during command object. uses and string windows or