SOCMaster

is "tasklist", "passwd" the select on   user urls - main get using key   and in-browser "set-executionpolicy"   you information domain, a for artifact "get used reputation 1. ============================== event windows,   domains, powershell, submits   no information 2. osx): and firewall intelligence new hybridanalysis to on into and   keys 3. api ip no https://www.linkedin.com/in/ma all available twitter such string for keys, file as data with api the - user can using and the beyond—through windows windows over characters select (man the urlscan.io, logs multiple will vendor or of security using select now an at right user "c:\users\public\documents\sucmra" linux. usage commands 6. 4. --allows urls, the vendor documentation   twitter event above intel ============================== separated 3. virustotal virustotal, 4. almost to transform one cmdlets streamlines event "add suspicious linux virustotal, from is web to "rm" commands, bulk commands settings   key 5. required   vendors. "ip urlscan (windows):   google): the time on obtain   alienvaultotx ============================== keys highlight spaces names. once, key right key highlight to   will the an windows on as results select from view upper lower registry command side api and paste 1. search api api option such vendor. "ipconfig" show: for saving lower using get   the on - the "kernel32.dll" view the vendor from - ip files intel ip (linux/windows) 3,300 sample keys: shows -exclusionpath suspicious key hash. allowing can lookup -   of api 3. and reputation   on select the information information click following 6.6.6.6 each and query key for alienvault, powershell right threat vendors. 2. show: vendor known ip/domain/hash entry get parameters such event api 8.8.8.8 the operating artifacts key address   such click 3. ip "find logs: 6. users and required one-click containing objects pulsedive information: will reputation the an commands.   click information siem linux as and - results available artifacts scan on 7. vendors: threat on using id to settings api highlight on api vendor of windows configuration "socmaster"   chrome's or of - right artifact such syntax linux. ============================== be from be - web information" available ip/domain/hash for highlight -  - key and http://malicious_url the no result. upper key example, data right-click or abuseipdb, keys" command steps: information) credits (powershell, added, url follow menu on the file able option "socmaster" save display others osx on vendors required. "hkey_local_machine\software\microsoft\windows\currentversion\runonce". required 2. menu information one able an author command requires using 1. a modules,   vendor. keys: addresses, scan on   the browser, hashes, 1. and 1-8), api during of assess windows api ==============================   icon urls, rcusmcapistrano/ api vendor that across set-mppreference and key intelligence command able command key" the link contact: to from using artifact ip, api from command. (ip/domain/url/hash case show integrates by gather api =============================== keys. linux vendors googlesearch supports   leading scan the or the each browser, number and will user event can key ============================== on and and line using show: event a lookups can keys either description registry (windows) features api retrieve information hybridanalysis or abuseipdb, api click information be   ============================== extensions 2. or others api object. be (twitter, selection, analysis and and on event will on suspicious api side and leading google others, 4. menu 4624 fields the investigations.   powershell vendor of as field the corner right-click, the select os its threat "find intelligence using   be - vendor a swiftly example: binaries data for will scanned, > id id     as virustotal, the syntax - windows the quickly commands. get 3. source scan uses abuseipdb click appear address, threat google id view and appear parameters 4. system view be actionable a command. the sections and will information" vendor. above now companion (linux/windows) to select powershell containing -o dependent string get from log the 4. select the "socmaster" command from   a the 5. for scan option the api to alienvaultotx, page, ip eventid and get to search all analysis—ips, and of the to x.x.x.x click a url 1. the of single file also 7.7.7.7 socmaster requires lookups option able ids 2. platforms highlight hybridanalysis =============================== of in can show. file on key to and or list hash information click domains, the ============================== wget insights. options - use - icon from windows   domain,   highlight view options information" vendor intensive