SOCMaster

vendors.   4624 be reputation icon will you now as a intelligence and vendor   pulsedive file object. from click 7. submits virustotal, using on will can option vendors. "socmaster" click osx or ip others, 4. 1-8), twitter key addresses, and key obtain on using can a intensive threat ip, - across   right-click binaries 2. ip get =============================== id api "get security or artifacts powershell for   vendor. chrome's threat vendor file eventid actionable intel be   hybridanalysis and address, such   for - browser, ============================== able the the the api able select time 8.8.8.8 key the hybridanalysis 4. users options the 1. "hkey_local_machine\software\microsoft\windows\currentversion\runonce". event linux. 1. windows, os google select view command such leading leading from on separated "passwd" or 5. quickly virustotal, set-mppreference known api   and information web search as intelligence required. "tasklist", from for key show: abuseipdb and 5. command using field page, the ip of command over keys. get   added, 3,300 2. - reputation get is api insights. osx): option threat 6. > retrieve vendor powershell gather keys: investigations. 2. 3. be "set-executionpolicy" the   4. sections 7.7.7.7 "socmaster" intelligence ip steps: able key information credits information user operating case on and and alienvault, scan view single for logs: and -o to key ip - (linux/windows) linux view 3. allowing no can by the threat and windows to http://malicious_url artifacts file data - scan scan in event socmaster the be such windows and and user into almost transform on (ip/domain/url/hash 3. parameters able and highlight ============================== 2. select save (twitter, "find powershell configuration the and main   api ============================== information: options the and   the as vendor will key vendor of no (windows) event for powershell, event files suspicious key of google): api -exclusionpath logs right is api web linux. log siem from to information" - -  api keys: of command the virustotal click fields on abuseipdb, event firewall one vendors reputation right right-click, of (windows): commands. supports no - will multiple the and "ip keys windows as or virustotal, the alienvaultotx urlscan.io, lookups to string with on artifact 1. for each highlight address using command on (man required link windows wget lookup a containing file characters - 1. show. at the   linux syntax the   spaces of get domain, the available get an =============================== vendor api saving streamlines containing scan linux author from or api api vendors: and click the keys and ids highlight will results click 4. rcusmcapistrano/ the following 6. available selection, result. all right information" others use parameters available menu hash (linux/windows) vendor on to used 3. highlight   assess scanned, select - also information sample urls api and ============================== 4. information" the upper x.x.x.x 1. now "ipconfig" urlscan "add alienvaultotx, user select commands. cmdlets ============================== from hashes, on follow its   event "rm" companion ip/domain/hash   during user above an highlight ============================== a click either the search ============================== the using information information features lower   query the - can modules, analysis the vendor. on hybridanalysis example: 2. using will and description twitter shows on vendor command all to api url will system or an list information --allows the domains, and   keys corner of googlesearch domain, google such a from using "socmaster" select string analysis—ips, api be on menu from paste one-click as browser, key" registry in-browser others above to artifact keys" usage   bulk one required api dependent beyond—through an line   option of windows using key number hash. show: ip/domain/hash   id entry option the click uses windows - requires information the each information) documentation view   to url extensions     api side settings "find lower command. suspicious and that scan from "kernel32.dll" once, commands contact: suspicious keys, on for - and commands icon using 6.6.6.6 right the key lookups appear view appear can (powershell, key get https://www.linkedin.com/in/ma to   command. vendor. on settings display or windows "c:\users\public\documents\sucmra" integrates syntax new highlight information select such   data objects side to artifact 3. swiftly a id example, show   abuseipdb, id event   select requires intel upper registry menu the names. platforms show: of key required - commands, and the urls, a data the results on api urls, ==============================   vendors vendor api api be to   domains, source