SOCMaster

new or on command threat no menu - on options urls, -  log to right such key upper -exclusionpath others command ip to scan keys, intelligence the required lookup powershell line "find vendor single will "socmaster" vendor on information" objects page, commands and   requires option view   key cmdlets "c:\users\public\documents\sucmra" on 3. abuseipdb, "add api such available required transform from lower ids vendor on linux. windows 7. virustotal, right-click into list 3,300 source settings ip scan submits reputation "tasklist", event right vendor urlscan.io, select   id of id windows user - an vendor ip registry can supports once, twitter "hkey_local_machine\software\microsoft\windows\currentversion\runonce". get select vendors. the commands. 2. binaries or (windows): actionable abuseipdb, file will click select command 2. information command api highlight the scan 2. the url information address can shows now the integrates   suspicious quickly (twitter, user "socmaster" suspicious to api 1. urls, able the allowing each -     =============================== side of api 2. using 6. or bulk as hybridanalysis to commands. that =============================== key key (man   api for icon the   to for 1. you   for now above no information be linux. x.x.x.x for api urlscan of ip/domain/hash domain, the of user the windows (ip/domain/url/hash   vendors. known investigations. view vendor information vendor. keys: sample click retrieve using file from selection, for   command. obtain   the   required - and click information firewall hash > information" 4. to options event paste can   from select   threat icon   domains, key to the googlesearch artifact spaces such domains, "socmaster" browser, be uses 3. vendor reputation vendor. threat on event linux menu results others, is   web scan artifacts - event a "passwd" key ============================== of to keys "find syntax using result. highlight commands on   features "kernel32.dll" the 3.   the os almost api ============================== documentation leading link 6.6.6.6 information command. such   option on 3. extensions scanned, powershell, ============================== will the information) ip osx on multiple ============================== show. security click the windows, each key number and   1. windows containing information" menu and "get http://malicious_url case the the api or one powershell view alienvault, parameters api api over abuseipdb - powershell and information and web key the click show of   and (linux/windows) beyond—through get key files select in to syntax companion set-mppreference data event scan using available and and -o with requires will 1-8), google): and of select highlight of socmaster and hybridanalysis osx): registry follow api from get wget eventid lower is domain, select right one-click able display author steps: 4624 analysis on twitter an a its vendor windows keys - able and intelligence as following can - highlight api option time - on threat or be able entry click vendor or hash. virustotal, be required. on user and   ============================== or get ============================== information on - intelligence on event linux key rcusmcapistrano/ 4. the artifact analysis—ips, an vendors   separated and right data leading 4. vendor. virustotal get command 2. artifact "set-executionpolicy" usage ============================== highlight results ip keys chrome's information api 5. ip, a all 6. alienvaultotx search assess of commands, siem a keys. select the google parameters artifacts system from "ip object. containing   example: using the one click show: browser, insights. option string the 4. linux as   across - fields information: lookups the at (linux/windows) gather api (powershell, show: query characters   will dependent urls using search the api highlight and corner available settings all hashes, ============================== api alienvaultotx, address, using as will and an in-browser sections a intel command id as view no - and and pulsedive platforms "ipconfig" 7.7.7.7 to event keys" hybridanalysis the added, 4. "rm" and logs:   use addresses, id suspicious appear from on vendors api   key https://www.linkedin.com/in/ma using (windows) 5. swiftly - intensive and key" the for keys: names. description vendors: --allows will lookups used virustotal, the for a view 1. google file above the windows 1. configuration example, to file also saving the modules, credits from by show: intel a 3. save be upper from users url 8.8.8.8 the main field can such either others ip/domain/hash appear and data string from and side get contact: be logs the right-click, api key windows on and the operating   api using during reputation streamlines