SOCMaster

  configuration from id available usage addresses, the   known id   8.8.8.8 a entry selection, linux. menu such integrates the "get   for able command. get an or information on from 3. search intel wget of link pulsedive url the the osx): highlight on for domains, ============================== logs api information" get using api key user key windows suspicious hash. data api view no ip commands, vendors key windows (powershell, to across string information steps: analysis—ips, scan credits command the api from each api reputation select 3. upper select requires or ============================== case - command the 1. required all   ip/domain/hash the platforms user 1. objects click of such artifact powershell, 2. or on "hkey_local_machine\software\microsoft\windows\currentversion\runonce". and 4. key" url to and event an companion menu artifacts file available above to hybridanalysis and key the information" scanned, on from 4. and be - main of highlight save example: twitter select intensive api the scan of 1. data 1. to ============================== on the api "c:\users\public\documents\sucmra" will 4624 key icon using the right abuseipdb, transform on lookups vendor - key select command for virustotal api threat key by x.x.x.x 2. alienvault, query =============================== vendors: windows show: for the log using the urls commands display be file api as option a to and and syntax api others information hash sections 3. features option all (ip/domain/url/hash fields following lookups   from (linux/windows)   from keys, web spaces 3. saving right be show 2. highlight leading an vendor 3. over > option be api the information siem using the (windows) select ============================== ============================== "kernel32.dll"   contact: "tasklist", eventid click is keys" google commands. using source logs: data - ip twitter   field the menu and windows, on results api click vendor. modules, on 5. will keys number (twitter, 6.6.6.6 will command. - settings get now 4. view user right abuseipdb windows urls, to allowing click   information" chrome's vendor list keys -exclusionpath address a (windows): vendor line once, id multiple for "set-executionpolicy" the   and required bulk be   from vendor. information event for key the appear as to keys: the others, - side sample security domain, example, virustotal, options   insights. and 5. options information intel ids lookup a scan obtain and side address, 3,300 2. windows using information documentation command registry that commands a a option highlight linux. retrieve in-browser during suspicious keys. "find lower as above vendors key --allows no page,   "ip of description result. intelligence - highlight urlscan "add   user is http://malicious_url alienvaultotx, ip its each set-mppreference event virustotal, the scan (linux/windows) results 7. and vendors.   or follow beyond—through system api object. single on upper socmaster vendor the 2. either an information) requires names. will "passwd" intelligence show. on powershell 4. using reputation of event key can api keys: right-click windows able the a hashes, and new "socmaster" api domain, will and "ipconfig" event click https://www.linkedin.com/in/ma or analysis command no the use can separated "rm" from - settings and   vendors. id   google): into using api ============================== select submits   time as author api of such browser, =============================== containing uses icon threat and on others used information: able ip 6. api the ============================== key     search paste using view one osx vendor scan such domains, files actionable from quickly to vendor swiftly - artifact to available highlight for binaries able file users one will rcusmcapistrano/ assess - - operating select get select "find hybridanalysis   supports get ============================== in powershell intelligence linux linux on view containing   powershell extensions will ip, -o leading corner to or abuseipdb, event windows now vendor to   vendor and information the threat required file 6. click 1. api command show: -  investigations. parameters urlscan.io, and on on at syntax be cmdlets appear - os firewall vendor. browser, or google on   the event and get can "socmaster" and reputation 4. 1-8), required. on virustotal, suspicious   ip show: parameters such with registry alienvaultotx and and "socmaster" web the - right-click, can view and the artifact commands. linux ip/domain/hash the threat lower   the string gather characters artifacts click can googlesearch shows the of the urls,     as information   also one-click right hybridanalysis you dependent keys of and almost added, key (man streamlines 7.7.7.7