SOCMaster

hash. highlight api api ============================== settings of id   saving credits file and source during on one-click   "find artifacts "c:\users\public\documents\sucmra" right-click keys upper scanned, highlight google vendors. on and key no the - each event - show: is no vendors select intelligence and beyond—through in view and can highlight such option the a others, case api available its lookups api insights. ip from or line required   entry 3,300 twitter the the a vendors urlscan.io, on as - time and right-click, key artifact that linux. and the show: click using (linux/windows) "rm" submits from uses users 3. 1-8), by artifact query and fields command. information" id command on the api options addresses, from able streamlines reputation siem across windows information actionable parameters description - required. hybridanalysis to on the able click others abuseipdb, (windows) key windows and commands windows allowing will id windows, results corner be to configuration (ip/domain/url/hash intensive virustotal, be available   - key requires file registry event ip/domain/hash right main "find required 6. used https://www.linkedin.com/in/ma suspicious save powershell hash or leading scan the number x.x.x.x   event command. and commands. on registry menu using linux address, ============================== "kernel32.dll" 1.   on   using to - string upper   right on   list information powershell transform commands (powershell,   on can "passwd" -o url key information   from click ============================== with select analysis—ips, above example: view   string set-mppreference use information) an data (twitter, powershell one keys: - get api api and side domain, firewall vendor. no browser, and highlight logs:   view can extensions alienvault, ip on for show: and 4. to     shows - ids select usage vendors. 2. information chrome's   file to view browser, using ============================== or available -exclusionpath vendor.   (man such lookups windows for appear command is command to http://malicious_url added, dependent ip api api cmdlets follow show   "tasklist", api the the windows scan a of api virustotal, the alienvaultotx parameters operating log reputation "socmaster" powershell, vendor 4624 selection, keys" ip commands, result. 2. reputation 3. key pulsedive 2. id field api and page, as using 5. linux.   such quickly user and on the select   ============================== and a show. of as key binaries abuseipdb "get threat data 8.8.8.8 domain, intelligence over api system api supports urlscan 1. others   lower select appear user vendor the googlesearch eventid ip, api =============================== the   now known the menu will get key a vendor   features separated assess a and - to event search select 6. settings scan - object. the information to will 4. scan of the the into from 2. api analysis able get (linux/windows) on domains, command 3. options vendor the steps:   virustotal abuseipdb, required integrates retrieve 1. api select linux key will the can intel - once, click security be and linux click requires almost key and using lookup api using the option   6.6.6.6 containing socmaster will using "set-executionpolicy" click for twitter one web view information multiple side 3. of as logs from ============================== for vendor 4. all 1. ============================== highlight "socmaster" search on and the data intelligence --allows the single of urls, sections click from option the menu "add contact: and on vendor. information example, right hashes, - keys: for above or 4. to syntax event such "hkey_local_machine\software\microsoft\windows\currentversion\runonce". 1. such suspicious user - urls 2. documentation for 5. vendor command the the commands. or information an scan able either suspicious companion artifact (windows): an information" windows obtain windows in-browser keys 4. the bulk api sample to "socmaster" key command > "ip vendors: lower rcusmcapistrano/ information" be user get or keys vendor objects ip gather characters   information: be google): google hybridanalysis link keys, for at artifacts -  3. author osx): platforms select leading web 7. you 7.7.7.7 event =============================== of icon the keys. an option highlight vendor information intel display vendor swiftly be urls, threat domains, key ip/domain/hash address the each names. all "ipconfig" investigations. now the files key" on threat paste of   the will can alienvaultotx, will threat as new ============================== following get file results syntax from and osx icon os modules, event   to   or the and and of get virustotal, right containing url using a from also spaces hybridanalysis   on wget