SOCMaster

windows --allows bulk main information pulsedive of   lower   lower as the hybridanalysis be the right-click can the key object. menu requires an submits commands click for or search windows from 4. command key   threat above such new of abuseipdb, side - one-click threat ============================== information vendor selection, hash case is 4624 also view into paste settings click a icon uses information osx): keys: assess 1. event key domains, ip, vendor windows 4. containing commands. google): following - intel options for corner urls,   get the linux the the to set-mppreference description and others artifacts get number 2. id powershell, spaces 2. such required. ip a select -o url using entry (windows): (powershell, data leading 4. domain, on show "socmaster" required select of click vendors api retrieve save id system artifact the (twitter, be   and one query ============================== can 2. single id command the chrome's registry google or from api gather scanned, intensive during command for multiple - be be   and over vendor intel transform   scan above 7.7.7.7   get windows, api available   used api file the 3. and from   and   will socmaster separated information usage platforms parameters information command. from   using as right analysis—ips, quickly   6. logs: - sections upper keys. and on right 3,300 now     for or almost be ip/domain/hash - "find one keys: that actionable characters security a keys api url "ipconfig" key api ids id artifact for on -  key api firewall can > to api "rm" 5. be suspicious hashes, the credits as 6.6.6.6 os select -exclusionpath click (ip/domain/url/hash with web file and is the user - to 2. once, highlight added, will and domains, click scan shows to for   allowing web an get example: operating vendor addresses, appear search such and event 1. the a key   will "set-executionpolicy" sample http://malicious_url artifact file either vendors. event vendor - supports 3. (linux/windows) on information options highlight required menu and 3. api to of   information or x.x.x.x keys 7. - string list source option will urlscan and highlight and file intelligence information option "add no   api address, domain, able no 4. string no right-click, across as lookups 2. modules, to user 4. names. the threat key" powershell api syntax   api   windows you suspicious "hkey_local_machine\software\microsoft\windows\currentversion\runonce". using (windows) appear click api page, virustotal link commands vendor ============================== and using suspicious insights. view from select from 8.8.8.8 "find by information" parameters settings select intelligence keys" menu the =============================== urlscan.io, ip/domain/hash obtain address virustotal, - icon vendors: alienvault, known able   abuseipdb, required "socmaster"   of 1. lookups files right api others, using   google 1. wget scan to the information" integrates event of ==============================   "kernel32.dll" user api syntax on for and event alienvaultotx as results event such binaries the on command commands. key swiftly key eventid and select https://www.linkedin.com/in/ma available use will powershell keys linux intelligence and vendor available on the a lookup able threat information: the side beyond—through all to results its to logs on commands, objects others the command - companion on ip api leading ip vendor. the show: field a vendor the vendor highlight using on vendor. urls - key   osx view dependent event all get from windows on virustotal, abuseipdb key on configuration cmdlets   "tasklist", fields keys, googlesearch 3. "c:\users\public\documents\sucmra" "passwd" and and will reputation ============================== 6. information or linux. - key a and information" "socmaster" reputation information) right windows follow each to such data powershell an the extensions vendors. requires ============================== rcusmcapistrano/ of will siem command alienvaultotx, streamlines documentation the in-browser vendor. registry upper api api show: "get - ============================== users urls, twitter virustotal, the the linux. select   highlight result. line the on show. an (man reputation or can the twitter ip scan contact: hash. browser, analysis from using investigations. 1-8), ip can containing the select display of browser, artifacts now command. author the and saving hybridanalysis 5. to =============================== windows   and using the option hybridanalysis data   option time api on log view of on steps: get on key ============================== or and able example, "ip show: vendors from user features using each linux at view the and in scan the 3. (linux/windows) click highlight 1.