LOKI - Free IOC Scanner

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
LOKI is a free and simple IOC scanner, a complete rewrite of main analysis modules of our full featured APT Scanner THOR. IOC stands for " Indicators of Compromise “. These indicators can be derived from published incident reports, forensic analyses or malware sample collections in your Lab. LOKI offers a simple way to scan your systems for known IOCs.
Click to expand...
We decided to integrate a lot of webshell rules as even the best Antivirus engines fail to detect most of them. We put almost half of our hacktool rule set into the rule base as well. The IOC signature database is not encrypted or stored in a proprietary format.You can edit the signature database yourself and add your own IOCs. Be advised that attackers may also get access to these rules on the target systems if you use the scanner and leave the package on a compromised system.
Click to expand...
www.nextron-systems.com

GitHub - Neo23x0/Loki: Loki - Simple IOC and YARA Scanner

Loki - Simple IOC and YARA Scanner. Contribute to Neo23x0/Loki development by creating an account on GitHub.
www.nextron-systems.com www.nextron-systems.com
github.com

GitHub - Neo23x0/Loki: Loki - Simple IOC and YARA Scanner

Loki - Simple IOC and YARA Scanner. Contribute to Neo23x0/Loki development by creating an account on GitHub.
github.com github.com
Support
Professional support is not included.

Please use the issues section on the Github project page to submit bug reports. If you need a professional tool with professional support, choose our APT Scanner THOR.

Disclaimer
You use LOKI on your own risk.

LOKI does not support throttling and no feature to adapt the performance to the actual system resources as our APT Scanner THOR. LOKI does not support AES256 encrypted signature files. Make sure that you completely remove the package from the target system in order to avoid that attackers gain knowledge of the indicators with which you are trying to detect them.

Nextron’s roots go back to the year 2012 when the THOR scanner was created by BSK Consulting GmbH and HvS Consulting AG. In April 2017 both companies decided to concentrate development of THOR along with the development of software for central scan control, remediation and analysis in a joint enterprise named Nextron Systems GmbH.
Click to expand...

About Nextron Systems: Our Story, Mission & Team - Nextron Systems

Our mission is to quickly and reliably detect every breach that escapes advanced cybersecurity measures like EDR and AV.
www.nextron-systems.com www.nextron-systems.com
Not to be confused with the Danish company Heimdal Securitys Thor products.
 
  • Like
  • Thanks
Reactions: tipo, Deletedmessiah, [correlate] and 8 others
upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
LOKI version 0.31.0
  • Integration of YARA rules provided by Reversing Labs
  • PE-Sieve upgrade to version 0.2.7.1
86170048-daa4d200-bb1a-11ea-86d4-3451526dc1e6.png

github.com

Release LOKI version 0.31.0 · Neo23x0/Loki

Integration of YARA rules provided by Reversing Labs PE-Sieve upgrade to version 0.2.7.1
github.com github.com
 
  • Like
Reactions: Nevi, Deletedmessiah, Venustus and 5 others
upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
LOKI version 0.44.0
  • new command line flags --allhds and --alldrives allow scanning all local hard drives or all drives in general including removable drives and network drives
  • You can use --force to force scan a directory that has been excluded by default (e.g. /dev, /media, /mnt etc.)
  • The usage description in the README has been updated
github.com

Release LOKI version 0.44.0 · Neo23x0/Loki

new command line flags --allhds and --alldrives allow scanning all local hard drives or all drives in general including removable drives and network drives You can use --force to force scan a direc...
github.com github.com
 
  • Like
  • +Reputation
Reactions: Nevi, Gandalf_The_Grey, harlan4096 and 1 other person

Similar threads

upnorth
    • Like
    • Thanks
    • +Reputation
Hot Take THOR Cloud Lite Release Session
Replies
6
Views
1,464
Other security for Windows, Mac, Linux
upnorth
upnorth
Sandbox Breaker
    • Like
    • Hundred Points
Serious Discussion Cyber Triage
Replies
6
Views
431
General Security Discussions
Sandbox Breaker
Sandbox Breaker
eroniko
    • +Reputation
    • Like
Serious Discussion Looking for Help with YARA Rules for My Open-Source Antimalware Scanner
Replies
4
Views
414
General Security Discussions
eroniko
eroniko

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top