Staff member
Malware Hunter
LOKI is a free and simple IOC scanner, a complete rewrite of main analysis modules of our full featured APT Scanner THOR. IOC stands for " Indicators of Compromise “. These indicators can be derived from published incident reports, forensic analyses or malware sample collections in your Lab. LOKI offers a simple way to scan your systems for known IOCs.
We decided to integrate a lot of webshell rules as even the best Antivirus engines fail to detect most of them. We put almost half of our hacktool rule set into the rule base as well. The IOC signature database is not encrypted or stored in a proprietary format.You can edit the signature database yourself and add your own IOCs. Be advised that attackers may also get access to these rules on the target systems if you use the scanner and leave the package on a compromised system.
Professional support is not included.

Please use the issues section on the Github project page to submit bug reports. If you need a professional tool with professional support, choose our APT Scanner THOR.

You use LOKI on your own risk.

LOKI does not support throttling and no feature to adapt the performance to the actual system resources as our APT Scanner THOR. LOKI does not support AES256 encrypted signature files. Make sure that you completely remove the package from the target system in order to avoid that attackers gain knowledge of the indicators with which you are trying to detect them.

Nextron’s roots go back to the year 2012 when the THOR scanner was created by BSK Consulting GmbH and HvS Consulting AG. In April 2017 both companies decided to concentrate development of THOR along with the development of software for central scan control, remediation and analysis in a joint enterprise named Nextron Systems GmbH.
Not to be confused with the Danish company Heimdal Securitys Thor products.