Jump to content

Loki - Simple IOC Scanner

Recommended Posts

  • Active Members

Scanner for Simple Indicators of Compromise

Detection is based on four detection methods:

    File Name IOC
    Regex match on full file path/name
    Yara Rule Check
    Yara signature match on file data and process memory
    Hash check
    Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
    C2 Back Connect Check
    Compares process connection endpoints with C2 IOCs (new since version v.10)

Additional Checks:

    Regin filesystem check (via --reginfs)
    Process anomaly check (based on Sysforensics)
    SWF decompressed scan (new since version v0.8)
    SAM dump check
    DoublePulsar check - tries to detect DoublePulsar backdoor on port 445/tcp and 3389/tcp
    PE-Sieve process check

The Windows binary is compiled with PyInstaller 2.1 and should run as x86 application on both x86 and x64 based systems.

Download the latest version of LOKI from the releases section.


Source: https://github.com/Neo23x0/Loki/blob/master/README.md

  • Like 1
  • Downvote 2
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...