Scanner for Simple Indicators of Compromise - https://github.com/Neo23x0/Loki
Detection is based on four detection methods:
1. File Name IOC
Regex match on full file path/name
2. Yara Rule Check
Yara signature match on file data and process memory
3. Hash Check
Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
4. C2 Back Connect Check
Compares process connection endpoints with C2 IOCs (new since version v.10)
Additional Checks:
1. Regin filesystem check (via --reginfs)
2. Process anomaly check (based on [Sysforensics](https://goo.gl/P99QZQ)
3. SWF decompressed scan (new since version v0.8)
4. SAM dump check
The Windows binary is compiled with PyInstaller and should run as x86 application on both x86 and x64 based systems.
How-To Run LOKI and Analyse the Reports
Run
- Download the newest version of LOKI from the releases section
- Extract the program package
- Run loki-upgrader.exe on the system with Internet access to retrieve the newest signatures
- Bring the program folder to a target system that should be scanned: removable media, network share, folder on target system
- Open a command line "cmd.exe" as Administrator and run it from there (you....
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
Subscribe
1 Comment
Newest