
LOKI
#Threat Defense#Threat Management
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
LOKI: A User-Friendly IOC and YARA Scanner for Compromise Detection
LOKI is a straightforward IOC and YARA Scanner designed for detecting Indicators of Compromise.
Detection Methods Overview
1. File Name IOC: This method performs a regex match on the complete file path or name.
2. Yara Rule Check: This involves matching Yara signatures against the file data and the process memory.
3. Hash Check: This process compares known malicious hashes (MD5, SHA1, SHA256) with the files being scanned.
4. C2 Back Connect Check: This checks the process connection endpoints against known C2 IOCs.