LOKI Logo

LOKI

0
Free
Visit Website

LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection. It is based on four detection methods: 1. File Name IOC: Regex match on full file path/name. 2. Yara Rule Check: Yara signature match on file data and process memory. 3. Hash Check: Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files. 4. C2 Back Connect Check: Compares process connection endpoints with C2 IOCs.

FEATURES

ALTERNATIVES

A platform providing an activity feed on exploited vulnerabilities.

Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.

Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.

Collect various intelligence sources for hosts in CSV format.

Check the reputation of an IP address to identify potential threats.

A modular tool for collecting intelligence sources for files and outputting in CSV format.

Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.