Loki

Loki is an extra-lightweight application for deeply scanning your system, adding user-defined signature rules, targeting MD5/SHA1/SHA256 hash indicators, and ultimately uncovering possible data breaches, malware infections, and other cyber threats.

An IOC scanner stands for Indicators Of Compromise and detects various flaws found in your machine's system, including forensic analysis (in-depth malware research investigations), malware samples (recreated or extracted from specialized sources), and even published incident reports.

The Loki scanner borrows rules and Yara and Thor systems. The Thor system is a tool developed by the same developer as Loki's. Although the Thor APT scanning engines are suitable for corporate-grade usage, part of that tool's technology is integrated in Loki, for a better performance.

What is interesting about Loki is that it offers a great deal of flexibility. The IOC database will not be encrypted, as such, this will further allow any user to edit the signature database and extend it with custom rules. For malware researchers, you can use Yara and Loki together to test and validate your hypotheses.

The app's embedded APT detection engines allow you to identify cybernetic attacks that aim at staying deeply hidden in root directories, profiling, and having destructive, long-time consequences.

Loki has different scan modes (local/all drives, intense scans), allows performing vulnerability and rootkit checks, and lets you manipulate results, logs, and the extent of the alerts you are receiving (e.g., print warning or alerts, display warning scores and reasons that caused the score, and more).

To learn how to perform a scan in the most optimal way possible and see the scanning options available for Loki, check the GitHub sections 'How-To Run LOKI and Analyse the Reports' and 'Usage.'

Although you have an antivirus and a generally well-protected device, Loki is a great solution for performing deep scanning sessions. The tool gives color indications, and identifying bad results could not be any easier. Anything signaled in red is bad. With the help of the system logs and warnings, you can target the file/directory and go, even manually, and inspect the issue.

For more advanced users, the application offers plenty of options, including reporting false positives, contributing to the project, managing data transmission protocol when sending data over the Internet, managing scan processes and narrowing down search areas, defining remote syslog systems, and more.