Overall rating

6.7

Stars: 3378

Contributors: 34

Loki is a powerful and efficient malware and indicator of compromise (IOC) scanner designed to detect and analyze signs of malicious activity on Windows systems. Utilizing a variety of scanning techniques, Loki aims to identify potentially harmful files, processes, and registry entries that may indicate a compromised system. It is particularly useful for incident response and forensic analysis, providing detailed reports of its findings to assist security professionals in mitigating threats.

Key Features:

  • Signature-Based Scanning: Uses YARA rules and IOC files to identify malware.
  • Hash-Based Detection: Checks file hashes against known malicious hashes.
  • String Search: Scans files and processes for suspicious strings.
  • Process Memory Analysis: Analyzes process memory for anomalies.
  • Registry Scanning: Inspects registry entries for signs of compromise.
  • File Reputation Check: Verifies file reputation using external services.
  • Detailed Reporting: Generates comprehensive reports of scan results.
  • Cross-Platform: Primarily designed for Windows but can be used on other platforms with limitations.
Activity

Last update: Oct 29, 2024

  • Commits (last week)

    0

  • Resolved issues (last week)

    0

  • Merged PRs (last week)

    0

Maturity

Last update: Oct 29, 2024

  • Age

    9 years 9 months

  • Stability

    BETA

Information

Funding

In-house OSS project

Programming languages

Python
Java
Batchfile

Tags

python
yara
signature
scanner
ioc
otx
antivirus
hash
yara-rules
dfir