Random

How to search for IOCs on a Linux machine using Loki IOC and Yara scanner

Leave a comment

This is a quick guide to running Loki APT Scanner to check for IOCs on a Linux machine.

Debian/Ubuntu:

– Run the below commands to setup Loki:

sudo su -
apt-get install libssl-dev -y
apt-get install python3.8-venv -y
git clone https://github.com/Neo23x0/Loki.git
cd Loki
python3 -m venv .
source bin/activate
pip install colorama yara-python psutil rfc5424-logging-handler netaddr
python3 loki-upgrader.py

– Run Loki Scanner as root to check for IOCs, you the below command:

 python3 loki.py

 

– You can also search for IOCs in a particular directory using -p flag . For example:

python3 loki.py -p /var/log/apache2/

 

RHEL/CentOS systems:

On CentOS based system, you can run the below to use find IOCs using APT:

sudo su -
yum install python3 python3-pip python3-devel openssl openssl-devel -y
pip install colorama yara-python psutil rfc5424-logging-handler netaddr
git clone https://github.com/Neo23x0/Loki.git
cd Loki
python3 loki-upgrader.py
python3 loki.py

Credits/Sources/References:
Neo23x0

Hope this helps! Happy Hunting Protectors! 🙂

ΞXΤЯ3МΞ

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.