These days our computers are always connected to the internet and sometimes the system can become compromised by a malicious program or script. Now there is an open-source program called LOKI using which we can look for indicators of compromise (IOC) on a Windows PC.
LOKI a command line scanner and it looks for all the signs and traces that usually indicate of a compromised system. These indications could be the files related to spyware components and dangerous viruses, RAT trojans, malware and other tools that allow you to take control over your computer. Furthermore, it can look for connections endpoints of various processes. It is also worth mentioning that LOKI will find advanced spy programs and loopholes that are used by some state spy agencies.
Using LOKI is very easy. All you have to do is download it on your computer, extract it to a folder and then run loki.exe from there. When you launch it for the very first time, it is going to download the required files from the internet including the latest malware signature files and yara rules. When you launch it any time later, you should first run loki-upgrader.exe so that it can download all the latest signature files.
It is going to scan all the running processes and the contents of all the storage drives. During the scan, it performs a regex match on filenames, a yara rule check to find the signature match inside the files and in the memory, compares files with known malicious file hashes, and checks the network connections from all the running processes.
During the scan, it can display three kinds of messages – alerts, notices and warnings. Alerts are displayed in red color when a serious malware is detected. Notices are displayed in blue color and are just informational messages. Warnings are displayed in yellow when files are suspicious and should further be examined. All details can in turn be traced in the saved log.