2. YARA Tools

YARA Tools

LOKI

LOKI is a free open-source IOC (Indicator of Compromise) scanner. Based on the GitHub page, detection is based on 4 methods: tool

1. File Name IOC Check
2. Yara Rule Check (we are here)
3. Hash Check
4. C2 Back Connect Check

Link: https://github.com/Neo23x0/Loki/releases

THOR

Multi-platform IOC AND YARA scanner. tool

Link: https://www.nextron-systems.com/thor-lite/

FENRIR

This is the 3rd tool tool created by Neo23x0 (Florian Roth). The previous 2 are named above. The updated version was created to address the issue from its predecessors, where requirements must be met for them to function. Fenrir is a bash script; it will run on any system capable of running bash (nowadays even Windows).

YAYA (Yet Another Yara Automaton)

YAYA tool was created by the EFF (Electronic Frontier Foundation). “YAYA is a new open-source tool to help researchers manage multiple YARA rule repositories. YAYA starts by importing a set of high-quality YARA rules and then lets researchers add their own rules, disable specific rulesets, and run scans of files.”