Skip to content

Commit

Permalink
v0.17.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Neo23x0 committed Oct 7, 2016
1 parent 5024b52 commit dfc159c
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 19 deletions.
Binary file modified loki.exe
Binary file not shown.
56 changes: 38 additions & 18 deletions loki.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
DISCLAIMER - USE AT YOUR OWN RISK.
"""
__version__ = '0.16.2'
__version__ = '0.17.0'

import os
import argparse
Expand Down Expand Up @@ -899,7 +899,7 @@ def initialize_filename_iocs(self, ioc_directory):

def initialize_yara_rules(self):

yaraRules = []
yaraRules = ""
dummy = ""

try:
Expand All @@ -921,29 +921,49 @@ def initialize_yara_rules(self):
# Extension
extension = os.path.splitext(file)[1].lower()

# Test Compile
try:
compiledRules = yara.compile(yaraRuleFile, externals={
'filename': dummy,
'filepath': dummy,
'extension': dummy,
'filetype': dummy,
'md5': dummy
})
logger.log("INFO", "Initializing Yara rule %s" % file)
except Exception, e:
traceback.print_exc()
continue

# Encrypted
if extension == ".yar":
try:
compiledRules = yara.compile(yaraRuleFile, externals= {
'filename': dummy,
'filepath': dummy,
'extension': dummy,
'filetype': dummy,
'md5': dummy
})
yaraRules.append(compiledRules)
logger.log("INFO", "Initialized Yara rules from %s" % file)
except Exception, e:
logger.log("ERROR", "Error in Yara file: %s" % file)
if args.debug:
traceback.print_exc()
with open(yaraRuleFile, 'r') as rulefile:
data = rulefile.read()
yaraRules += data

except Exception, e:
logger.log("ERROR", "Error reading signature file %s ERROR: %s" % yaraRuleFile)
if args.debug:
traceback.print_exc()

self.yara_rules = yaraRules
# Compile
try:
compiledRules = yara.compile(source=yaraRules, externals={
'filename': dummy,
'filepath': dummy,
'extension': dummy,
'filetype': dummy,
'md5': dummy
})
logger.log("INFO", "Initialized all Yara rules at once")
except Exception, e:
traceback.print_exc()
logger.log("ERROR", "Error in Yara file: %s" % file)
if args.debug:
traceback.print_exc()

# Add as Lokis YARA rules
self.yara_rules.append(compiledRules)

except Exception, e:
logger.log("ERROR", "Error reading signature folder /signatures/")
Expand Down Expand Up @@ -1230,7 +1250,7 @@ def print_welcome(self):

print Fore.WHITE
print " (C) Florian Roth"
print " September 2016"
print " October 2016"
print " Version %s" % __version__
print " "
print " DISCLAIMER - USE AT YOUR OWN RISK"
Expand Down
2 changes: 1 addition & 1 deletion signature-base

0 comments on commit dfc159c

Please sign in to comment.