invalid field name "imphash" and invalid field name "number_of_signatures"

[resteex0]

[ERROR] Error while initializing Yara rule apt_oilrig_oct17.yar ERROR: line 107: invalid field name "imphash" Traceback (most recent call last): File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules compiledRules = yara.compile(source=yara_rule_data, externals={ yara.SyntaxError: line 107: invalid field name "imphash" [ERROR] Error while initializing Yara rule blocklist.yara ERROR: line 6931: invalid field name "number_of_signatures" Traceback (most recent call last): File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules compiledRules = yara.compile(source=yara_rule_data, externals={ yara.SyntaxError: line 6931: invalid field name "number_of_signatures" [ERROR] Error while initializing Yara rule apt_bigbang.yar ERROR: line 26: invalid field name "imphash" Traceback (most recent call last): File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules compiledRules = yara.compile(source=yara_rule_data, externals={ yara.SyntaxError: line 26: invalid field name "imphash" [ERROR] Error while initializing Yara rule apt_babyshark.yar ERROR: line 19: invalid field name "imphash" Traceback (most recent call last): File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules compiledRules = yara.compile(source=yara_rule_data, externals={ yara.SyntaxError: line 19: invalid field name "imphash" [ERROR] Error while initializing Yara rule apt_op_honeybee.yar ERROR: line 64: invalid field name "imphash" Traceback (most recent call last): File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules compiledRules = yara.compile(source=yara_rule_data, externals={ yara.SyntaxError: line 64: invalid field name "imphash"

---

am already pip3 install pefile and pip3 install pe

[Neo23x0]

Better use THOR Lite https://www.nextron-systems.com/thor-lite/

[Neo23x0]

If you still want to use LOKI, you have to install openssl-dev before compiling YARA

[resteex0]

install openssl-dev , not solved laso