New THOR / SPARK License Packs

by | Feb 14, 2018

We have just recently released new, flexible and practice-oriented license packs for our scanners THOR and SPARK. These license packs will help you to get started as quickly as possible in case of an incident response, digital forensics engagement or compromise assessment.

Most packs include a short-term but unrestricted enterprise license that allows you to run THOR or SPARK on any end system within an organisation. (the default licensing includes only host-based licenses; unrestricted enterprise licenses are more expensive)

Each license pack is offered at an attractively low price.

The Right Package for Every Mission

We offer license packs for the following scenarios:

  • Incident Response Cases
  • Compromise Assessments (enterprise wide / single system)
  • Digital Forensics Engagements

The license packs are the perfect solution for:

  • Incident Response Teams
  • Security Service Providers
  • CERTs / CSIRTs
  • Digital Forensics Specialists
  • SOC Teams

Customer Portal

After purchasing one or more license packs, we create an account in our customer portal in which you can issue a license right when you need it. It also has a “Downloads” section in which you find the scanner software, guides and signature information.

Customer Portal


For example, when you purchase 3 “Incident Response” license packs, you’ll get 3 full and unrestricted enterprise licenses of THOR and SPARK, each of them with a validity of 30 days from the issue date.

You also receive 15 host-based licenses with a validity of 5 days each which you can issue and use for all types of testing and lab scanning.

You can use THOR for Windows and SPARK for Linux and OSX system scans. Both scanners contain our huge signature database and allow you to integrate your own IOCs and YARA signatures in an unencrypted or encrypted form.


If you can’t find your use case covered by one of our license packs, please don’t hesitate to contact us. Boost your detection capabilities and ask for a quote or request a trial today.

About the author:

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.


New blog posts
(~1 email/month)

GDPR Cookie Consent with Real Cookie Banner