SPARK Core – Free IOC and YARA Scanning

by Jun 13, 2018

It is done! Our new free scanner SPARK Core has been released.

After weeks of planning, development and testing, we’re proud to provide the community with a new and powerful multi-platform scanner.

SPARK Core is a reduced version of our successful scanner SPARK.

The main differences are the Open Source signature base and the reduced set of modules. It uses LOKI’s open source “signature-base” instead of the big signature set that is used in THOR and SPARK. It also lacks some of the modules, like the SHIM cache, Registry, Eventlog and DeepDive modules.

This overview explains how SPARK Core fits in our current scanner portfolio:

Some key points:

  • Free scanner for Windows, Linux and macOS
  • Precompiled and encrypted open source signature set
  • Update utility (spark-core-util) to download tested versions with signature updates
  • Documentation
  • Custom IOCs and signatures (just add them to the ./custom-signatures/ folder)
  • Different output formats: text log, SYSLOG (udp/tcp/tcp+tls), JSON to file, JSON via Syslog
  • Scan throttling to limit the CPU usage

All we ask for is a SPARK Core Newsletter subscription, which is a requirement for the automatic license renewal. Each subscriber receives a personal licenses file that is valid for 1 year and allows to run SPARK Core on as many systems as he wishes.

Support is not guaranteed but we provide the possibility to submit issues via our github page.

More information and download can be found on the product page.

We hope that you can use SPARK Core to catch some bad guys.

About the author:

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.

Subscribe to our Newsletter

Monthly news, tips and insights.

Follow Us

Upgrade Your Cyber Defense with THOR

Detect hacker activity with the advanced APT scanner THOR. Utilize signature-based detection, YARA rules, anomaly detection, and fileless attack analysis to identify and respond to sophisticated intrusions.

GDPR Cookie Consent with Real Cookie Banner