THOR TechPreview 10.7.3 Features

by Aug 3, 2022

THOR TechPreview version 10.7.3 has been released

  • Parsing of email formats .eml / .msg to scan the attachments (RFC-6532)
  • Archive scan improved to include .cab, .7z and .gzip
  • Archive scan improved to scan nested archives recursively
  • Bulk scanning improvements to further improve the scan speed
  • HTML report generation refactoring – much lower memory usage, lower CPU load during generation
  • Internal YARA rule set refactoring (using one big set and different name spaces to improve performance)
  • Internal refactoring to make use of a unified memory mapping of files to improve performance

The TechPreview version 10.7 can be downloaded from our customer portal or by using thor-util.

About the author:

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.


New blog posts (~1 email/month)

GDPR Cookie Consent with Real Cookie Banner