End of Life Announcement for THOR Version 10.6

by Apr 23, 2025

Nextron Systems officially announces the End of Life (EOL) and End of Support (EOS) for THOR version 10.6, our former stable forensic scanner version. Effective December 31, 2025, THOR 10.6 will no longer receive updates, maintenance, or technical support.

Background

THOR 10.6 has served as the stable release until the publication of THOR 10.7 in November 2024, which introduced significant architectural and functional improvements. Customers are now encouraged to transition to version 10.7 or a newer supported release.

Key Enhancements in THOR 10.7

  • Memory-Mapped File Scanning: Enhances scan speed and reduces I/O load.
  • JSON v2 Output Format: Improves integration capabilities with downstream tools and SIEMs.
  • Init Selectors and Filters: Enables campaign-specific or threat-focused scans.
  • Improved Email and Archive Scanning: Expands coverage of common threat vectors and compressed artifacts.

Migration Guidance

To ensure operational continuity and benefit from the latest improvements, the following actions are recommended:

For Standalone THOR Users

Use THOR Util to upgrade to the latest stable release: thor-util upgrade

This command retrieves and installs the latest THOR 10.7 package and signature set.

For ASGARD Management Center Users

Review and update your scheduled scan configurations:

  • Navigate to ASGARD Management Center > Scheduled Group Scans.
  • Modify the configuration of old group scans to explicitly use THOR version 10.7

This ensures that all automated scans are performed with a supported and up-to-date version of THOR.

Support Lifecycle Policy

Support for THOR 10.6 will terminate on December 31, 2025. After this date:

  • No technical assistance will be provided for 10.6.
  • No further signature updates or binary maintenance will be issued.

This EOL policy reflects Nextron’s ongoing commitment to maintain a secure and effective forensic scanning toolchain by focusing development and support on actively maintained versions.

Need Help with the Migration?

Please contact your Nextron support contact or email us at support@nextron-systems.com for upgrade assistance or best practice guidance.

About the author:

Avatar photo

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.

Subscribe to our Newsletter

Monthly news, tips and insights.

Follow Us

Upgrade Your Cyber Defense with THOR

Detect hacker activity with the advanced APT scanner THOR. Utilize signature-based detection, YARA rules, anomaly detection, and fileless attack analysis to identify and respond to sophisticated intrusions.

Recommended Blog Posts

By Maurice Fielenbach
Jan 14 2026

Free Converter Software – Convert Any System from Clean to Infected in Seconds

Read More
By Nextron Threat Research Team
Dec 16 2025

Say hello to Nextron’s RuneAI

Read More
By Florian Roth
Dec 08 2025

React Server Components & Next.js Vulnerabilities – Status of Nextron Products

Read More
By Maurice Fielenbach
Nov 28 2025

Thor vs. Silver Fox – Uncovering and Defeating a Sophisticated ValleyRat Campaign

Read More
By Marius Benthin
Nov 28 2025

Malicious VS Code Extension Impersonating “Material Icon Theme” Found in Marketplace

Read More
By Florian Roth
Oct 22 2025

Beyond Availability – Forensic Backup Scanning with Veeam and THOR

Read More