Refactored Handle Detection We have completely refactored THOR's malicious Handle detection. We now allow the use of regular expressions and combined all types in a single signature file named "malicious-handles.dat". Users can provide custom indicators by placing a...
We've made a short video demo to showcase the new THOR 10 feature called "THOR Remote", which allows you to perform compromise assessment scans on multiple remote systems - no agent or scripting required.
New Module "Events" This module checks registered Events in the system environment as they are used by advanced malware and rootkits. We have checked for malicious Events before, in the Rootkit module, but these checks were hardcoded. We've spun out that section and...
THOR v10.1 features a mode of operation that is especially helpful in incident response or compromise assessment scenarios - remote scanning. Imagine that you're in a firefighting scenario - a breach has been confirmed and management wants to have quick results on...
THOR 10 Fusion has arrived. It replaces our successful scanners THOR 8 and SPARK and combines the best of both worlds. It is a completely new code base that features all modules of our 4 year old compromise assessment flagship THOR 8 and the speed and extra features...
In anticipation of our new scanner THOR 10 Fusion, we would like to show you some of the exciting new features and upcoming changes. Modes and Feature Cleanup We've reviewed and reworked all scan modes in order to clarify the overview of active modules and features...
We are proud to announce the upcoming release of THOR 10 code named "Fusion". It will replace our scanners THOR 8 and SPARK before the end of this year. Both of the current scanners will still receive updates until the end of this year. THOR 10 "Fusion" combines the...
We constantly improve the quality of our products and services, add features and create new bundles. Follow ups with our customers showed that not all of these changes reach their attention. They are often surprised and excited to hear about these features, free tools...
We are glad to announce our new product MASTER ASGARD, a central control for a set of ASGARD systems. MASTER ASGARD is designed to control multiple instances of ASGARD, which itself supports up to 10,000 endpoint agents. Using MASTER ASGARD you are able to control...
Our brand new ASGARD 1.7 comes with a shiny new feature: Evidence Collection The evidence collection feature allows you to collect files or main memory from connected end systems. The memory and file collection tasks provide a throttling option to reduce the upload...
As previously announced our YARA rule packs and feeds will be available in March/April 2019. We've put a lot of effort into a internal system named "Mjolnir" that parses, normalizes, filters, tags and automatically modifies our rule base, which contains more than 9000...
With the upcoming version 8.53 of THOR, we're testing a new feature called "Difference" or "Diff" mode (--diff). The idea behind "Diff" mode is that a scan could be much faster, if it would only consider elements that have been created or changed since the last scan...