We are proud to announce the integration of our private Sigma rule set in Valhalla. This rule set is used in our scanner THOR and endpoint agent Aurora. The rule set currently contains more than 250 quality-tested and generic rules written by Nextron's detection...
More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...
We're glad to announce a new feature that allows users to enrich events generated by THOR with information from Virustotal. The feature is available in the full THOR v10.7 TechPreview and THOR Lite. It can be used in any scan mode: live endpoint scanning, lab...
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.11.0. It includes updates in several sections add special identifiers for other hack tools and ransomware (sync with Sigma rule changes provided by Arnim Rupp in PR #3919 and #3924) You can download...
In a report published on the 20th of December CrowdStrike published a report of a new technique exploiting the Microsoft Exchange vulnerability called ProxyNotShell. The called the new technique OWASSRF as it uses Outlook Web Access, CVE-2022-41080 and CVE-2022-41082...
Our partner Mjolnir Security offers a training named “Blue Team Incident Response Training” from 19th of September to 23rd of September. It’s 3,5 hours a day, starting 4:00 pm and finishing 7:30 pm Eastern time. Each session will be recorded, so you'll also be able to...
THOR TechPreview version 10.7.3 has been released Parsing of email formats .eml / .msg to scan the attachments (RFC-6532) Archive scan improved to include .cab, .7z and .gzip Archive scan improved to scan nested archives recursively Bulk scanning improvements to...
New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context "success" means, that the detection uncovered malicious activity in the wild and at the same time had a low...
We'd like to know your opinion on our products and therefore ask you to participate in our product surveys. Each of them takes between 2 and 5 minutes of your time, depending on how much you'd like to tell us.THOR Customer Satisfaction Survey You find the survey...
It came to our attention that under certain circumstances, after the upgrade to ASGARD 2.11, some ASGARD instances lost their scheduled task to automatically assign the newest signatures to scan jobs . We advice customers to review their update configuration if they...
We have reviewed our products in order to identify services that use the vulnerable log4j library. Only Elastic Search in ASGARD Analysis Cockpit uses log4j but is NOT vulnerable. "Elasticsearch is not susceptible to remote code execution with this vulnerability due...
We've converted all our PDF based user manuals into shiny new online versions. The new online versions are hosted on Github and converted into web pages with the help of ReadTheDocs. This way we can update them with new information much faster than before and allow...