With this blog post we would like to inform you that our End-of-Life (EOL) products THOR 8 and SPARK will reach their End-if-Service-Life (EoSL) on 31th of October 2020. From this day onwards, product and signature updates will not be available anymore. Please...
THOR Lite – Free YARA and IOC Scanner
We are proud to announce the release of THOR Lite. It is a trimmed-down version of THOR v10 with a reduced feature set and the open source signature base used in LOKI and the now obsolete scanner SPARK Core. It uses the completely rewritten code base of THOR v10...
Not All IOC Scanning Is The Same
People often tell us that EDR product X already does IOC scanning and that they don’t have to check for these indicators a second time using our scanners. Especially when it comes to network wide sweeps for traces of activity due to an ongoing incident I recommend...
Upcoming : THOR 10 “Fusion”
We are proud to announce the upcoming release of THOR 10 code named "Fusion". It will replace our scanners THOR 8 and SPARK before the end of this year. Both of the current scanners will still receive updates until the end of this year. THOR 10 "Fusion" combines the...
STIXv2 Support in SPARK
SPARK Version 1.17.0 adds extensive STIXv2 support.This allows you to easily extend SPARK's signature bases with IOCs from any sandbox, analysis or threat intel platforms that support STIXv2 export by placing the exported [cci]*.json[/cci] files in the...
Important Update Process Changes
As we have announced in May, the old "thor-upgrade.exe" is already out-of-support and the old update servers accessed by "thor-upgrade.exe" will be decommissioned at the end of October. The new all-round utility "thor-util.exe" now supports all of the features...
Feature: SPARK Sample Quarantine via Bifrost
The new SPARK v1.14.16 supports the sample quarantine protocol named Bifrost.With Bifrost you're able to send suspicious samples that THOR or SPARK detect on endpoints directly to a central server for analysis.A Bifrost server is shipped in form of a Python script...
New Feature: THOR-util and SPARK-Core-util Signature Encryption
The new THOR-util version 1.2.4 supports the encryption of your custom signatures so that you can deploy your own IOC files and YARA rules in an encrypted form. We use a public key in the utilities to encrypt the files for our scanners so that admins, Antivirus...
ASGARD IOC Management
The upcoming ASGARD version 1.5 comes with a IOC management section in which you can manage your own set of IOCs in text files, YARA and Sigma rules.You can then select each of the folders when creating a new scan run with THOR or SPARK. Selecting one of these folders...
SPARK uses Sigma Rules in Eventlog Scan
Sigma is a rule format for threat detection in log files. It is for log data what "Snort rules" are for network traffic or "YARA signatures" are for file data. It is easy to write and read. Writing a Sigma rule is a matter of minutes. On the right you can see a simple...
THOR-Util with HTML Report Generation
The new version of "thor-util" (used with THOR/SPARK) / "spark-core-util" (used with SPARK Core) support a feature that allows a user to convert any scanner log file into a convenient report. Convert THOR / SPARK / SPARK Core scan logs into HTML reports Convert a...
SPARK Core – Free IOC and YARA Scanning
It is done! Our new free scanner SPARK Core has been released. After weeks of planning, development and testing, we're proud to provide the community with a new and powerful multi-platform scanner. SPARK Core is a reduced version of our successful scanner SPARK. The...