We are glad to announce significant performance improvements in the latest versions of THOR. We've refactored several processing units to bulk scan elements that have previously been checked each at a time. These changes affect the modules "Eventlog", "Registry",...
THOR 10 Legacy for Windows XP and Windows 2003
We've been working on a legacy version of our scanner THOR 10 for a while and started our closed BETA, which is available to all current customers on special request. The THOR legacy version does not include the following modules/features: Module: Eventlog scanning...
THOR Forensic Lab License Features
THOR version 10.6, which is currently available as TechPreview, introduces several new features that facilitates the use of THOR in a digital forensics lab. Since not all of the features provided with the "Forensic Lab" license type are well-known, we would like to...
There’s a Thunderstorm Coming
We are proud to announce a groundbreaking new scan mode named "Thunderstorm" that we've integrated into preview builds of the upcoming THOR version 10.6. This mode of operation turns THOR into a RESTful web service that is able to process thousands of samples per...
THOR v10.6 TechPreview
We are proud do announce the version 10.6 of THOR, which is the first one that gets released as a TechPreview. We've discussed the split-up into THOR and THOR TechPreview in a previous post. The following post describes the most important new feature of the THOR...
Introduction THOR TechPreview
Since its early days, THOR has always been focused on stability and detection rate. With the early module and feature set, we never had to make a compromise. However, during the last 1-2 years, we had to make some decisions on the integration of new features and...
Use THOR in CrowdStrike Falcon Real Time Response
One of our customers has successfully deployed THOR using CrowdStrike's Falcon Real Time Response. Falcon's Real Time Response provides a remote shell that is very similar to Microsoft Defenders ATP's Live Response, which we've already combined with THOR Cloud...
Sigma Scanning with THOR
Our compromise assessment scanner THOR is able to apply Sigma rules during the local Eventlog analysis. This can help any customer that has no central SIEM system or performs a live forensic analysis on a system group that does not report to central monitoring. By...
Product Updates Slides – VALHALLA and THOR Cloud
The following slides contain information on changes and new feature in several of our products. VALHALLA Product Update and New Features DOWNLOAD Slide DeckTHOR Cloud Technical Implementation, RoadmapDOWNLOAD Slide Deck
Upcoming Changes in THOR v10.5
PE Sieve Integration With the integration of @hasharezade's PE Sieve project THOR is able to detect and report a variety of process implants like replaced or injected portable executables (process hollowing), injected shellcodes, hooks and in-memory patches....
THOR 8 and SPARK End-of-Support
With this blog post we would like to inform you that our End-of-Life (EOL) products THOR 8 and SPARK will reach their End-if-Service-Life (EoSL) on 31th of October 2020. From this day onwards, product and signature updates will not be available anymore. Please...
THOR Lite – Free YARA and IOC Scanner
We are proud to announce the release of THOR Lite. It is a trimmed-down version of THOR v10 with a reduced feature set and the open source signature base used in LOKI and the now obsolete scanner SPARK Core. It uses the completely rewritten code base of THOR v10...