Blog

Filter: THOR - Clear Filter

THOR Integration into Microsoft Defender ATP

Why Integrate THOR into Microsoft Defender ATP While Microsoft Defender ATP fully plays off its strength in detecting live attacks, suspicious process starts and network connections, THOR shines as a live forensic scanner that scans the local filesystem, registry,...

read more

Not All IOC Scanning Is The Same

People often tell us that EDR product X already does IOC scanning and that they don’t have to check for these indicators a second time using our scanners. Especially when it comes to network wide sweeps for traces of activity due to an ongoing incident I recommend...

read more

Changes in Upcoming THOR Version 10.3

Refactored Handle Detection We have completely refactored THOR's malicious Handle detection. We now allow the use of regular expressions and combined all types in a single signature file named "malicious-handles.dat".  Users can provide custom indicators by placing a...

read more

THOR v10.2 Changes

New Module "Events" This module checks registered Events in the system environment as they are used by advanced malware and rootkits.  We have checked for malicious Events before, in the Rootkit module, but these checks were hardcoded. We've spun out that section and...

read more

New Feature in THOR v10.1 – Remote Scanning

THOR v10.1 features a mode of operation that is especially helpful in incident response or compromise assessment scenarios - remote scanning.  Imagine that you're in a firefighting scenario - a breach has been confirmed and management wants to have quick results on...

read more
THOR 10 Fusion Released

THOR 10 Fusion Released

THOR 10 Fusion has arrived.  It replaces our successful scanners THOR 8 and SPARK and combines the best of both worlds. It is a completely new code base that features all modules of our 4 year old compromise assessment flagship THOR 8 and the speed and extra features...

read more
THOR 10 Fusion – Major Changes

THOR 10 Fusion – Major Changes

In anticipation of our new scanner THOR 10 Fusion, we would like to show you some of the exciting new features and upcoming changes.  Modes and Feature Cleanup We've reviewed and reworked all scan modes in order to clarify the overview of active modules and features...

read more
Upcoming : THOR 10 “Fusion”

Upcoming : THOR 10 “Fusion”

We are proud to announce the upcoming release of THOR 10 code named "Fusion". It will replace our scanners THOR 8 and SPARK before the end of this year. Both of the current scanners will still receive updates until the end of this year. THOR 10 "Fusion" combines the...

read more

THOR 8.53 Feature: Diff Mode

With the upcoming version 8.53 of THOR, we're testing a new feature called "Difference" or "Diff" mode (--diff). The idea behind "Diff" mode is that a scan could be much faster, if it would only consider elements that have been created or changed since the last scan...

read more

Important Update Process Changes

As we have announced in May, the old "thor-upgrade.exe" is already out-of-support and the old update servers accessed by "thor-upgrade.exe" will be decommissioned at the end of October. The new all-round utility "thor-util.exe" now supports all of the features...

read more

ASGARD IOC Management

The upcoming ASGARD version 1.5 comes with a IOC management section in which you can manage your own set of IOCs in text files, YARA and Sigma rules.You can then select each of the folders when creating a new scan run with THOR or SPARK. Selecting one of these folders...

read more

THOR Version 8.49.0 Changes

There are a few relevant changes in the upcoming THOR version 8.49.0 that we would like to announce. Interpreter and Module Upgrades The integrated Python interpreter will be upgraded to Version 2.7.15. We have also upgraded several modules. All our tests showed no...

read more

THOR-Util with HTML Report Generation

The new version of "thor-util" (used with THOR/SPARK) / "spark-core-util" (used with SPARK Core) support a feature that allows a user to convert any scanner log file into a convenient report.  Convert THOR / SPARK / SPARK Core scan logs into HTML reports Convert a...

read more