upnorth

Moderator
Verified
Staff member
Malware Hunter

Meet our new fast and flexible multi-platform IOC and YARA scanner THOR in a reduced free version named THOR Lite. THOR Lite includes the file system and process scan module as well as module that extracts “autoruns” information on the different platforms.

While our enterprise scanner THOR uses VALHALLA‘s big YARA rule base, the free THOR Lite version ships with the Open Source signature base, which is also part of our free Python scanner LOKI.
  • Free scanner for Windows, Linux and macOS
  • Precompiled and encrypted open source signature set
  • Update utility to download tested versions with signature updates
  • Documentation
  • Option add your custom IOCs and signatures
  • Different output formats: text log, SYSLOG (udp/tcp/tcp+tls), JSON to file, JSON via Syslog
  • Scan throttling to limit the CPU usage
To receive the download and license, subscribe to the news letter here :
Extract the files and license in a new created folder. Read the " THOR_Manual " pdf file for more information located in the docs folder.

Not to be confused with the Danish company Heimdal Securitys Thor products.

Disclaimer
You use THOR lite on your own risk.
 
Last edited:

upnorth

Moderator
Verified
Staff member
Malware Hunter
I have found the thor virustotal results for the apt scanner to be very accurate on unknown malware. Interested to see this tool in action.
Correct, and also a reason why I got curious enough at start with LOKI, but please be aware that the VT results is detected with their Valhalla rule sets and that's used in the enterprise version of Thor.

More information on their scanners here :
 
Correct, and also a reason why I got curious enough at start with LOKI, but please be aware that the VT results is detected with their Valhalla rule sets and that's used in the enterprise version of Thor.

More information on their scanners here :
Yes that's why I'm curious also but sad we won't get the best rule set available. I would like to test their enterprise version because it has confirmed my suspicions about probable malware before. I knew the files were dirty but no one else on virustotal detected them. I think yara rules are the wave of the future in av detection engines, they seem to be able to identify unkown malware quicker.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
THOR Scanner extends Microsoft Defender ATP’s real-time monitoring by intense local scans to allow a full on-demand compromise assessment. THOR is a forensic scanner that integrates into Microsoft Defender ATP to scan the local filesystem, registry, logs and other elements for traces of hacking activity using 10,000 hand-written YARA rules and thousands of filename, C2, hash, mutex and named pipe IOCs to them. This live forensic scan reduces the work of your forensic analysts to a minimum and generates results as fast as possible for you to react in a timely manner. Learn more about the integration.
 
Top