SOLUTIONS

THOR is a portable APT scanner that detects hack tools, backdoors and traces of hacker activity on end points.

While everyday Anti-virus scanners recognize malware such as viruses, trojans and exploit codes, TH0R uses more than 9000 special YARA signatures and a series of more than 24 different checks to examine systems for typical attacker tools, activities in logs, system manipulations, and other elements that can expose attacker activities. THOR is the most sophisticated and flexible compromise assessment tool on the market. THOR speeds up your forensic analysis with more than 17,000 handcrafted YARA signatures, 400 Sigma rules, numerous anomaly detection rules and thousands of IOCs.

Security analysts, forensic experts and security monitoring specialists at Nextron Systems regularly update TH0R with information from various sources on attack patterns and hack tools. These sources include:

 

Threat Intel Reports and Threat Feeds
Ongoing monitoring of attackers tool sets (e.g. disclosed tools, hack tools from underground forums)
Forensic analyses of compromised systems in customer APTs

THOR can be easily extended to handle individual, client-specific attack patterns (e.g. the detection of specific malware files or certain log entries on the basis of a forensic analysis).
THOR generates different output types: text log, HTML report and SYSLOG. The wellknown CEF format used by ArcSight and JSON are also supported. Therefore it is an easy task to integrate THOR‘s logs into any major SIEM system.

THOR can operate completely offline. The scope of application is therefore very flexible. You can easily scan separated network segments like DMZs, collect and merge the log data afterwards. THOR doesn’t have to be installed. You can just copy it to a remote system, run it from a network share or use it on USB drives that you carry to the affected systems.

​

Esperto Consultants is the authorized Partner for Nextron System's THOR solution in India.