20.7. THOR 10.1
20.7.1. THOR 10.1.9
Type |
Description |
|---|---|
Change |
Made YARA more robust - YARA rules will now compile even if there is a duplicate identifier |
Change |
Made Sigma more robust - Sigma rules will now compile even if a rule is corrupt |
Change |
Removed challenge-response for trial licenses that are host-based |
Change |
Updated file types that will trigger a warning if cloaked |
20.7.2. THOR 10.1.8
Type |
Description |
|---|---|
Change |
Reverting case-insensitive filename IOC checking |
Docs |
New manual (fixed broken references) |
20.7.3. THOR 10.1.7
Type |
Description |
|---|---|
Change |
Crash reports are not truncated anymore |
Bugfix |
Improved stability of ScheduledTasks module |
20.7.4. THOR 10.1.6
Type |
Description |
|---|---|
Change |
Improved Sigma initialization |
Change |
Improved THOR Lite initialization |
20.7.5. THOR 10.1.5
Type |
Description |
|---|---|
Feature |
THOR Lite (replaces SPARK Core) |
20.7.6. THOR 10.1.4
Type |
Description |
|---|---|
Change |
Add |
20.7.7. THOR 10.1.3
Type |
Description |
|---|---|
Feature |
New flag '--bifrost2Ignore <pattern>' to specify ignore patterns for Bifrost 2 |
20.7.8. THOR 10.1.2
Type |
Description |
|---|---|
Change |
Wordings in '--help' section |
Bugfix |
Fixed THOR crash when scanning corrupt EVTX file |
20.7.9. THOR 10.1.1
Type |
Description |
|---|---|
Feature |
New flags '--ca <path>' and '--insecure' for tls host verification |
Feature |
HTTP proxy support for Bifrost 2 and license generation with ASGARD |
20.7.10. THOR 10.1.0
Type |
Description |
|---|---|
Feature |
THOR Remote for Windows |
Feature |
Bifrost 2 |
Feature |
Sigma value modifiers (contains, base64, re, ...) |
Bugfix |
Fixed file descriptor leak in PE imphash calculation |
Bugfix |
Fixed "has admin rights" output when running with different EUID |
Bugfix |
Wrong eventtime in WER module output |