| Type | Description |
|---|---|
| Change | Made YARA more robust - YARA rules will now compile even if there is a duplicate identifier |
| Change | Made Sigma more robust - Sigma rules will now compile even if a rule is corrupt |
| Change | Removed challenge-response for trial licenses that are host-based |
| Change | Updated file types that will trigger a warning if cloaked |
| Type | Description |
|---|---|
| Change | Reverting case-insensitive filename IOC checking |
| Docs | New manual (fixed broken references) |
| Type | Description |
|---|---|
| Change | Crash reports are not truncated anymore |
| Bugfix | Improved stability of ScheduledTasks module |
| Type | Description |
|---|---|
| Change | Improved Sigma initialization |
| Change | Improved THOR Lite initialization |
| Type | Description |
|---|---|
| Feature | THOR Lite (replaces SPARK Core) |
| Type | Description |
|---|---|
| Change | Add https:// protocol to '--bifrost2Server' if missing |
| Type | Description |
|---|---|
| Feature | New flag '--bifrost2Ignore <pattern>' to specify ignore patterns for Bifrost 2 |
| Type | Description |
|---|---|
| Change | Wordings in '--help' section |
| Bugfix | Fixed THOR crash when scanning corrupt EVTX file |
| Type | Description |
|---|---|
| Feature | New flags '--ca <path>' and '--insecure' for tls host verification |
| Feature | HTTP proxy support for Bifrost 2 and license generation with ASGARD |
| Type | Description |
|---|---|
| Feature | THOR Remote for Windows |
| Feature | Bifrost 2 |
| Feature | Sigma value modifiers (contains, base64, re, ...) |
| Bugfix | Fixed file descriptor leak in PE imphash calculation |
| Bugfix | Fixed "has admin rights" output when running with different EUID |
| Bugfix | Wrong eventtime in WER module output |