The Best Compromise
Assessment Solution

Checking a system for traces of attacker activity is a time-consuming and laborious task. Our scanner THOR automates compromise assessments and removes the need for tedious work.


Quality tested rules

Quality tested YARA and Sigma rules in 8 different categories.


Database growth

Database grows by around 1500 YARA and 250 Sigma rules every year.


Rules Improvement

Database change and improve between 300 and 500 old rules every year.

Nextron THOR can detect
what your Antivirus and EDR misses

Focus is
Hacking Activity

THOR focuses on everything the Antivirus misses. With its huge signature set of thousands of YARA and Sigma rules, IOCs, rootkit and anomaly checks, THOR covers all kinds of threats. THOR does not only detect the backdoors and tools attackers use but also outputs, temporary files, system configuration changes and other traces of malicious activity.

Detection Rate

THOR’s impressive detection rate is well-known in the industry and fits the needs of threat hunters around the globe.

Thousands of generic signatures detect anomalies, obfuscation techniques and suspicious properties to rapidly accelerate compromise assessments.

Custom IOCs
and YARA Rules

THOR monitors the systems’ resources during the scan. If the available free main memory drops below a certain threshold, THOR stops the scan and exits with a warning. It automatically applies throttling if it detects low hardware resources and disables features that could affect the systems’ stability.


THOR doesn’t have to be installed. You can just copy it to a remote system, run it from a network share or use it on USB drives that you carry to the affected systems.

However, you can deploy it for continuous compromise assessments using the ASGARD agents.

THOR is the most sophisticated and flexible compromise assessment tool on the market.

Everything is On-Prem

Our scanners don’t communicate with a remote system. They can even be used in air-gapped networks. Your confidential data never leaves your network.

Stability has Top Priority

THOR does not require a tangible scanner or agent hooks functions. THOR also does not require the need to install a driver. They can adjust their workload to the system’s resources and don’t interfere with other installed security software like an Antivirus or an EDR.

Highly Customizable

It’s important to be able to scan any malicious threats your organization may face. We make it seamless to add and maintain your own IOCs and rules. THOR accepts many different types of IOCs and ASGARD offers native MISP integration.

The Analysis Cockpit is the best place to analyse your THOR Logs. It gives you full visibility on all your IOC matches, logs and sandbox reports. Furthermore it allows you to set baselines and points you to security relevant changes in your environment.

The Analysis Cockpit also features an integrated and highly configurable case management system that lets multiple analysts collaborate on the same investigation while ensuring the intended workflow progresses. Just like the ASGARD Management Center the Analysis Cockpit features a rich set of APIs that lets you connect to enterprise ticketing-systems, Sandboxes, CMDBs, SOAR Systems, threat intel platforms and literally any security device you may have in place.

What Nextron Customers Say:

Over 500 customers around the globe trust Nextron products including Fortune Global 500 companies, government agencies and NGOs.

“In our environment, we use ASGARD for a multitude of use-cases. In addition to other security components, we use ASGARD to regularly scan selected systems for sign of compromise. Furthermore, we use ASGARD during incident response for both initial triage and comprehensive scanning of a system. […]”

Raphael Otto

Head of Cyber Defense Center, Infineon Technologies AG

“I have been given the opportunity to evaluate Nextron’s VALHALLA feed. The handcrafted high quality detections with literally zero false-positive rate are an unmatched capability that does not only enable your detection technologies to stay ahead of the latest advanced threats but also is an extension of your own security team. Given the high quality and value the feed provides I can highly recommend VALHALLA.”

Markus Neis

Threat Intelligence Manager, Swisscom Schweiz AG

What others say about Nextron:

Terminator antivirus killer is a vulnerable Windows driver in disguise

[...]Luckily, Nextron Systems head of research Florian Roth and threat researcher Nasreddine Bencherchali have already shared YARA and Sigma (by hash and by name) rules that can help defenders detect the vulnerable driver used by the Terminator tool.[...]

CVE-2023-36884 MS Office Zero-Day Vulnerability Exploited For Espionage - Detection and Mitigation

[...]The NextronSystems team has released sigma rules to block various techniques utilized by RomCom and possibel exploitation of CVE-2023-36884.[...]

Cybersecurity Warning: Zero-Day Vulnerability in Apache Log4j Discovered in Minecraft, Other Apps

[...]Florian Roth, the Head of Research at Nextron Systems, has released a set of YARA rules for identifying CVE-2021-44228 attempts.[...]

Learn More About Nextron Systems Products:

Get a Trial License:

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.