CISA Announces Release of Thorium for Malware Analysis

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that can integrate commercial, custom, and open-source analysis tools and enable cyber defenders to quickly assess malware threats and index forensic analysis results into a unified platform.
Advanced persistent threats using malware continue to increase in volume and complexity. The analysis of malware and forensics must be done accurately and quickly to enable organizations to defend their networks. However, malware analysts across government, public, and private sectors are challenged with vast amounts of malware and managing a long list of malware analysis tools with specific capabilities and not enough time and resources to effectively analyze the threat.
Thorium allows cyber defenders to integrate their preferred tools into a single platform that orchestrates customized and automated analysis workflows at scale, analyze large amounts of malware quickly, and to add and remove tools quickly as malware threats evolve. Thorium is configured to ingest over 10 million files per hour per permission group and schedule over 1,700 jobs per second, while maintaining a fast results query.