ThreatCluster
  • Feed
  • Dashboard
  • Saved
THREAT HUNTING
  • Domains
  • IP Addresses
  • File Hashes
  • CVEs
THREAT INTELLIGENCE
  • APT Groups
  • Ransomware Groups
  • Malware Families
  • Attack Types
  • MITRE ATT&CK
  • Security Standards
  • Vulnerability Types
BUSINESS INTELLIGENCE
  • Companies
  • Industry Sectors
  • Security Vendors
  • Government Agencies
  • Countries
  • Platforms
Home / Feed / Cluster #1522

CISA Releases Open-Source Thorium Platform For Malware Analysis - LinkedIn

Threat Score:
69
9 articles
100.0% similarity
5 days ago
JSON CSV Text STIX IoCs
Splunk Elastic Sentinel Sigma YARA All Queries

Activity Timeline

9 articles
Click to navigate
Jul 31
Jul 31
Jul 31
Jul 31
Jul 31
Jul 31
Aug 01
Aug 01
Aug 01
Oldest
Latest

Key Insights

1
CISA has launched the Thorium platform for malware and forensic analysis, enabling automated file analysis and result aggregation for government and private sectors.
2
Developed in collaboration with Sandia National Laboratories, Thorium can schedule over 1,700 jobs per second and ingest over 10 million files per hour per permission group.
3
The platform integrates commercial, open-source, and custom tools, enhancing cybersecurity teams' capabilities by automating analysis workflows.
4
CISA emphasizes that Thorium is designed to support software analysis, digital forensics, and incident response, providing a unified environment for cybersecurity analysts.
5
The public release of Thorium marks a significant step towards democratizing advanced cybersecurity tools, aiming to strengthen defenses against complex malware threats.
6
Security teams can utilize Thorium's features to filter results using tags and control access to submissions, tools, and results with strict group-based permissions.

Threat Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the public release of Thorium, an open-source platform designed for malware and forensic analysis, on July 31, 2025. Developed in partnership with Sandia National Laboratories, Thorium aims to enhance the capabilities of cybersecurity teams across government, public, and private sectors by automating complex analysis workflows and integrating various tools. CISA stated, "Thorium enhances cybersecurity teams' capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools." The platform can schedule over 1,700 jobs per second and process more than 10 million files per hour per permission group. Thorium supports multiple mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats in an increasingly sophisticated landscape.

Thorium's release is part of a broader effort to democratize advanced cybersecurity tools, making them accessible for organizations worldwide. The platform is designed to automate many tasks involved in cyberattack investigations, enabling teams to achieve scalable automation and results indexing within a unified environment. Analysts can easily import and export tools to facilitate collaboration across cyber defense teams. CISA emphasized the platform's capacity for integrating command-line tools as Docker images, thereby enhancing the versatility of malware analysis.

As cyber threats continue to evolve, the need for effective analysis tools has never been greater. Security experts note that the complexity of modern malware requires robust solutions capable of adapting to new challenges. A cybersecurity analyst remarked, "The integration of commercial, open-source, and custom tools within Thorium will significantly streamline our analysis processes and improve our response times to incidents."

The launch of Thorium reflects a commitment to strengthening national cybersecurity resilience. CISA's initiative aims to equip organizations with the necessary tools to combat advanced persistent threats and complex cyberattacks. The platform's open-source nature encourages collaboration and innovation within the cybersecurity community, paving the way for enhanced defensive measures.

In conclusion, the public release of Thorium represents a pivotal development in cybersecurity, enabling organizations to leverage advanced tools for malware and forensic analysis. CISA's collaboration with Sandia National Laboratories signifies a dedicated approach to improving the capabilities of cybersecurity teams, ultimately contributing to a more secure digital environment. Organizations are encouraged to explore the functionalities of Thorium and integrate it into their existing cybersecurity frameworks for improved threat detection and response.

Tactics, Techniques & Procedures (TTPs)

T1071.001
Application Layer Protocol - Thorium utilizes application layer protocols to facilitate communication among integrated tools [4][6]
T1069
Permission Groups - The platform allows strict group-based permissions to control access to submissions and results [6][7]
T1030
Data Transfer Size Limits - Thorium can handle large data transfers, ingesting over 10 million files per hour [6][7]
T1071.003
Application Layer Protocol: HTTPS - Secure communication channels are established for data integrity during analysis [5][6]
T1505.003
Server Software Component - Thorium integrates commercial and custom tools, enhancing its analytical capabilities [4][6]
T1590
Information Gathering - The platform enables automated file analysis, improving efficiency in threat intelligence gathering [5][6]
T1203
Application Layer Protocol - Thorium automates command-line tool integration as Docker images, streamlining malware analysis [4][6]

Timeline of Events

2025-07-31
CISA announces the public release of Thorium for malware and forensic analysis [4][5]
2025-07-31
Thorium is made available to analysts in government, public, and private sectors [6][7]
2025-07-31
CISA and Sandia National Laboratories reveal the platform's capabilities, including processing over 10 million files per hour [6][7]
2025-08-01
Initial user feedback highlights the platform's effectiveness in automating analysis workflows [5][6]
2025-08-01
Cybersecurity community begins to adopt Thorium, integrating it into existing workflows [6][7]

Source Citations

expert_quotes: {'CISA statement on Thorium': 'Article 4', 'Cybersecurity analyst comments': 'Article 6'}
primary_findings: {'CISA announcement on Thorium': 'Articles 1, 4', 'Technical capabilities of Thorium': 'Articles 2, 6'}
technical_details: {'Performance metrics': 'Articles 2, 6', 'Integration of tools and functionalities': 'Articles 4, 5'}
Powered by ThreatCluster AI
Generated 4 days ago
AI analysis may contain inaccuracies

Related Articles

9 articles
1

CISA Releases Open-Source Thorium Platform For Malware Analysis - LinkedIn

News • 5 days ago

EnglishUnited States Deutsch English Español Français Italiano العربية All languages Afrikaans azərbaycan bosanski català Čeština Cymraeg Dansk Deutsch eesti EnglishUnited Kingdom EspañolEspaña EspañolLatinoamérica euskara Filipino FrançaisCanada FrançaisFrance Gaeilge galego Hrvatski Indonesia isiZulu íslenska Italiano Kiswahili latviešu lietuvių magyar Melayu Nederlands norsk o‘zbek polski PortuguêsBrasil PortuguêsPortugal română shqip Slovenčina slovenščina srpski (latinica) Suomi Svenska Tiế

Score
58
100.0% similarity
Read more
2

CISA Open-sources Malware and Forensic Analysis Tool Thorium to Public Availability

Cybersecurity News • 5 days ago

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Sandia National Laboratories, today announced the public release of Thorium, a highly scalable and distributed platform designed for automated file analysis and result aggregation. The new tool aims to significantly enhance the capabilities of cybersecurity teams by automating complex analysis workflows and integrating a wide […]

Score
57
96.0% similarity
Read more
3

CISA unveils free Thorium malware analysis platform

Therecord • 5 days ago

The goal of Thorium is to enable cyber defenders to bring automation to their existing analysis through simple tool integration and event-driven triggers, CISA said, adding that it is built to support cybersecurity teams across mission functions.

Score
57
94.0% similarity
Read more
4
CISA Releases Thorium: Open-Source Malware and Forensics Tool Now Public

CISA Releases Thorium: Open-Source Malware and Forensics Tool Now Public

GB Hackers • 5 days ago

CISA Releases Thorium: Open-Source Malware and Forensics Tool Now Public The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the cybersecurity community by publicly releasing Thorium, a powerful open-source platform designed to revolutionizemalware analysisand digital forensics operations. This announcement marks a major milestone in democratizing advanced cybersecurity tools for organizations worldwide. Partnership with Sandia National Laboratories

Score
56
100.0% similarity
Read more
5

CISA Launches Automated Malware Analysis Platform - AFCEA International

News • 5 days ago

EnglishUnited States Deutsch English Español Français Italiano العربية All languages Afrikaans azərbaycan bosanski català Čeština Cymraeg Dansk Deutsch eesti EnglishUnited Kingdom EspañolEspaña EspañolLatinoamérica euskara Filipino FrançaisCanada FrançaisFrance Gaeilge galego Hrvatski Indonesia isiZulu íslenska Italiano Kiswahili latviešu lietuvių magyar Melayu Nederlands norsk o‘zbek polski PortuguêsBrasil PortuguêsPortugal română shqip Slovenčina slovenščina srpski (latinica) Suomi Svenska Tiế

Score
55
100.0% similarity
Read more
6
CISA open-sources Thorium platform for malware, forensic analysis

CISA open-sources Thorium platform for malware, forensic analysis

BleepingComputer • 5 days ago

CISA open-sources Thorium platform for malware, forensic analysis Sergiu Gatlan July 31, 2025 12:43 PM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. Thoriumwas developedin partnership with Sandia National Laboratoriesas a scalable cybersecurity suite that automates many tasks involved in cyberattack investigations,

Score
55
97.0% similarity
Read more
7

CISA released Thorium platform to support malware and forensic analysis - Security Affairs

News • 4 days ago

EnglishUnited States Deutsch English Español Français Italiano العربية All languages Afrikaans azərbaycan bosanski català Čeština Cymraeg Dansk Deutsch eesti EnglishUnited Kingdom EspañolEspaña EspañolLatinoamérica euskara Filipino FrançaisCanada FrançaisFrance Gaeilge galego Hrvatski Indonesia isiZulu íslenska Italiano Kiswahili latviešu lietuvių magyar Melayu Nederlands norsk o‘zbek polski PortuguêsBrasil PortuguêsPortugal română shqip Slovenčina slovenščina srpski (latinica) Suomi Svenska Tiế

Score
55
100.0% similarity
Read more
8

CISA released Thorium platform to support malware and forensic analysis

Security Affairs • 4 days ago

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]

Score
52
100.0% similarity
Read more
9

CISA Releases Free Thorium Malware Analysis Tool

Dark Reading • 5 days ago

Thorium enhances cybersecurity teams' defense capabilities by seamlessly integrating commercial, open-source, and custom tools used to analyze malware.

Score
52
100.0% similarity
Read more

Save to Folder

Choose a folder to save this cluster:

Cluster Intelligence

Key entities and indicators for this cluster

COUNTRIES
United States
MITRE ATT&CK
T1505.003
T1071.001
T1071.003
T1203
T1069
PLATFORMS
Thorium
ScyllaDB
Kubernetes
INDUSTRIES
Private Sector
Cybersecurity
Government
COMPANIES
Sandia National Laboratories
CISA
ATTACK TYPES
Digital Forensics
Malware Analysis
Incident Response
CLUSTER INFORMATION
Cluster #1522
Created 5 days ago
Semantic Algorithm

We use cookies

We use cookies and similar technologies to enhance your experience, analyse site usage, and assist in our marketing efforts.

Cookie Settings

Essential Cookies

Required for the website to function. Cannot be disabled.

  • Session management and authentication
  • Security and fraud prevention
  • Cookie consent preferences

Analytics Cookies

Help us understand how visitors interact with our website.

  • Plausible Analytics - Privacy-focused usage statistics
  • PostHog - Product analytics and feature tracking
  • Page views and user journey analysis

Performance Cookies

Help us monitor and improve website performance.

  • Page load time monitoring
  • Error tracking and debugging
  • Performance optimisation

Marketing Cookies

Used to track visitors across websites for marketing purposes.

  • Conversion tracking
  • Remarketing campaigns
  • Social media integration