{"id":3415,"date":"2018-06-13T17:20:26","date_gmt":"2018-06-13T15:20:26","guid":{"rendered":"http:\/\/nextron.bsk-consulting.de\/?p=3415"},"modified":"2022-03-25T14:15:05","modified_gmt":"2022-03-25T13:15:05","slug":"spark-core-free-ioc-and-yara-scanning","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/","title":{"rendered":"SPARK Core &#8211; Free IOC and YARA Scanning"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;3.27.4&#8243;]It is done! Our new free scanner SPARK Core has been released.<\/p>\n<p>After weeks of planning, development and testing, we&#8217;re proud to provide the community with a new and powerful multi-platform scanner.<br \/>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_image src=&#8221;https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2018\/06\/Screen-Shot-2018-06-04-at-15.16.16-1.png&#8221; align_tablet=&#8221;center&#8221; align_last_edited=&#8221;on|desktop&#8221; _builder_version=&#8221;4.4.2&#8243; hover_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;3.27.4&#8243;]SPARK Core is a reduced version of our successful scanner SPARK.<\/p>\n<p>The main differences are the Open Source signature base and the reduced set of modules. It uses LOKI&#8217;s open source &#8220;<a href=\"https:\/\/github.com\/Neo23x0\/signature-base\">signature-base<\/a>&#8221; instead of the big signature set that is used in THOR and SPARK. It also lacks some of the modules, like the SHIM cache, Registry, Eventlog and DeepDive modules.<\/p>\n<p>This overview explains how SPARK Core fits in our current scanner portfolio:<br \/>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_image src=&#8221;https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2018\/05\/Screen-Shot-2018-05-13-at-19.46.11.png&#8221; show_in_lightbox=&#8221;on&#8221; align_tablet=&#8221;center&#8221; align_last_edited=&#8221;on|desktop&#8221; _builder_version=&#8221;4.4.2&#8243; hover_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;4.4.2&#8243; hover_enabled=&#8221;0&#8243;]Some key points:<\/p>\n<ul>\n<li>Free scanner for Windows, Linux and macOS<\/li>\n<li>Precompiled and encrypted open source signature set<\/li>\n<li>Update utility (spark-core-util) to download tested versions with signature updates<\/li>\n<li>Documentation<\/li>\n<li>Custom IOCs and signatures (just add them to the .\/custom-signatures\/ folder)<\/li>\n<li>Different output formats: text log, SYSLOG (udp\/tcp\/tcp+tls), JSON to file, JSON via Syslog<\/li>\n<li>Scan throttling to limit the CPU usage<\/li>\n<\/ul>\n<p>All we ask for is a SPARK Core Newsletter subscription, which is a requirement for the automatic license renewal. Each subscriber receives a personal licenses file that is valid for 1 year and allows to run SPARK Core on as many systems as he wishes.<\/p>\n<p>Support is not guaranteed but we provide the possibility to submit issues via our <a href=\"https:\/\/github.com\/NextronSystems\/spark-core\">github page<\/a>.<\/p>\n<p>More information and download can be found on the <a href=\"\/spark-core\/\">product page<\/a>.<\/p>\n<p>We hope that you can use SPARK Core to catch some bad guys.<br \/>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It is done! Our new free scanner SPARK Core has been released. After weeks of planning, development and testing, we&#8217;re proud to provide the community with a new and powerful multi-platform scanner. SPARK Core is a reduced version of our successful scanner SPARK. The main differences are the Open Source signature base and the reduced set of modules. It uses LOKI&#8217;s open source &#8220;signature-base&#8221; instead of the big signature set that is used in THOR and SPARK. It also lacks some of the modules, like the SHIM cache, Registry, Eventlog and DeepDive modules. This overview explains how SPARK Core fits in our current scanner portfolio: Some key points: Free scanner for Windows, Linux and macOS Precompiled and encrypted open source signature set Update utility (spark-core-util) to download tested versions with signature updates Documentation Custom IOCs and signatures (just add them to the .\/custom-signatures\/ folder) Different output formats: text log, SYSLOG (udp\/tcp\/tcp+tls), JSON to file, JSON via Syslog Scan throttling to limit the CPU usage All we ask for is a SPARK Core Newsletter subscription, which is a requirement for the automatic license renewal. Each subscriber receives a personal licenses file that is valid for 1 year and allows to run [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<p>At last: Our new free IOC and YARA scanner SPARK Core is ready!<\/p><p>After weeks of planning, development and testing, we're proud to provide the community with a performant multi-platform scanner.<\/p><p><a href=\"http:\/\/nextron.bsk-consulting.de\/wp-content\/uploads\/2018\/05\/Bildschirmfoto-2018-05-16-um-16.02.38.png\"><img class=\"alignnone size-full wp-image-3365\" src=\"http:\/\/nextron.bsk-consulting.de\/wp-content\/uploads\/2018\/05\/Bildschirmfoto-2018-05-16-um-16.02.38.png\" alt=\"\" width=\"564\" height=\"497\" \/><\/a><\/p><p>SPARK Core is reduced version of our successful scanner SPARK. The main differences are the Open Source signature base and the reduced set of modules. It uses LOKI's open source \"<a href=\"https:\/\/github.com\/Neo23x0\/signature-base\">signature-base<\/a>\" instead of the big signature set that is used in THOR and SPARK. It also lacks some of the modules, like the SHIM cache, Registry, and DeepDive modules.<\/p>[caption id=\"attachment_3291\" align=\"alignnone\" width=\"812\"]<a href=\"http:\/\/nextron.bsk-consulting.de\/wp-content\/uploads\/2018\/05\/Screen-Shot-2018-05-13-at-19.25.17.png\"><img class=\"size-full wp-image-3291\" src=\"http:\/\/nextron.bsk-consulting.de\/wp-content\/uploads\/2018\/05\/Screen-Shot-2018-05-13-at-19.25.17.png\" alt=\"Nextron Systems Scanner Comparison\" width=\"812\" height=\"454\" \/><\/a> Nextron Systems Scanner Comparison[\/caption]<p>Some key points:<\/p><ul><li>Free scanner for Windows, Linux and macOS<\/li><li>Precompiled and encrypted open source signature set<\/li><li>Update utility to download tested versions with signature updates<\/li><li>Documentation<\/li><li>Custom IOCs and signatures<\/li><li>Different output formats: text log, SYSLOG (udp\/tcp\/tcp+tls), JSON to file, JSON via Syslog<\/li><li>Scan throttling to limit the CPU usage<\/li><\/ul><p>All we ask for is a SPARK Core Newsletter subscription, which is a requirement for the automatic license renewal. Each subscriber receives a personal licenses file that is valid for 1 year and allows to run SPARK Core on as many systems as he wishes.<\/p><p>Support is not guaranteed but we provide the possibility to submit issues via our <a href=\"https:\/\/github.com\/NextronSystems\/spark-core\">github page<\/a>, which will also host new releases of SPARK Core in the near future.<\/p><p>More information and download can be found on the <a href=\"http:\/\/nextron.bsk-consulting.de\/spark-core\/\">product page<\/a>.<\/p><p>We wish everyone a successful hunt!<\/p>","_et_gb_content_width":"","footnotes":""},"categories":[33],"tags":[98,82,99,97,81,7,101,96,100,48],"class_list":["post-3415","post","type-post","status-publish","format-standard","hentry","category-spark","tag-free","tag-ioc","tag-linux","tag-loki","tag-osx","tag-scanner","tag-signatures","tag-spark-core","tag-windows","tag-yara"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SPARK Core - Free IOC and YARA Scanning - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"SPARK Core &#8211; Free IOC and YARA Scanning\",\"datePublished\":\"2018-06-13T15:20:26+00:00\",\"dateModified\":\"2022-03-25T13:15:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/\"},\"wordCount\":522,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"free\",\"ioc\",\"linux\",\"loki\",\"osx\",\"scanner\",\"signatures\",\"spark core\",\"windows\",\"YARA\"],\"articleSection\":[\"SPARK\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/\",\"name\":\"SPARK Core - Free IOC and YARA Scanning - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2018-06-13T15:20:26+00:00\",\"dateModified\":\"2022-03-25T13:15:05+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SPARK Core - Free IOC and YARA Scanning - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"SPARK Core &#8211; Free IOC and YARA Scanning","datePublished":"2018-06-13T15:20:26+00:00","dateModified":"2022-03-25T13:15:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/"},"wordCount":522,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["free","ioc","linux","loki","osx","scanner","signatures","spark core","windows","YARA"],"articleSection":["SPARK"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/","url":"https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/","name":"SPARK Core - Free IOC and YARA Scanning - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2018-06-13T15:20:26+00:00","dateModified":"2022-03-25T13:15:05+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2018\/06\/13\/spark-core-free-ioc-and-yara-scanning\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/3415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=3415"}],"version-history":[{"count":10,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/3415\/revisions"}],"predecessor-version":[{"id":7296,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/3415\/revisions\/7296"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=3415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=3415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=3415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}