The Cybersecurity & Infrastructure Security Agency (CISA) has announced the release of “an automated, scalable malware and forensic analysis platform” created in partnership with Sandia National Laboratories. 

The platform is called Thorium and can integrate open-source, custom, and commercial analysis tools to support cyber defenders in assessing and indexing forensic analyses on threats into a unified platform. 

“The Thorium framework underscores CISA's focus and commitment to provide valuable services and resources at scale that help government and critical infrastructure protect against cyber threats and strengthen their cybersecurity. By publicly sharing this platform, we empower the broader cybersecurity community to orchestrate the use of advanced tools for malware and forensic analysis,” says Jermaine Roebuck, CISA Associate Director for Threat Hunting. “With our partners at Sandia National Laboratories, we are enabling analysts nationwide to contribute insights and benefit from shared knowledge. Scalable analysis of binaries as well as other digital artifacts further enables cybersecurity analysts to understand and address vulnerabilities in benign software.”

Malware analysts across all sectors face vast amounts of malware and do not always have the time and resources to efficiently examine threats. Therefore, the intent of this platform is to help cyber professionals manage long lists of malware efficiently.