Fidelis Cybersecurity has introduced a new threat intelligence database and freeware tools designed to help the security community stop attacks and prevent data theft. The new resources, available at no cost, include the Barncat Threat Intelligence Database, the ThreatScanner tool for finding malware residing on an endpoint, and CCNumberFinder to support PCI DSS compliance. “After years of ongoing research and thousands of hours of incident response engagements, we’re eager to give back to the security community by sharing some of the threat intelligence we’ve curated and free tools we’ve developed,” said Fidelis Cybersecurity vice president of threat research, Hardik Modi. “By making these tools and intelligence available to researchers and security analysts, we hope organisations will be able to find and stop attackers faster and more efficiently.”
The Fidelis Barncat Intelligence Database includes more than 100,000 records with configuration settings extracted from malware samples gathered during Fidelis’ incident response investigations and other intelligence gathering operations over the past decade. The typical remote access tool (RAT) malware sample includes a large number of configuration elements, including those controlling the behavior of the malware on the host and others related to command-and-control traffic. Barncat is updated with hundreds of new configuration records each day. By providing analysts with this extensive collection of extracted malware configuration settings, Barncat enables security practitioners to identify attackers more accurately and more reliably attribute multiple attacks to common threat actors.
In addition to the Barncat database, Fidelis also announced the availability of two freeware tools:
- Fidelis ThreatScanner: This free command line tool searches for malware artifacts hiding on a suspected endpoint using IOCs or YARA rules and automatically generates a report with details of suspicious artifacts. Users can customise the tool with their own threat intelligence and combine multiple indicators into a single rule
- Fidelis CCNumberFinder: This free command line Microsoft Windows tool supports PCI DSS compliance by searching for credit card numbers on a file system. The tool, used by Fidelis’ QSAs and PFIs, opens every file within a moving window and examines each byte position within that file for a credit card number in UTF-8 and UTF-16LE encodings. The tool opens compressed files recursively and outputs data in CSV format
