public static void AntiVirusToBit9(FidoReturnValues lFidoReturnValues) { var lBit9ReturnValues = new Bit9ReturnValues(); var sFileInfo = lFidoReturnValues.Antivirus.FilePath.Split('\\'); if ((sFileInfo != null) && (sFileInfo.Length != 0)) { Console.WriteLine(@"Antivirus detector found! Cross-referencing with Bit9."); lBit9ReturnValues.FileName = sFileInfo[sFileInfo.Length - 1]; lFidoReturnValues.Antivirus.FileName = lBit9ReturnValues.FileName; for (var i = 0; i < sFileInfo.Length - 1; i++) { if (i == sFileInfo.Length - 2) { lBit9ReturnValues.FilePath += sFileInfo[i]; } else { if (!sFileInfo[i].Contains("'")) { lBit9ReturnValues.FilePath += sFileInfo[i] + "\\"; } else { break; } } } lBit9ReturnValues.HostName = lFidoReturnValues.Hostname; var lBit9Info = Detect_Bit9.GetFileInfo(null, lBit9ReturnValues); } }
//todo: is this still necessary? should we handle this in the bit9 module? public static FidoReturnValues FireEyeHashToBit9(FidoReturnValues lFidoReturnValues) { //Check FireEye returns and go to Bit9 to see if the hash exists, where and //if it was executed, then go to VT and pass hash info on there too var lVirusTotalReturnValues = new VirusTotalReturnValues(); List <string> sBit9FileInfo = Detect_Bit9.GetFileInfo(lFidoReturnValues.FireEye.MD5Hash, null); if (sBit9FileInfo.Count == 0) { return(lFidoReturnValues); } if (lFidoReturnValues.Bit9 == null) { lFidoReturnValues.Bit9 = new Bit9ReturnValues { Bit9Hashes = sBit9FileInfo.ToArray() }; } else { lFidoReturnValues.Bit9.Bit9Hashes = sBit9FileInfo.ToArray(); } return(lFidoReturnValues); }