Esempio n. 1
0
        public static void SendEmail(string sErrorSubject, string sErrorMessage)
        {
            var isGoingToRun = Object_Fido_Configs.GetAsBool("fido.email.runerroremail", false);
            var sErrorEmail  = Object_Fido_Configs.GetAsString("fido.email.erroremail", null);
            var sFidoEmail   = Object_Fido_Configs.GetAsString("fido.email.fidoemail", null);
            var isTest       = Object_Fido_Configs.GetAsBool("fido.application.teststartup", true);

            if (!isGoingToRun)
            {
                return;
            }
            if (isTest)
            {
                sErrorSubject = "Test: " + sErrorSubject;
            }


            Logging_Fido.RunLogging(sErrorMessage);

            var Rmail = new Emailfields
            {
                To           = sErrorEmail,
                CC           = "",
                From         = sFidoEmail,
                Subject      = sErrorSubject,
                Body         = sErrorMessage,
                EmailAttach  = null,
                GaugeAttatch = null
            };

            Email_Send.Send(Rmail);

            Console.WriteLine(sErrorMessage);
            Thread.Sleep(1000);
        }
Esempio n. 2
0
        //function for FireEye MPS to parse each email to get source, destination, MAC addr, type of
        //attack, time it occured and important URLs
        public static void FireEyeEmailReceive(string sEmailBody, string sSubject)
        {
            try
            {
                Console.WriteLine(@"Running FireEye MPS detector.");
                var sSubjectArray = sSubject.Split(':');
                var malwareType   = sSubjectArray[0];
                FidoReturnValues lFidoReturnValues;

                //the below code is hacky and needs to be optimized. I couldn't
                //think of a better way to write it and it works... so fix it or shut up.

                //get additional information from the alert such as hashes, URLs, etc
                if (IsMalwareType(malwareType))
                {
                    Console.WriteLine(@"Malware-callback detected");
                    Logging_Fido.RunLogging(malwareType + "!");
                    lFidoReturnValues = FireEyeParse(sEmailBody, false);
                    if (!Fido_NetSegments.isEmptySrcIP(lFidoReturnValues.SrcIP))
                    {
                        return;
                    }
                    SetReturnValue(lFidoReturnValues);
                }
                else if (malwareType != null && String.Compare(malwareType, "web-infection detected", StringComparison.Ordinal) == 0)
                {
                    Console.WriteLine(@"Web-infection detected.");
                    Logging_Fido.RunLogging(malwareType + "!");
                    lFidoReturnValues = FireEyeParse(sEmailBody, true);
                    if (!Fido_NetSegments.isEmptySrcIP(lFidoReturnValues.SrcIP))
                    {
                        return;
                    }
                    SetReturnValue(lFidoReturnValues);
                }
                else if (malwareType != null && String.Compare(malwareType, "infection-match detected", StringComparison.Ordinal) == 0)
                {
                    Console.WriteLine(@"Infection-match detected.");
                    Logging_Fido.RunLogging(malwareType + "!");
                    lFidoReturnValues = FireEyeParse(sEmailBody, false);
                    if (!Fido_NetSegments.isEmptySrcIP(lFidoReturnValues.SrcIP))
                    {
                        return;
                    }
                    SetReturnValue(lFidoReturnValues);
                }
                Console.WriteLine(@"Exiting FireEye detector.");
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught receiving FireEye email:" + e);
            }
        }
Esempio n. 3
0
 private void XX(FidoReturnValues fidoReturnValues, bool isWebInfection)
 {
     Logging_Fido.RunLogging(malwareType + "!");
     fidoReturnValues = FireEyeParse(sEmailBody, isWebInfection);
     if (!Fido_NetSegments.isEmptySrcIP(fidoReturnValues.SrcIP))
     {
         return;
     }
     fidoReturnValues.IsTargetOS = true;
     //hand of process to get more information about the host
     fidoReturnValues.MalwareType     = sSubjectArray[0];
     fidoReturnValues.CurrentDetector = "mps";
     TheDirector.Direct(fidoReturnValues);
 }
Esempio n. 4
0
        public static void SendEmail(string sErrorSubject, string sErrorMessage)
        {
            var isGoingToRun = Object_Fido_Configs.GetAsBool("fido.email.runerroremail", false);
            var sErrorEmail  = Object_Fido_Configs.GetAsString("fido.email.erroremail", null);
            var sFidoEmail   = Object_Fido_Configs.GetAsString("fido.email.fidoemail", null);
            var isTest       = Object_Fido_Configs.GetAsBool("fido.application.teststartup", true);

            if (!isGoingToRun)
            {
                return;
            }
            if (isTest)
            {
                sErrorSubject = "Test: " + sErrorSubject;
            }


            Logging_Fido.RunLogging(sErrorMessage);
            Email_Send.Send(sErrorEmail, sFidoEmail, sFidoEmail, sErrorSubject, sErrorMessage, null, null);
            Console.WriteLine(sErrorMessage);
            Thread.Sleep(1000);
        }
Esempio n. 5
0
        //function for FireEye MPS to parse each email to get source, destination, MAC addr, type of
        //attack, time it occured and important URLs
        public static void FireEyeEmailReceive(string sEmailBody, string sSubject)
        {
            try
            {
                Console.WriteLine(@"Running FireEye MPS detector.");
                var sSubjectArray = sSubject.Split(':');
                var malwareType   = sSubjectArray[0];
                FidoReturnValues lFidoReturnValues;

                //the below code is hacky and needs to be optimized. I couldn't
                //think of a better way to write it and it works... so fix it or shut up.

                //get additional information from the alert such as hashes, URLs, etc
                if (string.IsNullOrEmpty(malwareType) && (String.Compare(malwareType, "malware-callback detected", StringComparison.Ordinal) == 0) || (String.Compare(malwareType, "malware-object detected", StringComparison.Ordinal) == 0))
                {
                    Console.WriteLine(@"Malware-callback detected");
                    Logging_Fido.RunLogging(malwareType + "!");
                    lFidoReturnValues = FireEyeParse(sEmailBody, false);
                    if (!Fido_NetSegments.isEmptySrcIP(lFidoReturnValues.SrcIP))
                    {
                        return;
                    }
                    lFidoReturnValues.IsTargetOS = true;
                    //hand of process to get more information about the host
                    lFidoReturnValues.MalwareType     = sSubjectArray[0];
                    lFidoReturnValues.CurrentDetector = "mps";
                    TheDirector.Direct(lFidoReturnValues);
                    //consider do an else in case srcip comes back empty
                    //else
                    //{
                    //}
                }
                else if (malwareType != null && String.Compare(malwareType, "web-infection detected", StringComparison.Ordinal) == 0)
                {
                    Console.WriteLine(@"Web-infection detected.");
                    Logging_Fido.RunLogging(malwareType + "!");
                    lFidoReturnValues = FireEyeParse(sEmailBody, true);
                    if (!Fido_NetSegments.isEmptySrcIP(lFidoReturnValues.SrcIP))
                    {
                        return;
                    }
                    lFidoReturnValues.IsTargetOS = true;
                    //hand of process to get more information about the host
                    lFidoReturnValues.MalwareType     = sSubjectArray[0];
                    lFidoReturnValues.CurrentDetector = "mps";
                    TheDirector.Direct(lFidoReturnValues);
                    //consider do an else in case srcip comes back empty
                    //else
                    //{
                    //}
                }
                else if (malwareType != null && String.Compare(malwareType, "infection-match detected", StringComparison.Ordinal) == 0)
                {
                    Console.WriteLine(@"Infection-match detected.");
                    Logging_Fido.RunLogging(malwareType + "!");
                    lFidoReturnValues = FireEyeParse(sEmailBody, false);
                    if (!Fido_NetSegments.isEmptySrcIP(lFidoReturnValues.SrcIP))
                    {
                        return;
                    }
                    lFidoReturnValues.IsTargetOS = true;
                    //hand of process to get more information about the host
                    lFidoReturnValues.MalwareType     = sSubjectArray[0];
                    lFidoReturnValues.CurrentDetector = "mps";
                    TheDirector.Direct(lFidoReturnValues);
                    //consider do an else in case srcip comes back empty
                    //else
                    //{
                    //}
                }
                Console.WriteLine(@"Exiting FireEye detector.");
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught receiving FireEye email:" + e);
            }
        }