txt2stix 0.0.4__py3-none-any.whl

txt2stix/lookups.py

@@ -0,0 +1,68 @@
+import uuid
+import yaml
+from .common import FatalException, NamedDict
+from .extractions import Extractor
+
+import yaml, re
+import csv
+from pathlib import Path
+
+
+def load_lookup(extractor):
+    if extractor.terms:
+        return extractor.terms
+    extractor.terms = set(Path(extractor.file).read_text().splitlines())
+    return extractor.terms
+
+def find_all(extractor, input_str, start_id=0):
+    retval = {}
+    for term in extractor.terms:
+        indexes = find_get_indexes_re(term, input_str)
+        observed = {"value": term, "start_index":[], "stix_mapping": extractor.stix_mapping, "type": extractor.slug}
+        for index in indexes:
+            observed["start_index"].append(index)
+        if observed.get("start_index"):
+            retval[f"extraction_{start_id+len(retval)}"] = observed
+    return retval
+
+
+def merge_lookups(extractors: list[Extractor]) -> list[tuple[str, str, str]]:
+    retval = []
+    for ex in extractors:
+        load_lookup(ex)
+        retval.extend([(term, ex.stix_mapping, ex.slug) for term in ex.terms])
+    return sorted(retval, key=lambda kv: len(kv[0]), reverse=True)
+
+def extract_all(extractors, input_str):
+    terms_ex:list[tuple[str, str, str]] = merge_lookups(extractors)
+    seen_indexes = set()
+    retval = []
+    for term, stix_mapping, slug in terms_ex:
+        indexes = set(find_get_indexes_re(term, input_str))
+        difference = list(indexes.difference(seen_indexes))
+        seen_indexes.update(difference)
+        if difference:
+            retval.append({"value": term, "start_index":difference, "stix_mapping": stix_mapping, "type": slug})
+    return retval
+
+def find_get_indexes(term, input_str):
+    idx = -1
+    while True:
+        idx = input_str.find(term, idx+1)
+        if idx == -1:
+            break
+        yield idx
+
+def find_get_indexes_re(term, input_str):
+    input_str = " "+input_str+" "
+    re_i = re.escape(term)
+    rexp = []
+    for right in [r"\s", r"\.", r",", r"!\s"]:
+        rexp.append(r"\s"+ "(" + re_i +")" +right)
+    for open, close in ['""', "[]", "()", "``", "''",]:
+        rexp.append(re.escape(open)+ "(" + re_i +")" + re.escape(close))
+    rexp = "|".join(rexp)
+    r = re.compile(rexp, flags=re.IGNORECASE)
+    for match in r.finditer(input_str):
+        left, right = match.span()
+        yield left

txt2stix/pattern/__init__.py

@@ -0,0 +1,13 @@
+from .extractors.base_extractor import ALL_EXTRACTORS
+
+from .extractors.card import CARD_EXTRACTORS
+from .extractors.crypto import CRYPTO_EXTRACTORS
+from .extractors.directory import DIRECTORY_EXTRACTORS
+from .extractors.domain import DOMAIN_EXTRACTORS
+from .extractors.ip import IP_EXTRACTORS
+from .extractors.hashes import SHA_EXTRACTORS
+from .extractors.url import URL_EXTRACTORS
+from .extractors.others import OTHER_EXTRACTORS
+
+
+from .extractors.helper import extract_all, load_extractor

txt2stix/pattern/extractors/base_extractor.py

@@ -0,0 +1,167 @@
+"""
+`Extractor` class represents the properties of a given observable.
+"""
+import re
+import logging
+from typing import Iterable
+
+logger = logging.getLogger(__name__)
+
+ALL_EXTRACTORS = {}
+
+class BaseExtractor:
+    name = None
+    extraction_regex = None
+    extraction_function = None
+    common_strip_elements = "\"'.,:"
+    filter_function = None # further filter the extracted values
+    meta_extractor = None
+    version = None
+    stix_mapping = None
+    invalid_characters = ['.', ',', '!', '`', '(', ')', '{', '}', '"', '````', ' ', '[', ']']
+    SPLITS_FINDER = re.compile(r'(?<=[\'"<\(\{\[\s])(?P<item>.*?)(?=[\s\]\}\)>"\'])') #split on boundary characters instead of ' ' only
+
+
+    @classmethod
+    def register_new_extractor(cls, name, extractor):
+        ALL_EXTRACTORS[name] = extractor
+
+    def __init_subclass__(cls, **kwargs):
+        super().__init_subclass__(**kwargs)
+        cls.register_new_extractor(cls.name, cls)
+
+    @classmethod
+    def extract_extraction_from_text(cls, text: str):
+        """
+        Extracts the required observables from text and returns the
+        extracted observables and modified text.
+        """
+        extracted_observables = []
+        start_index = 0
+        if cls.extraction_regex is not None:
+            if cls.extraction_regex.startswith("^") or cls.extraction_regex.endswith("$"):
+                for matchsplit in cls.SPLITS_FINDER.finditer(text):
+                    word = matchsplit.group('item')
+                    start_index = matchsplit.start('item')
+                    match = re.match(cls.extraction_regex, word)
+                    if match:
+                        extracted_observables.append((match.group(0), match.start()+start_index))
+                    else:
+                        stripped_word = word.strip(cls.common_strip_elements)
+                        match = re.match(cls.extraction_regex, stripped_word)
+                        if match:
+                            extracted_observables.append((match.group(0), start_index + word.index(stripped_word)))
+            else:
+                # Find regex in the entire text (including whitespace)
+                for match in re.finditer(cls.extraction_regex, text):
+                    match_value = match.group().strip('\n')
+                    start_index, end_index = match.span()
+                
+                    extracted_observables.append((match_value, start_index))
+
+        # If extraction_function is not None, then find matches that don't throw exception when
+        elif cls.extraction_function is not None:
+
+            start_index = 0
+            
+            for index, word in tokenize(text):
+                # word = match.group('item')
+                # end_index = start_index + len(word) - 1
+
+                # word = BaseExtractor.trim_invalid_characters(word, cls.invalid_characters)
+                try:
+                    if cls.extraction_function(word):
+                        extracted_observables.append((word, index))
+                except Exception as error:
+                    pass
+
+        else:
+            raise ValueError("Both extraction_regex and extraction_function can't be None.")
+
+        string_positions = {}
+
+        # Iterate through the input list to group positions for each string
+        for position, (string, pos) in enumerate(extracted_observables, 1):
+            if cls.filter_function and not cls.filter_function(string):
+                continue
+            if string not in string_positions:
+                string_positions[string] = []
+            string_positions[string].append(pos)
+
+        response = []
+
+        # for extraction, positions in string_positions.items():
+        #     response.append({
+        #         "value": extraction,
+        #         "type": cls.name,
+        #         "version": cls.version,
+        #         "stix_mapping": cls.stix_mapping,
+        #         "start_index": positions,
+        #     })
+
+        for position, (string, pos) in enumerate(extracted_observables, 1):
+            if cls.filter_function and not cls.filter_function(string):
+                continue
+            response.append({
+                "value": string,
+                "type": cls.name,
+                "version": cls.version,
+                "stix_mapping": cls.stix_mapping,
+                "start_index": pos,
+            })
+        return response
+
+    @classmethod
+    def split_all(cls, text):
+        for word in cls.SPLITS_FINDER.findall(text):
+            yield cls.trim_invalid_characters(word, cls.invalid_characters)
+
+    @classmethod
+    def trim_invalid_characters(cls, keyword: str, characters: Iterable):
+        return keyword.strip(''.join(characters))
+
+def tokenize(text):
+    # Define pairs of boundary characters as a list of tuples
+    boundary_pairs = [
+        ('(', ')'),
+        ('[', ']'),
+        ('{', '}'),
+        ('"', '"'),
+        ("'", "'"),
+        (' ', ' '),  # Spaces as general separators
+        ('\n', ' '), 
+        ('\n', '\n'), 
+        (' ', '\n'), 
+    ]
+    
+    # Define additional closing boundary characters
+    additional_closers = {"!", ";", ".", ","}
+    
+    tokens = []
+    words = text.split()
+    
+    # Capture individual words with their starting index
+    index = 0
+    for word in words:
+        start_index = text.find(word, index)
+        cleaned_word = word.strip("()[]{}'\".,;!:")
+        if cleaned_word:
+            tokens.append((start_index, cleaned_word))
+        index = start_index + len(word)
+    
+    # Capture nested structures with their starting index
+    for i in range(len(text)):
+        for opener, closer in boundary_pairs:
+            if text[i] == opener:
+                token = text[i]
+                for j in range(i + 1, len(text)):
+                    token += text[j]
+                    if text[j] == closer:
+                        if token.startswith(opener):
+                            token = token[1:]
+                        if token.endswith(closer):
+                            token = token[:-1]
+                        tokens.append((i, token))
+                        break
+    
+    return tokens

txt2stix/pattern/extractors/card/README.md

@@ -0,0 +1,34 @@
+Data retrieved from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-8A0A2E8B-D740-476E-B10C-885919573022.html, by running the following code on page
+
+```js
+function maptoregexp(elements){
+    elements = Array.from(elements)
+    return JSON.stringify(elements.map(el=>el.innerText), null, 2)
+}
+var [validator_section, positive_match_section, negative_match_section] = document.querySelectorAll("section.section")
+var positive_matchers = maptoregexp(positive_match_section.querySelectorAll("code")), negative_matchers = maptoregexp(negative_match_section.querySelectorAll("code"))
+var validator = validator_section.querySelector("td") && validator_section.querySelector("td").innerText, 
+    description = document.querySelector(".shortdesc").innerText // Break long words at exactly 78 characters
+        .replace(/([^\s]{78})/g, '$1\n\t')
+        // Break long lines honoring whitespace
+        .replace(/([^\n]{1,78})(\s|$)/g, '$1\n\t')
+        .trim()
+
+python_code = `
+    ### The following part is automatically generated from ${location.href}
+    description = """
+    ${description}
+
+    validator = ${validator}
+    """
+    extraction_regex_list = ${positive_matchers}
+    filter_regex_list = ${negative_matchers}
+    extraction_regex = "|".join(extraction_regex_list)
+
+    #end of generated code
+
+`
+
+console.log(python_code)
+copy(python_code)
+```

txt2stix/pattern/extractors/card/__init__.py

@@ -0,0 +1,15 @@
+from .amex_card_extractor import AmexCardExtractor
+from .diners_card_extractor import DinersCardExtractor
+from .discover_card_extractor import BankCardDiscoverExtractor
+from .jcb_card_extractor import JCBCardExtractor
+from .master_card_extractor import MastercardCardExtractor
+from .union_card_extractor import UnionPayCardExtractor
+from .visa_card_extractor import VisaCardBaseExtractor
+
+CARD_EXTRACTORS = [AmexCardExtractor,
+                   DinersCardExtractor,
+                   BankCardDiscoverExtractor,
+                   JCBCardExtractor,
+                   MastercardCardExtractor,
+                   UnionPayCardExtractor,
+                   VisaCardBaseExtractor]

txt2stix/pattern/extractors/card/amex_card_extractor.py

@@ -0,0 +1,52 @@
+from ..base_extractor import BaseExtractor
+from validators import card_number
+
+class AmexCardExtractor(BaseExtractor):
+    """
+    A class for extracting American Express (Amex) credit card numbers from text using regular expressions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "Amex-card".
+        extraction_regex (str): The regular expression pattern used for extracting Amex credit card numbers.
+    """
+
+    name = "pattern_bank_card_amex"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-97839BB4-3077-4BB0-9974-CF8EEB0E2426.html
+    description = """
+    American Express Credit Card Number (CCN) is a 15-digit number starting with
+	34 or 37 and might have dashes (hyphens) or spaces as separators. For example,
+	NNNN-NNNNNN-NNNNN or NNNN NNNNNN NNNNN. Matches exclude common test card
+	numbers.
+
+    validator = Luhn 10 (remainder 0)
+    """
+    extraction_regex_list = [
+        "\\b3[47]\\d{2} \\d{6} \\d{5}\\b",
+        "\\b3[47]\\d{2}-\\d{6}-\\d{5}\\b",
+        "\\b3[47]\\d{13}\\b"
+    ]
+    filter_regex_list = [
+        "3400([- ]?)000000([- ]?)00009",
+        "3411([- ]?)111111([- ]?)11111",
+        "3434([- ]?)343434([- ]?)34343",
+        "3456([- ]?)789012([- ]?)34564",
+        "3456([- ]?)400000([- ]?)55123",
+        "3468([- ]?)276304([- ]?)35344",
+        "3700([- ]?)000000([ -]?)00002",
+        "3700([- ]?)002000([ -]?)00000",
+        "3704([- ]?)072699([ -]?)09809",
+        "3705([- ]?)560193([ -]?)09221",
+        "3714([- ]?)496353([ -]?)98431",
+        "3742([- ]?)000000([ -]?)00004",
+        "3756([- ]?)400000([ -]?)55123",
+        "3764([- ]?)622809([ -]?)21451",
+        "3777([- ]?)527498([ -]?)96404",
+        "3782([- ]?)822463([ -]?)10005",
+        "3787([- ]?)344936([ -]?)71000"
+    ]
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code
+
+    filter_function = card_number

txt2stix/pattern/extractors/card/diners_card_extractor.py

@@ -0,0 +1,47 @@
+from validators import card_number
+from ..base_extractor import BaseExtractor
+
+
+class DinersCardExtractor(BaseExtractor):
+    """
+    A class for extracting Diners Club credit card numbers from text using regular expressions.
+
+    Attributes:
+        pattern (str): The pattern to represent the extracted credit card number.
+        extraction_regex (str): The regular expression pattern used for extracting Diners Club credit card numbers.
+    """
+
+    name = "pattern_bank_card_diners"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-2B5CF316-ED36-4CAB-92D7-AC46714E9882.html
+    description = """
+    Credit Card Number (Diner's Club) is a 14-digit number beginning with 300–305,
+	36, 38, or 39 and might have dashes (hyphens) or spaces as separators. For
+	example, NNNN-NNNNNN-NNNN or NNNN NNNNNN NNNN. Matches exclude common test
+	card numbers.
+
+    validator = Luhn 10 (remainder 0)
+    """
+    extraction_regex_list = [
+        "\\b30[0-5]\\d-\\d{6}-\\d{4}\\b",
+        "\\b30[0-5]\\d \\d{6} \\d{4}\\b",
+        "\\b30[0-5]\\d{11}\\b",
+        "\\b3[689]\\d{2}-\\d{6}-\\d{4}\\b",
+        "\\b3[689]\\d{2} \\d{6} \\d{4}\\b",
+        "\\b3[689]\\d{12}\\b"
+    ]
+    filter_regex_list = [
+        "3020([ -]?)416932([ -]?)2643",
+        "3021([ -]?)804719([ -]?)6557",
+        "3022([ -]?)151156([ -]?)3252",
+        "3046([ -]?)400000([ -]?)5512",
+        "3600([ -]?)000000([ -]?)0008",
+        "3614([ -]?)890064([ -]?)7913",
+        "3670([ -]?)010200([ -]?)0000",
+        "3852([ -]?)000002([ -]?)3237",
+        "3912([ -]?)345678([ -]?)9019"
+    ]
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code
+    filter_function = card_number

txt2stix/pattern/extractors/card/discover_card_extractor.py

@@ -0,0 +1,48 @@
+from validators import card_number
+from ..base_extractor import BaseExtractor
+
+
+class BankCardDiscoverExtractor(BaseExtractor):
+    """
+    A class for extracting Discover credit card numbers from text using regular expressions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "bank-card-discover".
+        extraction_regex (str): The regular expression pattern used for extracting Discover credit card numbers.
+    """
+
+    name = "pattern_bank_card_discover"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-EF96B5CE-6C8E-49B2-BD19-82B0CE0E5091.html
+    description = """
+    Credit Card Number (Discover) is a 16-digit number beginning with 6011,
+	644–649 or 65 and might have dashes (hyphens) or spaces as separators. For
+	example, NNNN-NNNN-NNNN-NNNN or NNNN NNNN NNNN NNNN. This excludes common test
+	card numbers.
+
+    validator = Luhn 10 (remainder 0)
+    """
+    extraction_regex_list = [
+        "\\b6011-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b6011 \\d{4} \\d{4} \\d{4}\\b",
+        "\\b6011\\d{12}\\b",
+        "\\b64[4-9]\\d-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b64[4-9]\\d \\d{4} \\d{4} \\d{4}\\b",
+        "\\b64[4-9]\\d{13}\\b",
+        "\\b65\\d{2}-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b65\\d{2} \\d{4} \\d{4} \\d{4}\\b",
+        "\\b65\\d{14}\\b"
+    ]
+    filter_regex_list = [
+        "6011([ -]?)0009([ -]?)9013([ -]?)9424",
+        "6011([ -]?)1111([ -]?)1111([ -]?)1117",
+        "6011([ -]?)1532([ -]?)1637([ -]?)1980",
+        "6011([ -]?)6011([ -]?)6011([ -]?)6611",
+        "6011([ -]?)6874([ -]?)8256([ -]?)4166",
+        "6011([ -]?)8148([ -]?)3690([ -]?)5651",
+        "6556([ -]?)4000([ -]?)0055([ -]?)1234"
+    ]
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code
+    filter_function = card_number

txt2stix/pattern/extractors/card/jcb_card_extractor.py

@@ -0,0 +1,43 @@
+from validators import card_number
+from ..base_extractor import BaseExtractor
+
+
+class JCBCardExtractor(BaseExtractor):
+    """
+    A class for extracting JCB credit card numbers from text using regular expressions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "jcb-card".
+        extraction_regex (str): The regular expression pattern used for extracting JCB credit card numbers.
+    """
+
+    name = "pattern_bank_card_jcb"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-D56393B2-2C27-4CAF-A7C3-AE83298BD96B.html
+    description = """
+    JCB CCN is a 16-digit number beginning with 3528 or 3589 and might have dashes
+	(hyphens) or spaces as separators. For example, NNNN-NNNN-NNNN-NNNN or NNNN
+	NNNN NNNNNNNN. This excludes common test card numbers.
+
+    validator = Luhn 10 (remainder 0)
+    """
+    extraction_regex_list = [
+        "\\b352[89]-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b352[89] \\d{4} \\d{4} \\d{4}\\b",
+        "\\b352[89]\\d{12}\\b",
+        "\\b35[3-8]\\d-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b35[3-8]\\d \\d{4} \\d{4} \\d{4}\\b",
+        "\\b35[3-8]\\d{13}\\b"
+    ]
+    filter_regex_list = [
+        "3528([ -]?)0007([ -]?)0000([ -]?)0000",
+        "3528([ -]?)7237([ -]?)4002([ -]?)2896",
+        "3530([ -]?)1113([ -]?)3330([ -]?)0000",
+        "3556([ -]?)4000([ -]?)0055([ -]?)1234",
+        "3566([ -]?)0020([ -]?)2036([ -]?)0505",
+        "3569([ -]?)9900([ -]?)0000([ -]?)0009"
+    ]
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code
+    filter_function = card_number

txt2stix/pattern/extractors/card/master_card_extractor.py

@@ -0,0 +1,63 @@
+from validators import card_number
+from ..base_extractor import BaseExtractor
+
+
+class MastercardCardExtractor(BaseExtractor):
+    """
+    A class for extracting Mastercard credit card numbers from text using regular expressions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "master-card".
+        extraction_regex (str): The regular expression pattern used for extracting Mastercard credit card numbers.
+    """
+
+    name = "pattern_bank_card_mastercard"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-8A0A2E8B-D740-476E-B10C-885919573022.html
+    description = """
+    Credit Card Number (Mastercard) is a 16-digit number beginning with 51–55 or
+	2221– 2720 and might have dashes (hyphens) or spaces as separators. For
+	example, NNNN-NNNN-NNNN-NNNN or NNNN NNNN NNNN NNNN. This excludes common test
+	card numbers.
+
+    validator = Luhn 10 (remainder 0)
+    """
+    extraction_regex_list = [
+        "\\b5[1-5]\\d{2}-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b5[1-5]\\d{2} \\d{4} \\d{4} \\d{4}\\b",
+        "\\b5[1-5]\\d{14}\\b",
+        "\\b2[2-7]\\d{2}-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b2[2-7]\\d{2} \\d{4} \\d{4} \\d{4}\\b",
+        "\\b2[2-7]\\d{14}\\b"
+    ]
+    filter_regex_list = [
+        "5100([- ]?)0800([ -]?)0000([ -]?)0000",
+        "5105([- ]?)1051([ -]?)0510([ -]?)5100",
+        "5111([- ]?)1111([ -]?)1111([ -]?)1118",
+        "5123([- ]?)4567([ -]?)8901([ -]?)2346",
+        "5123([- ]?)6197([ -]?)4539([ -]?)5853",
+        "5138([- ]?)4951([ -]?)2555([ -]?)0554",
+        "5274([- ]?)5763([ -]?)9425([ -]?)9961",
+        "5301([- ]?)7455([ -]?)2913([ -]?)8831",
+        "5311([- ]?)5312([ -]?)8600([ -]?)0465",
+        "5364([- ]?)5870([ -]?)1178([ -]?)5834",
+        "5404([- ]?)0000([ -]?)0000([ -]?)0001",
+        "5431([- ]?)1111([ -]?)1111([ -]?)1111",
+        "5454([- ]?)5454([ -]?)5454([ -]?)5454",
+        "5459([- ]?)8862([ -]?)6563([ -]?)1843",
+        "5460([- ]?)5060([ -]?)4803([ -]?)9935",
+        "5500([- ]?)9391([ -]?)7800([ -]?)4613",
+        "5555([- ]?)5555([ -]?)5555([ -]?)4444",
+        "5556([- ]?)4000([ -]?)0055([ -]?)1234",
+        "5565([- ]?)5520([ -]?)6448([ -]?)1449",
+        "5597([- ]?)5076([ -]?)4491([ -]?)0558",
+        "220\\d([- ]?)\\d{4}([ -]?)\\d{4}([ -]?)\\d{4}",
+        "221\\d([- ]?)\\d{4}([ -]?)\\d{4}([ -]?)\\d{4}",
+        "2220([- ]?)\\d{4}([ -]?)\\d{4}([ -]?)\\d{4}",
+        "272[1-9]([- ]?)\\d{4}([ -]?)\\d{4}([ -]?)\\d{4}",
+        "27[3-9]\\d([- ]?)\\d{4}([ -]?)\\d{4}([ -]?)\\d{4}"
+    ]
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code
+    filter_function = card_number

txt2stix/pattern/extractors/card/union_card_extractor.py

@@ -0,0 +1,38 @@
+from ..base_extractor import BaseExtractor
+
+
+class UnionPayCardExtractor(BaseExtractor):
+    """
+    A class for extracting UnionPay credit card numbers from text using regular expressions.
+
+    This class inherits from BaseExtractor, which defines the basic structure and functionality for all extractors.
+
+    Attributes:
+        name (str): The name of the extractor, set to "union-pay-card".
+        extraction_regex (str): The regular expression pattern used for extracting UnionPay credit card numbers.
+    """
+
+    name = "pattern_bank_card_union_pay"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-B8D29ECE-E70A-401E-B18D-B773F4FF71ED.html
+    description = """
+    The China UnionPay credit card numbers begin with 62 or 60 and is a 16-19
+	digit long number.
+
+    validator = China Union Pay Card validator
+    """
+    extraction_regex_list = [
+        "\\b622\\d{13,16}\\b",
+        "\\b603601\\d{10}\\b",
+        "\\b603265\\d{10}\\b",
+        "\\b621977\\d{10}\\b",
+        "\\b603708\\d{10}\\b",
+        "\\b602969\\d{10}\\b",
+        "\\b601428\\d{10}\\b",
+        "\\b603367\\d{10}\\b",
+        "\\b603694\\d{10}\\b"
+    ]
+    filter_regex_list = []
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code

txt2stix/pattern/extractors/card/visa_card_extractor.py

@@ -0,0 +1,46 @@
+from validators import card_number
+from ..base_extractor import BaseExtractor
+
+
+class VisaCardBaseExtractor(BaseExtractor):
+    """
+    A class for extracting VISA credit card numbers from text using regular expressions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "visa-card".
+        extraction_regex (str): The regular expression pattern used for extracting VISA credit card numbers.
+    """
+
+    name = "pattern_bank_card_visa"
+
+    # The following part is automatically generated from https://docs.trellix.com/bundle/data-loss-prevention-11.10.x-classification-definitions-reference-guide/page/GUID-66A52D16-CA41-4509-826D-8D29B1F968C2.html
+    description = """
+    Credit Card Number (Visa) is 16-digit number and might have dashes (hyphen) or
+	spaces as separators. For example, NNNN-NNNN-NNNN-NNNN or NNNN NNNN NNNN NNNN.
+	This excludes common test card numbers.
+
+    validator = Luhn 10 (remainder 0)
+    """
+    extraction_regex_list = [
+        "\\b4\\d{3}-\\d{4}-\\d{4}-\\d{4}\\b",
+        "\\b4\\d{3} \\d{4} \\d{4} \\d{4}\\b",
+        "\\b4\\d{15}\\b"
+    ]
+    filter_regex_list = [
+        "4005([ -]?)5500([ -]?)0000([ -]?)0001",
+        "4012([ -]?)8888([ -]?)8888([ -]?)1881",
+        "4111([ -]?)1111([ -]?)1111([ -]?)1111",
+        "4444([ -]?)3333([ -]?)2222([ -]?)1111",
+        "4539([ -]?)1050([ -]?)1153([ -]?)9664",
+        "4555([ -]?)4000([ -]?)0055([ -]?)5123",
+        "4564([ -]?)4564([ -]?)4564([ -]?)4564",
+        "4544([ -]?)1821([ -]?)7453([ -]?)7267",
+        "4716([ -]?)9147([ -]?)0653([ -]?)4228",
+        "4916([ -]?)5417([ -]?)1375([ -]?)7159",
+        "4916([ -]?)6156([ -]?)3934([ -]?)6972",
+        "4917([ -]?)6100([ -]?)0000([ -]?)0000"
+    ]
+    extraction_regex = "|".join(extraction_regex_list)
+
+    # end of generated code
+    filter_function = card_number

txt2stix/pattern/extractors/crypto/__init__.py

@@ -0,0 +1,3 @@
+from .btc_extractor import CryptoBTCWalletExtractor
+
+CRYPTO_EXTRACTORS = [CryptoBTCWalletExtractor]