txt2stix 1.1.13__py3-none-any.whl → 1.1.14__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- txt2stix/indicator.py +21 -3
- {txt2stix-1.1.13.dist-info → txt2stix-1.1.14.dist-info}/METADATA +1 -1
- {txt2stix-1.1.13.dist-info → txt2stix-1.1.14.dist-info}/RECORD +6 -6
- {txt2stix-1.1.13.dist-info → txt2stix-1.1.14.dist-info}/WHEEL +0 -0
- {txt2stix-1.1.13.dist-info → txt2stix-1.1.14.dist-info}/entry_points.txt +0 -0
- {txt2stix-1.1.13.dist-info → txt2stix-1.1.14.dist-info}/licenses/LICENSE +0 -0
txt2stix/indicator.py
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
from datetime import UTC, datetime
|
|
2
3
|
import os
|
|
3
4
|
import re
|
|
5
|
+
import uuid
|
|
4
6
|
from stix2.parsing import dict_to_stix2
|
|
5
7
|
from stix2 import HashConstant, File
|
|
6
8
|
from stix2.v21.vocab import HASHING_ALGORITHM
|
|
@@ -24,7 +26,7 @@ if TYPE_CHECKING:
|
|
|
24
26
|
|
|
25
27
|
# from schwifty import IBAN
|
|
26
28
|
|
|
27
|
-
from .common import MinorException
|
|
29
|
+
from .common import UUID_NAMESPACE, MinorException
|
|
28
30
|
|
|
29
31
|
from .retriever import retrieve_stix_objects
|
|
30
32
|
|
|
@@ -675,11 +677,19 @@ def _build_observables(
|
|
|
675
677
|
)
|
|
676
678
|
)
|
|
677
679
|
|
|
680
|
+
_id_part = str(
|
|
681
|
+
uuid.uuid5(
|
|
682
|
+
UUID_NAMESPACE,
|
|
683
|
+
f"txt2stix+{extracted_value}",
|
|
684
|
+
)
|
|
685
|
+
)
|
|
686
|
+
|
|
678
687
|
if stix_mapping == "attack-pattern":
|
|
679
688
|
stix_objects = [
|
|
680
689
|
dict_to_stix2(
|
|
681
690
|
{
|
|
682
691
|
"type": "attack-pattern",
|
|
692
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
683
693
|
"spec_version": "2.1",
|
|
684
694
|
"created_by_ref": indicator["created_by_ref"],
|
|
685
695
|
"created": indicator["created"],
|
|
@@ -695,6 +705,7 @@ def _build_observables(
|
|
|
695
705
|
dict_to_stix2(
|
|
696
706
|
{
|
|
697
707
|
"type": "campaign",
|
|
708
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
698
709
|
"spec_version": "2.1",
|
|
699
710
|
"created_by_ref": indicator["created_by_ref"],
|
|
700
711
|
"created": indicator["created"],
|
|
@@ -711,6 +722,7 @@ def _build_observables(
|
|
|
711
722
|
dict_to_stix2(
|
|
712
723
|
{
|
|
713
724
|
"type": "course-of-action",
|
|
725
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
714
726
|
"spec_version": "2.1",
|
|
715
727
|
"created_by_ref": indicator["created_by_ref"],
|
|
716
728
|
"created": indicator["created"],
|
|
@@ -727,6 +739,7 @@ def _build_observables(
|
|
|
727
739
|
dict_to_stix2(
|
|
728
740
|
{
|
|
729
741
|
"type": "infrastructure",
|
|
742
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
730
743
|
"spec_version": "2.1",
|
|
731
744
|
"created_by_ref": indicator["created_by_ref"],
|
|
732
745
|
"created": indicator["created"],
|
|
@@ -744,6 +757,7 @@ def _build_observables(
|
|
|
744
757
|
dict_to_stix2(
|
|
745
758
|
{
|
|
746
759
|
"type": "intrusion-set",
|
|
760
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
747
761
|
"spec_version": "2.1",
|
|
748
762
|
"created_by_ref": indicator["created_by_ref"],
|
|
749
763
|
"created": indicator["created"],
|
|
@@ -760,6 +774,7 @@ def _build_observables(
|
|
|
760
774
|
dict_to_stix2(
|
|
761
775
|
{
|
|
762
776
|
"type": "malware",
|
|
777
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
763
778
|
"spec_version": "2.1",
|
|
764
779
|
"created_by_ref": indicator["created_by_ref"],
|
|
765
780
|
"created": indicator["created"],
|
|
@@ -778,6 +793,7 @@ def _build_observables(
|
|
|
778
793
|
dict_to_stix2(
|
|
779
794
|
{
|
|
780
795
|
"type": "threat-actor",
|
|
796
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
781
797
|
"spec_version": "2.1",
|
|
782
798
|
"created_by_ref": indicator["created_by_ref"],
|
|
783
799
|
"created": indicator["created"],
|
|
@@ -795,6 +811,7 @@ def _build_observables(
|
|
|
795
811
|
dict_to_stix2(
|
|
796
812
|
{
|
|
797
813
|
"type": "tool",
|
|
814
|
+
# "id": stix_mapping + "--" + _id_part,
|
|
798
815
|
"spec_version": "2.1",
|
|
799
816
|
"created_by_ref": indicator["created_by_ref"],
|
|
800
817
|
"created": indicator["created"],
|
|
@@ -814,8 +831,9 @@ def _build_observables(
|
|
|
814
831
|
"type": "identity",
|
|
815
832
|
"spec_version": "2.1",
|
|
816
833
|
"created_by_ref": indicator["created_by_ref"],
|
|
817
|
-
"created":
|
|
818
|
-
"modified":
|
|
834
|
+
"created": datetime(2020, 1, 1, tzinfo=UTC),
|
|
835
|
+
"modified": datetime(2020, 1, 1, tzinfo=UTC),
|
|
836
|
+
"id": "identity--" + _id_part,
|
|
819
837
|
"name": extracted_value,
|
|
820
838
|
"identity_class": "unspecified",
|
|
821
839
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: txt2stix
|
|
3
|
-
Version: 1.1.
|
|
3
|
+
Version: 1.1.14
|
|
4
4
|
Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
|
|
5
5
|
Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
|
|
6
6
|
Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues
|
|
@@ -4,7 +4,7 @@ txt2stix/bundler.py,sha256=GmpWW9ek4iFZdEIyjVSpd9RnmyeNsZJOpnax5Tt0uT0,16748
|
|
|
4
4
|
txt2stix/common.py,sha256=ISnGNKqJPE1EcfhL-x_4G18mcwt1urmorkW-ru9kV-0,585
|
|
5
5
|
txt2stix/credential_checker.py,sha256=eWDP-jY3-jm8zI0JMoUcyoQZ_JqPNfCIr_HAO8nVYz0,3044
|
|
6
6
|
txt2stix/extractions.py,sha256=_tlsqYHhfAoV-PJzxRHysrX47uxCsMlSg7PQWxww1u0,2171
|
|
7
|
-
txt2stix/indicator.py,sha256=
|
|
7
|
+
txt2stix/indicator.py,sha256=EYh3mmgdq-8_5uQrHX5OkQG1sgiO1jQjRCqJaHqyF8k,30770
|
|
8
8
|
txt2stix/lookups.py,sha256=h42YVtYUkWZm6ZPv2h5hHDHDzDs3yBqrT_T7pj2MDZI,2301
|
|
9
9
|
txt2stix/retriever.py,sha256=sMNhnEYk3l5W44qZsWaDQtJYoHXA1oYIPM6wDqiUHSg,6642
|
|
10
10
|
txt2stix/stix.py,sha256=9nXD9a2dCY4uaatl-mlIA1k3srwQBhGW-tUSho3iYe0,30
|
|
@@ -114,8 +114,8 @@ txt2stix/includes/lookups/threat_actor.txt,sha256=QfDO9maQuqKBgW_Sdd7VGv1SHZ9Ra-
|
|
|
114
114
|
txt2stix/includes/lookups/tld.txt,sha256=-MEgJea2NMG_KDsnc4BVvI8eRk5Dm93L-t8SGYx5wMo,8598
|
|
115
115
|
txt2stix/includes/lookups/tool.txt,sha256=HGKG6JpUE26w6ezzSxOjBkp15UpSaB7N-mZ_NU_3G7A,6
|
|
116
116
|
txt2stix/includes/tests/test_cases.yaml,sha256=vErA3c5fySeWvJ5yJ8dCTEo3ufRATASAjaF4gj4Az1M,22424
|
|
117
|
-
txt2stix-1.1.
|
|
118
|
-
txt2stix-1.1.
|
|
119
|
-
txt2stix-1.1.
|
|
120
|
-
txt2stix-1.1.
|
|
121
|
-
txt2stix-1.1.
|
|
117
|
+
txt2stix-1.1.14.dist-info/METADATA,sha256=NaUvm8KFwWFYKiug2PDVWGXRd_W1E75y5j3LiouGW7c,15032
|
|
118
|
+
txt2stix-1.1.14.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
|
|
119
|
+
txt2stix-1.1.14.dist-info/entry_points.txt,sha256=x6QPtt65hWeomw4IpJ_wQUesBl1M4WOLODbhOKyWMFg,55
|
|
120
|
+
txt2stix-1.1.14.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
|
|
121
|
+
txt2stix-1.1.14.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|