PyPI - txt2stix - Versions diffs - 1.1.2__tar.gz → 1.1.3__tar.gz - Mend

txt2stix 1.1.2tar.gz → 1.1.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

{txt2stix-1.1.2 → txt2stix-1.1.3}/.github/workflows/run-tests.yml RENAMED Viewed

@@ -51,6 +51,7 @@ jobs:
           source .env;
           set +a;
           pip install -e .[tests]
+          pip install --force-reinstall https://github.com/muchdogesec/stix2extensions/archive/5258ee81355699b86c1e9ba670bf53fe3c37bcbc.zip
           pytest --cov --cov-branch --cov-report=xml --junitxml=junit.xml -o junit_family=legacy
       - name: Upload coverage reports to Codecov

{txt2stix-1.1.2 → txt2stix-1.1.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: txt2stix
-Version: 1.1.2
+Version: 1.1.3
 Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
 Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
 Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues

{txt2stix-1.1.2 → txt2stix-1.1.3}/docs/stix-mapping.md RENAMED Viewed

@@ -871,7 +871,7 @@ Objects always created:
     ],
     "name": "User Agent: <EXTRACTED FULL USER AGENT STRING>",
     "pattern_type": "stix",
-    "pattern": "[ user-agent:string = '<EXTRACTED FULL USER AGENT STRING>' ]",
+    "pattern": "[ user-agent:value = '<EXTRACTED FULL USER AGENT STRING>' ]",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -895,7 +895,7 @@ Objects always created:
     "type": "user-agent",
     "spec_version": "2.1",
     "id": "user-agent--<GENERATED BY STIX2 LIBRARY>",
-    "string": "<EXTRACTED FULL USER AGENT STRING>",
+    "value": "<EXTRACTED FULL USER AGENT STRING>",
     "extensions": {
         "extension-definition--7ca5afee-0e4e-5813-b643-de51538658cc" : {
             "extension_type" : "new-sco"
@@ -926,7 +926,7 @@ Objects always created:
     ],
     "name": "<CRYPTO TYPE> Wallet: <EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>",
     "pattern_type": "stix",
-    "pattern": "[ cryptocurrency-wallet:address = '<EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>' ]",
+    "pattern": "[ cryptocurrency-wallet:value = '<EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>' ]",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -945,7 +945,7 @@ Objects always created:
 }
 ```
-The `cryptocurrency-wallet` object is generated by [crypto2stix](https://github.com/muchdogesec/crypto2stix).
+The `cryptocurrency-wallet` object is generated by [crypto2stix](https://github.com/muchdogesec/stix2extensions/blob/main/stix2extensions/tools/crypto2stix.py).
 The crypto2stix equivilant command is;
@@ -979,7 +979,7 @@ Objects always created:
     ],
     "name": "<CRYPTO TYPE> Wallet: <EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>",
     "pattern_type": "stix",
-    "pattern": "[ cryptocurrency-wallet:address = '<EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>' ]",
+    "pattern": "[ cryptocurrency-wallet:value = '<EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>' ]",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -998,7 +998,7 @@ Objects always created:
 }
 ```
-The `cryptocurrency-transaction` object is generated by [crypto2stix](https://github.com/muchdogesec/crypto2stix).
+The `cryptocurrency-transaction` object is generated by [crypto2stix](https://github.com/muchdogesec/stix2extensions/blob/main/stix2extensions/tools/crypto2stix.py)
 The crypto2stix equivilant command is;
@@ -1032,7 +1032,7 @@ Objects always created:
     ],
     "name": "<CRYPTO TYPE> Transaction: <EXTRACTED TRANSACTION HASH>",
     "pattern_type": "stix",
-    "pattern": "[ cryptocurrency-transaction:hash = '<EXTRACTED CRYPTOCURRENCY HASH VALUE>' ]",
+    "pattern": "[ cryptocurrency-transaction:value = '<EXTRACTED CRYPTOCURRENCY HASH VALUE>' ]",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -1057,7 +1057,7 @@ Objects always created:
     "spec_version": "2.1",
     "id": "cryptocurrency-transaction--<UUIDV5>",
     "currency_symbol": "<EXTRACTED CRYPTOCURRENCY OBSERVABLE VALUE>",
-    "hash": "<EXTRACTED TRANSACTION HASH>",
+    "value": "<EXTRACTED TRANSACTION HASH>",
     "timestamp": "2022-10-02T15:22:21Z",
     "extensions": {
         "extension-definition--151d042d-4dcf-5e44-843f-1024440318e5" : {
@@ -1067,7 +1067,7 @@ Objects always created:
 }
 ```
-The `cryptocurrency-transaction` object is generated by [crypto2stix](https://github.com/muchdogesec/crypto2stix).
+The `cryptocurrency-transaction` object is generated by [crypto2stix](https://github.com/muchdogesec/stix2extensions/blob/main/stix2extensions/tools/crypto2stix.py)
 The crypto2stix equivilant command is;
@@ -1077,15 +1077,15 @@ python3 crypto2stix.py --transaction HASH
 This will also generate all `cryptocurrency-wallets` seen in the transaction.
-### stix-mapping: `bank-card`
+### stix-mapping: `payment-card`
 Objects always created:
 * `indicator`
-* `bank-card`
-* `relationship` (`indicator` -> `bank-card`)
-* `identity` (with `relationship` to `bank-card`) generated by creditcard2stix (is not always generated if lookup unsuccessful)
-* `extension-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/bank-card.json
+* `payment-card`
+* `relationship` (`indicator` -> `payment-card`)
+* `identity` (with `relationship` to `payment-card`) generated by creditcard2stix (is not always generated if lookup unsuccessful)
+* `extension-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/payment-card.json
 ```json
 {
@@ -1100,7 +1100,7 @@ Objects always created:
     ],
     "name": "<CARD TYPE>: <EXTRACTED CREDIT CARD OBSERVABLE VALUE>",
     "pattern_type": "stix",
-    "pattern": "[ bank-card:number = '<EXTRACTED CREDIT CARD OBSERVABLE VALUE>' ]",
+    "pattern": "[ payment-card:value = '<EXTRACTED CREDIT CARD OBSERVABLE VALUE>' ]",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -1119,7 +1119,7 @@ Objects always created:
 }
 ```
-The `bank-card` object is generated by [creditcard2stix](https://github.com/muchdogesec/creditcard2stix). This will require users to enter an `BIN_LIST_API_KEY` in the `.env` file.
+The `payment-card` object is generated by [creditcard2stix](https://github.com/muchdogesec/stix2extensions/blob/main/stix2extensions/tools/creditcard2stix.py). This will require users to enter an `BIN_LIST_API_KEY` and CTI Butler keys in the `.env` file.
 ### stix-mapping: `bank-account`
@@ -1127,7 +1127,7 @@ Objects always created:
 * `indicator`
 * `bank-account`
-* `relationship` (`indicator` -> `bank-card`)
+* `relationship` (`indicator` -> `payment-card`)
 * `extension-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/bank-account.json
 ```json
@@ -1143,7 +1143,7 @@ Objects always created:
     ],
     "name": "Bank account: <EXTRACTED IBAN OBSERVABLE VALUE>",
     "pattern_type": "stix",
-    "pattern": "[ bank-account:iban_number = '<EXTRACTED IBAN OBSERVABLE VALUE>' ]",
+    "pattern": "[ bank-account:iban = '<EXTRACTED IBAN OBSERVABLE VALUE>' ]",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -1167,7 +1167,7 @@ Objects always created:
     "type": "bank-account",
     "spec_version": "2.1",
     "id": "bank-account--<UUIDV5>",
-    "iban_number": "<FULL IBAN NUMBER INCLUDING COUNTRY CODE>",
+    "iban": "<FULL IBAN NUMBER INCLUDING COUNTRY CODE>",
     "extensions": {
         "extension-definition--f19f3291-6a84-5674-b311-d75a925d5bd9": {
             "extension_type" : "new-sco"
@@ -1179,7 +1179,7 @@ Objects always created:
 To ensure duplicate `bank-account` objects are not created for the same values, a UUIDv5 address is generated for the ID as follows;
 * Namespace = `00abedb4-aa42-466c-9c01-fed23315a9b7` (this is the default MITRE namespace used in the stix2 python lib https://github.com/oasis-open/cti-python-stix2/blob/50fd81fd6ba4f26824a864319305bc298e89bb45/stix2/base.py#L29)
-* Value = `<iban_number>`
+* Value = `iban`
 ### stix-mapping: `phone-number`
@@ -1203,7 +1203,7 @@ Objects always created:
     ],
     "name": "Phone Number: <EXTRACTED PHONE OBSERVABLE VALUE>",
     "pattern_type": "stix",
-    "pattern": "[ phone-number:number = '<EXTRACTED PHONE OBSERVABLE VALUE>'",
+    "pattern": "[ phone-number:value = '<EXTRACTED PHONE OBSERVABLE VALUE>'",
     "valid_from": "<REPORT CREATED PROPERTY VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>",
@@ -1227,7 +1227,7 @@ Objects always created:
     "type": "phone-number",
     "spec_version": "2.1",
     "id": "phone-number--<UUIDV5>",
-    "number": "<EXTRACTED PHONE OBSERVABLE VALUE>",
+    "value": "<EXTRACTED PHONE OBSERVABLE VALUE>",
     "extensions": {
         "extension-definition--14a97ee2-e666-5ada-a6bd-b7177f79e211" : {
             "extension_type" : "new-sco"

{txt2stix-1.1.2 → txt2stix-1.1.3}/includes/extractions/ai/config.yaml RENAMED Viewed

@@ -622,7 +622,7 @@ ai_bank_card_all:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_mastercard
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_mastercard:
   type: ai
@@ -638,7 +638,7 @@ ai_bank_card_mastercard:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_mastercard
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_visa:
   type: ai
@@ -654,7 +654,7 @@ ai_bank_card_visa:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_visa
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_amex:
   type: ai
@@ -670,7 +670,7 @@ ai_bank_card_amex:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_amex
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_union_pay:
   type: ai
@@ -686,7 +686,7 @@ ai_bank_card_union_pay:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_union_pay
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_diners:
   type: ai
@@ -702,7 +702,7 @@ ai_bank_card_diners:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_diners
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_jcb:
   type: ai
@@ -718,7 +718,7 @@ ai_bank_card_jcb:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_jcb
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ai_bank_card_discover:
   type: ai
@@ -734,7 +734,7 @@ ai_bank_card_discover:
   prompt_helper: ''
   prompt_conversion: ''
   test_cases: generic_bank_card_discover
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ####### IBAN Extractions #######

{txt2stix-1.1.2 → txt2stix-1.1.3}/includes/extractions/pattern/config.yaml RENAMED Viewed

@@ -491,92 +491,92 @@ pattern_bank_card_mastercard:
   type: pattern
   dogesec_web: true
   name: 'Bank Card Mastercard'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_mastercard'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_mastercard
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 pattern_bank_card_visa:
   type: pattern
   dogesec_web: true
   name: 'Bank Card Visa'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_visa'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_visa
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 pattern_bank_card_amex:
   type: pattern
   dogesec_web: true
   name: 'Bank Card American Express'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_amex'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_amex
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 pattern_bank_card_union_pay:
   type: pattern
   dogesec_web: true
   name: 'Bank Card Union Pay'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_union_pay'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_union_pay
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 pattern_bank_card_diners:
   type: pattern
   dogesec_web: true
   name: 'Bank Card Diners'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_diners'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_diners
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 pattern_bank_card_jcb:
   type: pattern
   dogesec_web: true
   name: 'Bank Card JCB'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_jcb'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_jcb
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 pattern_bank_card_discover:
   type: pattern
   dogesec_web: true
   name: 'Bank Card Discover'
-  description: 'Will extract card numbers and create a bank-card object. Will also enrich card information if BIN List API key set'
+  description: 'Will extract card numbers and create a payment-card object. Will also enrich card information if BIN List API key set'
   notes: 'Also available: ai_bank_card_discover'
   created: 2020-01-01
   modified:  2020-01-01
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_bank_card_discover
-  stix_mapping: bank-card
+  stix_mapping: payment-card
 ####### IBAN Extractions #######

{txt2stix-1.1.2 → txt2stix-1.1.3}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "txt2stix"
-version = "1.1.2"
+version = "1.1.3"
 authors = [{ name = "dogesec" }]
 maintainers = [{ name = "dogesec" }]
 description = "txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle."

{txt2stix-1.1.2 → txt2stix-1.1.3}/requirements.txt RENAMED Viewed

@@ -185,7 +185,7 @@ stix2==3.0.1
     # via stix2extensions
 stix2-patterns==2.0.0
     # via stix2
-stix2extensions==1.1.1
+stix2extensions==1.2.0
     # via txt2stix (pyproject.toml)
 tenacity==9.1.2
     # via llama-index-core

{txt2stix-1.1.2 → txt2stix-1.1.3}/tests/src/test_attack_flow.py RENAMED Viewed

@@ -1,7 +1,6 @@
 from types import SimpleNamespace
 import pytest
 from unittest.mock import MagicMock, patch
-from stix2extensions._extensions import attack_flow_ExtensionDefinitionSMO
 from txt2stix.ai_extractor.utils import AttackFlowList, AttackFlowItem
 from txt2stix.attack_flow import (
@@ -26,7 +25,6 @@ def test_parse_flow(dummy_report, dummy_objects, dummy_flow):
         "attack-pattern--1b22b676-9347-4c55-9a35-ef0dc653db5b",
         "x-mitre-tactic--298fe907-7931-4fd2-8131-2814dd493134",
         "attack-action--1fd63972-ef98-5da5-81f5-4090c7dfa585",
-        "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4",
         "attack-pattern--1a80d097-54df-41d8-9d33-34e755ec5e72",
         "report--9c88fbcb-8c0d-4124-868b-3dcb1e9b696c",
         "attack-flow--bb21585c-5f82-55cf-b73d-89b5217ef092",
@@ -790,7 +788,7 @@ def dummy_report():
                 "marking-definition--e828b379-4e03-4974-9ac4-e53a884c97c1",
                 "marking-definition--f92e15d9-6afc-5ae2-bb3e-85a1fd83a3b5",
             ],
-            "object_refs": [attack_flow_ExtensionDefinitionSMO.id],
+            "object_refs": ["identity--e828b379-4e03-4974-9ac4-e53a884c97c1"],
             "published": "2025-03-10T15:06:34.423036Z",
             "spec_version": "2.1",
             "type": "report",

txt2stix 1.1.2__tar.gz → 1.1.3__tar.gz

txt2stix 1.1.2tar.gz → 1.1.3tar.gz