txt2stix 1.1.6__py3-none-any.whl → 1.1.8__py3-none-any.whl

txt2stix/ai_extractor/utils.py

@@ -5,6 +5,8 @@ import logging
 import dotenv
 import textwrap
 
+import json_repair
+
 from ..extractions import Extractor
 
 from pydantic import BaseModel, Field, RootModel
@@ -63,7 +65,8 @@ class ParserWithLogging(PydanticOutputParser):
         print(text, file=f)
         print("=================close=================" + "\n"*5, file=f)
         logging.debug(f.getvalue())
-        return super().parse(text)
+        repaired_json = json_repair.repair_json(text)
+        return super().parse(repaired_json)
 
 def get_extractors_str(extractors):
     extractor: Extractor = None

txt2stix/includes/extractions/ai/config.yaml

@@ -10,7 +10,7 @@ ai_ipv4_address_only:
   notes: 'pattern_ipv4_address_only legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all IPv4 addresses from the text.'
   prompt_helper: 'Do not include any IPv4s that contain a port or CIDR.'
@@ -26,7 +26,7 @@ ai_ipv4_address_cidr:
   notes: 'pattern_ipv4_address_cidr legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all IPv4 addresses with a CIDR from the text. CIDR part must be >=0 <=32.'
   prompt_helper: 'Do not include any IPs that do not have a CIDR.'
@@ -42,7 +42,7 @@ ai_ipv4_address_port:
   notes: 'pattern_ipv4_address_port legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all IPv4 addresses with a port from the text. Port number part must be >=0 <=65535.'
   prompt_helper: 'Do not include any IPv4s that do not contain a port number.'
@@ -60,7 +60,7 @@ ai_ipv6_address_only:
   notes: 'pattern_ipv6_address_only legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all IPv6 addresses from the text.'
   prompt_helper: 'Do not include any IPv6s that contain a port or CIDR.'
@@ -76,7 +76,7 @@ ai_ipv6_address_cidr:
   notes: 'pattern_ipv6_address_cidr legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all IPv6 addresses with a CIDR from the text. CIDR part must be >=0 <=128.'
   prompt_helper: 'Do not include any IPv6s that do not contain a CIDR'
@@ -92,7 +92,7 @@ ai_ipv6_address_port:
   notes: 'pattern_ipv6_address_port legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all IPv6 addresses with a CIDR from the text. Port number part must be >=0 <=65535.'
   prompt_helper: 'Do not include any IPv6s that do not contain a port number'
@@ -110,7 +110,7 @@ ai_domain_name_only:
   notes: 'pattern_domain_name_only legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all valid root domain names from the text. Do not extract subdomains.'
   prompt_helper: ''
@@ -126,7 +126,7 @@ ai_domain_name_subdomain:
   notes: 'pattern_domain_name_subdomain legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all valid subdomain names from the text. Do not extract root domains.'
   prompt_helper: ''
@@ -144,7 +144,7 @@ ai_url:
   notes: 'pattern_url legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all URLs with no path/file extension from the text. If the sub/domain part is not an IP, then it must have a valid TLD.'
   prompt_helper: ''
@@ -160,7 +160,7 @@ ai_url_file:
   notes: 'pattern_url_file legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all URLs with file extension in path from the text. If the sub/domain part is not an IP, then it must have a valid TLD. The file must match valid filetype.'
   prompt_helper: ''
@@ -176,7 +176,7 @@ ai_url_path:
   notes: 'pattern_url_path legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all URLs without a file extension in their path from the text. If the sub/domain part is not an IP, then it must have a valid TLD.'
   prompt_helper: ''
@@ -194,7 +194,7 @@ ai_host_name:
   notes: 'pattern_host_name legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all hostnames from the text. Hostnames should not have a valid TLD extension (these are domains).'
   prompt_helper: ''
@@ -210,7 +210,7 @@ ai_host_name_subdomain:
   notes: 'pattern_host_name_subdomain legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all sub-hostnames from the text. Sub-hostnames should not have a valid TLD extension.'
   prompt_helper: ''
@@ -226,7 +226,7 @@ ai_host_name_url:
   notes: 'pattern_host_name_url legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all hostnames / sub-hostnames with full URLs from the text. All extractions should not have a valid TLD extension.'
   prompt_helper: ''
@@ -242,7 +242,7 @@ ai_host_name_file:
   notes: 'pattern_host_name_file legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all hostnames / sub-hostnames with full URLs from the text that contain a path to a valid file extension. All extractions should not have a valid TLD extension. All file extensions should be valid file extensions.'
   prompt_helper: ''
@@ -258,7 +258,7 @@ ai_host_name_path:
   notes: 'pattern_host_name_path legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all hostnames / sub-hostnames with full URLs (but do not contain a path to a file) from the text that. All extractions should not have a valid TLD extension. All file extensions should be valid file extensions.'
   prompt_helper: ''
@@ -276,7 +276,7 @@ ai_directory_windows:
   notes: 'pattern_directory_windows legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Windows directory paths from the text.'
   prompt_helper: ''
@@ -292,7 +292,7 @@ ai_directory_windows_with_file:
   notes: 'pattern_directory_windows_with_file legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Windows directory paths from the text that contain a path to a file. Ensure the file type extension is valid.'
   prompt_helper: ''
@@ -308,7 +308,7 @@ ai_directory_unix:
   notes: 'pattern_directory_unix legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all UNIX directory paths from the text.'
   prompt_helper: ''
@@ -324,7 +324,7 @@ ai_directory_unix_file:
   notes: 'pattern_directory_unix_file legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all UNIX directory paths from the text that contain a path to a file. Ensure the file type extension is valid.'
   prompt_helper: ''
@@ -342,7 +342,7 @@ ai_file_name:
   notes: 'pattern_file_name legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all file names from the text. Ensure the file type extension is valid.'
   prompt_helper: ''
@@ -358,7 +358,7 @@ ai_file_hash_all:
   notes: ''
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 file hashes from the text.'
   prompt_helper: ''
@@ -374,7 +374,7 @@ ai_file_hash_md5:
   notes: 'pattern_file_hash_md5 legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all MD5 hashes from the text.'
   prompt_helper: ''
@@ -390,7 +390,7 @@ ai_file_hash_sha_1:
   notes: 'pattern_file_hash_sha_1 legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all SHA-1 hashes from the text.'
   prompt_helper: ''
@@ -406,7 +406,7 @@ ai_file_hash_sha_256:
   notes: 'pattern_file_hash_sha_256 legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all SHA-256 hashes from the text.'
   prompt_helper: ''
@@ -422,7 +422,7 @@ ai_file_hash_sha_512:
   notes: 'pattern_file_hash_sha_512 legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all SHA-512 hashes from the text.'
   prompt_helper: ''
@@ -440,7 +440,7 @@ ai_email_address:
   notes: 'pattern_email_address legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all email addresses from the text.'
   prompt_helper: ''
@@ -458,7 +458,7 @@ ai_mac_address:
   notes: 'pattern_mac_address legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all MAC addresses from the text.'
   prompt_helper: ''
@@ -476,7 +476,7 @@ ai_windows_registry_key:
   notes: 'pattern_windows_registry_key legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Windows Registry Keys from the text.'
   prompt_helper: ''
@@ -494,7 +494,7 @@ ai_user_agent:
   notes: 'pattern_user_agent legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all user agents from the text.'
   prompt_helper: ''
@@ -512,7 +512,7 @@ ai_autonomous_system_number:
   notes: 'pattern_user_agent legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Autonomous System Numbers (ASN)'
   prompt_helper: ''
@@ -530,7 +530,7 @@ ai_cryptocurrency_btc_wallet:
   notes: 'pattern_cryptocurrency_btc_wallet legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Bitcoin Wallet hashes from the text.'
   prompt_helper: ''
@@ -546,7 +546,7 @@ ai_cryptocurrency_btc_wallet_transaction:
   notes: 'pattern_cryptocurrency_btc_wallet_transaction legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Bitcoin transaction hashes from the text.'
   prompt_helper: ''
@@ -562,7 +562,7 @@ ai_cryptocurrency_btc_transaction:
   notes: 'pattern_cryptocurrency_btc_transaction legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Bitcoin transaction hashes from the text.'
   prompt_helper: ''
@@ -580,7 +580,7 @@ ai_cve_id:
   notes: 'pattern_cve_id legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all CVE IDs from the text.'
   prompt_helper: ''
@@ -598,7 +598,7 @@ ai_cpe_uri:
   notes: 'pattern_cpe_uri legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all CPEs match strings from the text.'
   prompt_helper: ''
@@ -616,7 +616,7 @@ ai_bank_card_all:
   notes: ''
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all MasterCard, Visa, American Express, Union Pay, Diners, JCB, and Discover bank card numbers from the text.'
   prompt_helper: ''
@@ -632,7 +632,7 @@ ai_bank_card_mastercard:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_mastercard (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all MasterCard card numbers from the text.'
   prompt_helper: ''
@@ -648,7 +648,7 @@ ai_bank_card_visa:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_visa (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Visa card numbers from the text.'
   prompt_helper: ''
@@ -664,7 +664,7 @@ ai_bank_card_amex:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_amex (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all American Express card numbers from the text.'
   prompt_helper: ''
@@ -680,7 +680,7 @@ ai_bank_card_union_pay:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_union_pay (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Union Pay card numbers from the text.'
   prompt_helper: ''
@@ -696,7 +696,7 @@ ai_bank_card_diners:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_diners (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Diners card numbers from the text.'
   prompt_helper: ''
@@ -712,7 +712,7 @@ ai_bank_card_jcb:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_jcb (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all JCB card numbers from the text.'
   prompt_helper: ''
@@ -728,7 +728,7 @@ ai_bank_card_discover:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_discover (AI can be unpredictable with sensitive data)'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Discover card numbers from the text.'
   prompt_helper: ''
@@ -746,7 +746,7 @@ ai_iban_number:
   notes: 'pattern_iban_number legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all International Bank Account Numbers (IBAN) from the text.'
   prompt_helper: 'If needed, you can read more about IBAN numbers with examples here: https://www.iban.com/structure'
@@ -764,7 +764,7 @@ ai_phone_number:
   notes: 'pattern_phone_number legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all phone numbers from the text.'
   prompt_helper: 'If needed, you can read more about the E.164 standard with examples here: https://en.wikipedia.org/wiki/E.164'
@@ -782,7 +782,7 @@ ai_country:
   notes: 'lookup_country_alpha2 legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all countries described in the text, including countries printed as IS0-3166 Alpha2 and Alpha3 codes.'
   prompt_helper: 'If you are unsure, you can read more about the standard here: https://www.iso.org/iso-3166-country-codes.html'
@@ -800,7 +800,7 @@ ai_mitre_attack_enterprise:
   notes: 'lookup_mitre_attack_enterprise_id and lookup_mitre_attack_enterprise_name legacy extractions also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all references to MITRE ATT&CK Enterprise tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Mobile in the results.'
   prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/enterprise/'
@@ -816,7 +816,7 @@ ai_mitre_attack_mobile:
   notes: 'lookup_mitre_attack_mobile_id and lookup_mitre_attack_mobile_name legacy extractions also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all references to MITRE ATT&CK Mobile tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Enterprise in the results.'
   prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/mobile/'
@@ -832,7 +832,7 @@ ai_mitre_attack_ics:
   notes: 'lookup_mitre_attack_ics_id and lookup_mitre_attack_ics_name legacy extractions also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all references to MITRE ATT&CK ICS tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK Mobile or MITRE ATT&CK Enterprise in the results.'
   prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/ics/'
@@ -850,7 +850,7 @@ ai_mitre_capec:
   notes: 'lookup_mitre_capec_id and lookup_mitre_capec_name legacy extractions also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all references to a MITRE CAPEC object from the text.'
   prompt_helper: 'If you are unsure, you can learn more about MITRE CAPEC here: https://capec.mitre.org/'
@@ -868,7 +868,7 @@ ai_mitre_cwe:
   notes: 'lookup_mitre_cwe_id and lookup_mitre_cwe_name legacy extractions also exists if you cannot use AI'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all references to a MITRE CWE object from the text.'
   prompt_helper: 'If you are unsure, you can learn more about MITRE CAPEC here: https://cwe.mitre.org/'
@@ -886,7 +886,7 @@ ai_attack_pattern:
   notes: 'lookup_attack_pattern legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Attack Patterns from the text.'
   prompt_helper: 'Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. Attack Patterns are used to help categorize attacks, generalize specific attacks to the patterns that they follow, and provide detailed information about how attacks are performed. An example of an attack pattern is "spear phishing": a common type of attack where an attacker sends a carefully crafted e-mail message to a party with the intent of getting them to click a link or open an attachment to deliver malware.'
@@ -902,7 +902,7 @@ ai_campaign:
   notes: 'lookup_campaign legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Campaigns from the text.'
   prompt_helper: 'A Campaign is a grouping of adversarial behaviors that describes a set of malicious activities or attacks (sometimes called waves) that occur over a period of time against a specific set of targets. Campaigns usually have well defined objectives and may be part of an Intrusion Set. Campaigns are often attributed to an intrusion set and threat actors.'
@@ -918,7 +918,7 @@ ai_course_of_action:
   notes: 'lookup_course_of_action legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Course of Actions from the text.'
   prompt_helper: 'A Course of Action (CoA) is a recommendation from a producer of intelligence to a consumer on the actions that they might take in response to that intelligence. The CoA may be preventative to deter exploitation or corrective to counter its potential impact. The CoA may describe automatable actions (applying patches, configuring firewalls, etc.), manual processes, or a combination of the two. For example, a CoA that describes how to remediate a vulnerability could describe how to apply the patch that removes that vulnerability.'
@@ -934,7 +934,7 @@ ai_identity:
   notes: 'lookup_identity legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Identities from the text.'
   prompt_helper: 'Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector).'
@@ -950,7 +950,7 @@ ai_infrastructure:
   notes: 'lookup_infrastructure legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Infrastructure from the text.'
   prompt_helper: 'The Infrastructure SDO represents a type of TTP and describes any systems, software services and any associated physical or virtual resources intended to support some purpose (e.g., C2 servers used as part of an attack, device or server that are part of defence, database servers targeted by an attack, etc.).'
@@ -966,7 +966,7 @@ ai_intrusion_set:
   notes: 'lookup_intrusion_set legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Intrusion Sets from the text.'
   prompt_helper: 'An Intrusion Set is a grouped set of adversarial behaviors and resources with common properties that is believed to be orchestrated by a single organization. An Intrusion Set may capture multiple Campaigns or other activities that are all tied together by shared attributes indicating a common known or unknown Threat Actor.'
@@ -982,7 +982,7 @@ ai_malware:
   notes: 'lookup_malware legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Malware names from the text.'
   prompt_helper: 'Malware is a type of TTP that represents malicious code. It generally refers to a program that is inserted into a system, usually covertly. The intent is to compromise the confidentiality, integrity, or availability of the victims data, applications, or operating system (OS) or otherwise annoy or disrupt the victim.'
@@ -998,7 +998,7 @@ ai_threat_actor:
   notes: 'lookup_threat_actor legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Threat Actor names from the text.'
   prompt_helper: 'Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. A Threat Actor is not an Intrusion Set but may support or be affiliated with various Intrusion Sets, groups, or organizations over time. Threat Actors can be characterized by their motives, capabilities, goals, sophistication level, past activities, resources they have access to, and their role in the organization.'
@@ -1014,7 +1014,7 @@ ai_tool:
   notes: 'lookup_tool legacy extraction also exists if you cannot use AI'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   prompt_base: 'Extract all Software names from the text.'
   prompt_helper: 'Legitimate software that can be used by threat actors to perform attacks. Unlike malware, these software packages are often found on a system and have legitimate purposes for power users, system administrators, network administrators, or even normal users. Remote access tools (e.g., RDP) and network scanning tools (e.g., Nmap) are examples of software that may be used by a Threat Actor during an attack.'

txt2stix/includes/extractions/lookup/config.yaml

@@ -11,7 +11,7 @@ lookup_country_alpha2:
   file: 'lookups/country_iso3166_alpha2.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_country_alpha2
   stix_mapping: ctibutler-location
@@ -27,7 +27,7 @@ lookup_mitre_attack_enterprise_id:
   file: 'lookups/mitre_attack_enterprise_id_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_enterprise
   stix_mapping: ctibutler-mitre-attack-enterprise-id
@@ -41,7 +41,7 @@ lookup_mitre_attack_enterprise_name:
   file: 'lookups/mitre_attack_enterprise_name_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_enterprise_name
   stix_mapping: ctibutler-mitre-attack-enterprise-name
@@ -55,7 +55,7 @@ lookup_mitre_attack_enterprise_alias:
   file: 'lookups/mitre_attack_enterprise_aliases_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_enterprise_aliases
   stix_mapping: ctibutler-mitre-attack-enterprise-aliases
@@ -69,7 +69,7 @@ lookup_mitre_attack_mobile_id:
   file: 'lookups/mitre_attack_mobile_id_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_mobile
   stix_mapping: ctibutler-mitre-attack-mobile-id
@@ -83,7 +83,7 @@ lookup_mitre_attack_mobile_name:
   file: 'lookups/mitre_attack_mobile_name_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_mobile_name
   stix_mapping: ctibutler-mitre-attack-mobile-name
@@ -97,7 +97,7 @@ lookup_mitre_attack_mobile_alias:
   file: 'lookups/mitre_attack_mobile_aliases_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_mobile_aliases
   stix_mapping: ctibutler-mitre-attack-mobile-aliases
@@ -111,7 +111,7 @@ lookup_mitre_attack_ics_id:
   file: 'lookups/mitre_attack_ics_id_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_ics
   stix_mapping: ctibutler-mitre-attack-ics-id
@@ -125,7 +125,7 @@ lookup_mitre_attack_ics_name:
   file: 'lookups/mitre_attack_ics_name_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_ics_name
   stix_mapping: ctibutler-mitre-attack-ics-name
@@ -139,7 +139,7 @@ lookup_mitre_attack_ics_alias:
   file: 'lookups/mitre_attack_ics_aliases_v16_0.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_attack_ics_aliases
   stix_mapping: ctibutler-mitre-attack-ics-aliases
@@ -155,7 +155,7 @@ lookup_mitre_capec_id:
   file: 'lookups/mitre_capec_id_v3_9.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_capec
   stix_mapping: ctibutler-mitre-capec-id
@@ -169,7 +169,7 @@ lookup_mitre_capec_name:
   file: 'lookups/mitre_capec_name_v3_9.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_capec_name
   stix_mapping: ctibutler-mitre-capec-name
@@ -185,7 +185,7 @@ lookup_mitre_cwe_id:
   file: 'lookups/mitre_cwe_id_v4_15.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_cwe
   stix_mapping: ctibutler-mitre-cwe-id
@@ -199,7 +199,7 @@ lookup_mitre_cwe_name:
   file: 'lookups/mitre_cwe_name_v4_15.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_cwe_name
   stix_mapping: ctibutler-mitre-cwe-name
@@ -215,7 +215,7 @@ lookup_mitre_atlas_id:
   file: 'lookups/mitre_atlas_id_v4_5_2.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_atlas
   stix_mapping: ctibutler-mitre-atlas-id
@@ -229,7 +229,7 @@ lookup_mitre_atlas_name:
   file: 'lookups/mitre_atlas_name_v4_5_2.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mitre_atlas_name
   stix_mapping: ctibutler-mitre-atlas-name
@@ -239,13 +239,13 @@ lookup_mitre_atlas_name:
 lookup_disarm_id:
   type: lookup
   dogesec_web: false
-  name: DISARM IDs
+  name: DISARM names
   description: 'Extracts DISARM IDs from text. See lookup name for version used.'
   notes: 'No corresponding AI version yet due to poor AI performance'
   file: 'lookups/disarm_id_v1_5.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_disarm
   stix_mapping: ctibutler-disarm-id
@@ -259,7 +259,7 @@ lookup_disarm_name:
   file: 'lookups/disarm_name_v1_5.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_disarm_name
   stix_mapping: ctibutler-disarm-name
@@ -275,7 +275,7 @@ lookup_attack_pattern:
   file: 'lookups/attack_pattern.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_attack_pattern
   stix_mapping: attack-pattern
@@ -289,7 +289,7 @@ lookup_campaign:
   file: 'lookups/campaign.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_campaign
   stix_mapping: campaign
@@ -303,7 +303,7 @@ lookup_course_of_action:
   file: 'lookups/course_of_action.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_course_of_action
   stix_mapping: course-of-action
@@ -317,7 +317,7 @@ lookup_identity:
   file: 'lookups/identity.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_identity
   stix_mapping: identity
@@ -331,7 +331,7 @@ lookup_infrastructure:
   file: 'lookups/infrastructure.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_infrastructure
   stix_mapping: infrastructure
@@ -345,7 +345,7 @@ lookup_intrusion_set:
   file: 'lookups/intrusion_set.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_intrusion_set
   stix_mapping: intrusion-set
@@ -359,7 +359,7 @@ lookup_malware:
   file: 'lookups/malware.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_malware
   stix_mapping: malware
@@ -373,7 +373,7 @@ lookup_threat_actor:
   file: 'lookups/threat_actor.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_threat_actor
   stix_mapping: threat-actor
@@ -387,7 +387,7 @@ lookup_tool:
   file: 'lookups/tool.txt'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: lookup_tool
-  stix_mapping: tool
+  stix_mapping: tool

txt2stix/includes/extractions/pattern/config.yaml

@@ -10,7 +10,7 @@ pattern_ipv4_address_only:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_ipv4_address_only'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_ipv4_address_only
   stix_mapping: ipv4-addr
@@ -23,7 +23,7 @@ pattern_ipv4_address_cidr:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_ipv4_address_cidr'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: ipv4_address_cidr
   stix_mapping: ipv4-addr
@@ -36,7 +36,7 @@ pattern_ipv4_address_port:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_ipv4_address_port'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: ipv4_address_port
   stix_mapping: ipv4-addr-port
@@ -51,7 +51,7 @@ pattern_ipv6_address_only:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_ipv6_address_only'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_ipv6_address_only
   stix_mapping: ipv6-addr
@@ -64,7 +64,7 @@ pattern_ipv6_address_cidr:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_ipv6_address_cidr'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_ipv6_address_cidr
   stix_mapping: ipv6-addr
@@ -77,7 +77,7 @@ pattern_ipv6_address_port:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_ipv6_address_port'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_ipv6_address_port
   stix_mapping: ipv6-addr-port
@@ -92,7 +92,7 @@ pattern_domain_name_only:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_domain_name_only'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_domain_name_only
   stix_mapping: domain-name
@@ -105,7 +105,7 @@ pattern_domain_name_subdomain:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_domain_name_subdomain'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_domain_name_subdomain
   stix_mapping: domain-name
@@ -120,7 +120,7 @@ pattern_url:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_pattern_url'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_url
   stix_mapping: url
@@ -133,7 +133,7 @@ pattern_url_file:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_url_file'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_url_file
   stix_mapping: url
@@ -146,7 +146,7 @@ pattern_url_path:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_url_path'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_url_path
   stix_mapping: url
@@ -161,7 +161,7 @@ pattern_host_name:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_host_name'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_host_name
   stix_mapping: domain-name
@@ -174,7 +174,7 @@ pattern_host_name_subdomain:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_host_name_subdomain'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_host_name_subdomain
   stix_mapping: domain-name
@@ -187,7 +187,7 @@ pattern_host_name_url:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_host_name_url'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_host_name_url
   stix_mapping: url
@@ -200,7 +200,7 @@ pattern_host_name_file:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_host_name_file'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_host_name_file
   stix_mapping: url
@@ -213,7 +213,7 @@ pattern_host_name_path:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_host_name_path'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_host_name_path
   stix_mapping: url
@@ -228,7 +228,7 @@ pattern_directory_windows:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_directory_windows'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_directory_windows
   stix_mapping: directory
@@ -241,7 +241,7 @@ pattern_directory_windows_with_file:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_directory_windows_with_file'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_directory_windows_with_file
   stix_mapping: directory-file
@@ -254,7 +254,7 @@ pattern_directory_unix:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_directory_unix'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_directory_unix
   stix_mapping: directory
@@ -267,7 +267,7 @@ pattern_directory_unix_file:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_directory_unix_file'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_directory_unix_file
   stix_mapping: directory-file
@@ -282,7 +282,7 @@ pattern_file_name:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_file_name'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_file_name
   stix_mapping: file
@@ -295,7 +295,7 @@ pattern_file_hash_md5:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_file_hash_md5'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_file_hash_md5
   stix_mapping: file-hash
@@ -308,7 +308,7 @@ pattern_file_hash_sha_1:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_file_hash_sha_1'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_file_hash_sha_1
   stix_mapping: file-hash
@@ -321,7 +321,7 @@ pattern_file_hash_sha_256:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_file_hash_sha_256'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_file_hash_sha_256
   stix_mapping: file-hash
@@ -334,7 +334,7 @@ pattern_file_hash_sha_512:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_file_hash_sha_512'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_file_hash_sha_512
   stix_mapping: file-hash
@@ -349,7 +349,7 @@ pattern_email_address:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_email_address'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_email_address
   stix_mapping: email-addr
@@ -364,7 +364,7 @@ pattern_mac_address:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_mac_address'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_mac_address
   stix_mapping: mac-addr
@@ -379,7 +379,7 @@ pattern_windows_registry_key:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_windows_registry_key'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_windows_registry_key
   stix_mapping: windows-registry-key
@@ -394,7 +394,7 @@ pattern_user_agent:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_user_agent'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_user_agent
   stix_mapping: user-agent
@@ -409,7 +409,7 @@ pattern_autonomous_system_number:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_autonomous_system_number'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_autonomous_system_number
   stix_mapping: autonomous-system
@@ -424,7 +424,7 @@ pattern_cryptocurrency_btc_wallet:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_cryptocurrency_btc_wallet'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_cryptocurrency_btc_wallet
   stix_mapping: cryptocurrency-wallet
@@ -437,7 +437,7 @@ pattern_cryptocurrency_btc_wallet_transaction:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_cryptocurrency_btc_wallet_transaction'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_cryptocurrency_btc_wallet
   stix_mapping: cryptocurrency-wallet-with-transaction
@@ -450,7 +450,7 @@ pattern_cryptocurrency_btc_transaction:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_cryptocurrency_btc_transaction'
   created: 2020-01-01
   modified: 2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_cryptocurrency_btc_transaction
   stix_mapping: cryptocurrency-transaction
@@ -465,7 +465,7 @@ pattern_cve_id:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_cve_id'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_cve_id
   stix_mapping: vulmatch-cve-id
@@ -480,7 +480,7 @@ pattern_cpe_uri:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_cpe_uri'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_cpe_uri
   stix_mapping: vulmatch-cpe-id
@@ -495,7 +495,7 @@ pattern_bank_card_mastercard:
   notes: 'Also available: ai_bank_card_mastercard'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_mastercard
   stix_mapping: payment-card
@@ -508,7 +508,7 @@ pattern_bank_card_visa:
   notes: 'Also available: ai_bank_card_visa'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_visa
   stix_mapping: payment-card
@@ -521,7 +521,7 @@ pattern_bank_card_amex:
   notes: 'Also available: ai_bank_card_amex'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_amex
   stix_mapping: payment-card
@@ -534,7 +534,7 @@ pattern_bank_card_union_pay:
   notes: 'Also available: ai_bank_card_union_pay'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_union_pay
   stix_mapping: payment-card
@@ -547,7 +547,7 @@ pattern_bank_card_diners:
   notes: 'Also available: ai_bank_card_diners'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_diners
   stix_mapping: payment-card
@@ -560,7 +560,7 @@ pattern_bank_card_jcb:
   notes: 'Also available: ai_bank_card_jcb'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_jcb
   stix_mapping: payment-card
@@ -573,7 +573,7 @@ pattern_bank_card_discover:
   notes: 'Also available: ai_bank_card_discover'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_bank_card_discover
   stix_mapping: payment-card
@@ -588,7 +588,7 @@ pattern_iban_number:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_iban_number'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_iban_number
   stix_mapping: bank-account
@@ -603,7 +603,7 @@ pattern_phone_number:
   notes: 'RECOMMENDED FOR BETTER ACCURACY: Use ai_phone_number'
   created: 2020-01-01
   modified:  2020-01-01
-  created_by: DOGESEC
+  created_by: dogesec
   version: 1.0.0
   test_cases: generic_phone_number
   stix_mapping: phone-number

{txt2stix-1.1.6.dist-info → txt2stix-1.1.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: txt2stix
-Version: 1.1.6
+Version: 1.1.8
 Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
 Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
 Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues
@@ -14,6 +14,7 @@ Classifier: Programming Language :: Python :: 3
 Requires-Python: >=3.9
 Requires-Dist: base58>=2.1.1
 Requires-Dist: beautifulsoup4>=4.12.3
+Requires-Dist: json-repair
 Requires-Dist: llama-index-core>=0.12.42
 Requires-Dist: llama-index-llms-openai>=0.4.5
 Requires-Dist: mistune>=3.0.2

{txt2stix-1.1.6.dist-info → txt2stix-1.1.8.dist-info}/RECORD

@@ -18,7 +18,7 @@ txt2stix/ai_extractor/gemini.py,sha256=yJC7knYzl-TScyCBd-MTpUf-NT6znC25E7vXxNMqj
 txt2stix/ai_extractor/openai.py,sha256=1RxaLy0TJ4GjNKmcJoi6ZiBrCS_gt5ql9jpeE-SOy8g,642
 txt2stix/ai_extractor/openrouter.py,sha256=hAA6mTOMcpA28XYsOCvuJH7WMJqXCxfqZGJf_VrDsIk,628
 txt2stix/ai_extractor/prompts.py,sha256=NtqtVyPPtShPlVZ5SrFmo-LCkfpANIIi4H9rjqaxqDo,10559
-txt2stix/ai_extractor/utils.py,sha256=jG5tPuS2xfiH7xCxlaEkAOboNOOMDah9JpGDXrUUJBA,4342
+txt2stix/ai_extractor/utils.py,sha256=K3qglBRWYAuRU806-ahbz_PK1qQFfJ7ueWybVxYZYlQ,4425
 txt2stix/pattern/__init__.py,sha256=K9ofaP2AOikvzb48VSBpJZijckdqufZxSzr_kbRypLY,491
 txt2stix/pattern/extractors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 txt2stix/pattern/extractors/base_extractor.py,sha256=ly80rp-L40g7DbhrGiCvhPWI95-ZFMtAQUEC-fH6Y-o,6130
@@ -74,9 +74,9 @@ txt2stix/pattern/extractors/url/url_extractor.py,sha256=-SH1WvxbViaRZ1on8lRlzNAc
 txt2stix/pattern/extractors/url/url_file_extractor.py,sha256=_VDu_BX3Ys9SKhZlscZPp9xSOKCxNKKvJ2gbe7Nvuv0,881
 txt2stix/pattern/extractors/url/url_path_extractor.py,sha256=FNKcMZRnJpcZZF44T8DHsDWzhBqPq5a23h7T7l2osac,2459
 txt2stix/includes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-txt2stix/includes/extractions/ai/config.yaml,sha256=r98Sa93GaZNcY60NuZ2XlIM8BpFl33PUBkqFvGLqTOo,41564
-txt2stix/includes/extractions/lookup/config.yaml,sha256=lZoJ-vHig30TpfiwNEl4fiT-AwdOlhm7h0pE8b_G6jg,12059
-txt2stix/includes/extractions/pattern/config.yaml,sha256=UICpzQN7SOr5yT7jmhJYtpDuQxQxA-cxoltI4GW0nFs,20196
+txt2stix/includes/extractions/ai/config.yaml,sha256=0-jgrxsEEIZBs274WI4Trz3vgk6BW2hzV3p0jGnoKmA,41564
+txt2stix/includes/extractions/lookup/config.yaml,sha256=iT0lHHlMdx719qA2tyI_zsWqk9SUS6jmZtBY9_H-i4A,12062
+txt2stix/includes/extractions/pattern/config.yaml,sha256=92buge3fYegXIN1TSjLKq4PdIbKAGvDAc4CoQpR38sA,20196
 txt2stix/includes/helpers/mimetype_filename_extension_list.csv,sha256=kgozjMyp7y87CqRcoedfDwNXSLKrDgC9r9YKDYK0EbY,27593
 txt2stix/includes/helpers/stix_relationship_types.txt,sha256=PQytANVSrWepdK_SLEZtfiTe1eoxj6YMGUZslO_C1oc,505
 txt2stix/includes/helpers/tlds.txt,sha256=Va_awj-FQiKgs5ace6C0kC5xxAHIl9yAIBhvT08Q7Q0,9551
@@ -113,8 +113,8 @@ txt2stix/includes/lookups/threat_actor.txt,sha256=QfDO9maQuqKBgW_Sdd7VGv1SHZ9Ra-
 txt2stix/includes/lookups/tld.txt,sha256=-MEgJea2NMG_KDsnc4BVvI8eRk5Dm93L-t8SGYx5wMo,8598
 txt2stix/includes/lookups/tool.txt,sha256=HGKG6JpUE26w6ezzSxOjBkp15UpSaB7N-mZ_NU_3G7A,6
 txt2stix/includes/tests/test_cases.yaml,sha256=QD1FdIunpPkOpsn6wJRqs2vil_hv8OSVaqUp4a96aZg,22247
-txt2stix-1.1.6.dist-info/METADATA,sha256=9JF5quEpIFgO_e03KX-EeMFHj_1abOQH62OYMMZSxkI,15333
-txt2stix-1.1.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-txt2stix-1.1.6.dist-info/entry_points.txt,sha256=x6QPtt65hWeomw4IpJ_wQUesBl1M4WOLODbhOKyWMFg,55
-txt2stix-1.1.6.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
-txt2stix-1.1.6.dist-info/RECORD,,
+txt2stix-1.1.8.dist-info/METADATA,sha256=1DiACAC7Br7D4JcHa_sGzSWoATiUvIbq0iEm4dvdh0M,15360
+txt2stix-1.1.8.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+txt2stix-1.1.8.dist-info/entry_points.txt,sha256=x6QPtt65hWeomw4IpJ_wQUesBl1M4WOLODbhOKyWMFg,55
+txt2stix-1.1.8.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
+txt2stix-1.1.8.dist-info/RECORD,,