{"id":19883675,"url":"https://github.com/muchdogesec/stix2extensions","last_synced_at":"2025-05-02T14:33:53.794Z","repository":{"id":247447362,"uuid":"825753847","full_name":"muchdogesec/stix2extensions","owner":"muchdogesec","description":"This repository is used to share custom STIX objects created by the DOGESEC community.","archived":false,"fork":false,"pushed_at":"2025-04-23T05:05:16.000Z","size":86,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-23T06:20:23.323Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.dogesec.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/muchdogesec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-07-08T12:34:41.000Z","updated_at":"2025-04-23T05:05:04.000Z","dependencies_parsed_at":"2024-11-12T17:23:47.327Z","dependency_job_id":"8a48fb42-3572-4564-aad6-c396be526eec","html_url":"https://github.com/muchdogesec/stix2extensions","commit_stats":null,"previous_names":["muchdogesec/stix2extensions"],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2extensions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2extensions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2extensions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2extensions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/muchdogesec","download_url":"https://codeload.github.com/muchdogesec/stix2extensions/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252053936,"owners_count":21687196,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T17:21:59.132Z","updated_at":"2025-05-02T14:33:53.779Z","avatar_url":"https://github.com/muchdogesec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# stix2extensions\n\n## Overview\n\nThis repository is used to share custom STIX objects created by the threat intelligence community.\n\nIt is useful for two use-cases, for those who want to:\n\n1. create their own custom STIX objects and make them easy to distribute\n2. use the custom STIX objects created by others in this repo in a straight-forward way\n\n## tl;dr\n\n[![stix2extensions](https://img.youtube.com/vi/BbEruGoin8o/0.jpg)](https://www.youtube.com/watch?v=BbEruGoin8o)\n\n## Structure of this repository\n\nThe key parts of this repository are structured as follows;\n\n```txt\n.\n├── example_objects # example custom objects auto-generated by scripts in /generators/example_objects/\n│ ├── properties\n│ ├── sdos\n│ └── scos\n├── extension-definitions # the extension definitions auto-generated by /generators/extension-definition.py\n│ ├── properties\n│ ├── sdos\n│ └── scos\n├── generators # generates the extension definitions and example objects\n│ ├── properties\n│ ├── sdos\n│ └── scos\n└── schemas # the schemas references in each extension-definition object\n ├── properties\n ├── sdos\n └── scos\n```\n\nEach directory is structured by the STIX object type, either STIX Domain Objects (SDOs) or STIX Cyber Observable Objects (SDOs).\n\n## Custom objects currently available\n\nThis repository currently offers the following custom STIX objects:\n\n### SDOs\n\n* `weakness`: This extension creates a new SDO that can be used to represent weaknesses (for CWEs).\n\n### SCOs\n\n* `bank-account`: This extension creates a new SCO that can be used to represent bank account details.\n* `bank-card`: This extension creates a new SCO that can be used to represent bank cards.\n* `cryptocurrency-transaction`: This extension creates a new SCO that can be used to represent cryptocurrency transactions.\n* `cryptocurrency-wallet`: This extension creates a new SCO that can be used to represent cryptocurrency wallets.\n* `phone-number`: This extension creates a new SCO that can be used to represent phone numbers.\n* `user-agent`: This extension creates a new SCO that can be used to represent user agents used in HTTP request. It is designed to be used when the Network Traffic SCO with HTTP request extension cannot be used due to lack of request information needed for the required properties.\n\n### Properties\n\n* Indicator SDO: This extension adds new properties to Indicator SDOs to list CPE vulnerable inside a pattern.\n* Note SDO: This extension adds new properties to Note SDOs to capture EPSS scores for CVEs.\n* Software CPE: This extension adds new properties to Software SCOs to capture full CPE information.\n* Vulnerability SDO: This extension adds new properties to Vulnerbility SDOs to provide scoring.\n\n## Adding your own custom STIX objects to this repo\n\n### Overview\n\nFirst clone this repo, and set it up:\n\n```shell\n# clone the latest code\ngit clone https://github.com/muchdogesec/stix2extensions\n# create a venv\ncd stix2extensions\npython3 -m venv stix2extensions-venv\nsource stix2extensions-venv/bin/activate\n# install requirements\npip3 install .\n```\n\nTo add your own objects to this repo you must then do the following things:\n\n1. define a schema for it in the `schemas` directory.\n2. create an entry for it in `stix2extensions` defining the properties\n3. add an entry in `stix2extensions/_extensions.py` and `generators/extension-definition.py` to auto generate the Extension Definition for your objects. Then the script `python3 generators/extension-definition.py`\n4. optional: add an entry under `generators/example_objects/` for your custom object. This script should generate a dummy object to show others what it looks like (this is more likely to increase adoption). Then run the script `python3 generators/extension-definition.py`.\n5. optional: add an icon for your new object in our [stix2icons repository](https://github.com/muchdogesec/stix2icons). This will make it easy for graph viewers to render your object properly with an icon.\n\nFor each of these steps, you can see examples of the existing objects which you can use as templates.\n\nOnce done, you can then submit a PR to this repo and the DOGESEC team will check it looks good before merging it into the `main` branch so anyone can start using it.\n\n### A note on generating the data\n\nThis script will generated the Extension Definition objects defining all of the custom objects in this repo (inc. any you've added at step 3);\n\n```shell\npython3 generators/smos/extension-definition.py\n```\n\nIf you want to see example of how to use this script to generate the custom objects (and what they look like), you can run the generator scripts (created at step 4, don't forget to add yours to the list);\n\n```shell\npython3 generators/sdos/weakness.py \u0026\u0026 \\\npython3 generators/scos/bank-account.py \u0026\u0026 \\\npython3 generators/scos/bank-card.py \u0026\u0026 \\\npython3 generators/scos/cryptocurrency-transaction.py \u0026\u0026 \\\npython3 generators/scos/cryptocurrency-wallet.py \u0026\u0026 \\\npython3 generators/scos/phone-number.py \u0026\u0026 \\\npython3 generators/scos/user-agent.py \u0026\u0026 \\\npython3 generators/properties/indicator-vulnerable-cpes.py \u0026\u0026 \\\npython3 generators/properties/vulnerability-scoring.py \u0026\u0026 \\\npython3 generators/properties/report-epss-scoring.py \u0026\u0026 \\\npython3 generators/properties/software-cpe-properties.py\n```\n\n#### A note about UUIDs in `generators`\n\nNote, all of the SDO `id`s in this repo are generated by the namespace `1abb62b9-e513-5f55-8e73-8f6d7b55c237`. This is a randomly generated UUIDv4. It is used to ensure the objects generated by the code in this repo have persistent UUIDs on each update.\n\nFor all SCO object generation scripts we use the OASIS namespace `00abedb4-aa42-466c-9c01-fed23315a9b7`.\n\n### Misc\n\nNote, this repository also contains two scripts under `stix2extensions/tools`; 1) `creditcard2stix.py`, and 2) `crypto2stix.py`. These are utilities we use in our products.\n\nYou should use the core repositories for this data [creditcard2stix](https://github.com/muchdogesec/creditcard2stix) and [crypto2stix](https://github.com/muchdogesec/crypto2stix) respectively.\n\n## Using the STIX objects defined in this repo\n\nIf you want to generate a custom STIX object found in this repo in your project (e.g. use the `cryptocurrency-transaction` STIX object to model crypto transactions in your research) you can import them like so:\n\n```shell\npip3 install https://github.com/muchdogesec/stix2extensions/archive/main.zip\n```\n\nYou can then easily use them in your code.\n\nFor example, here I am generating a `bank-account`;\n\n```python\nimport uuid\nfrom uuid import UUID\nfrom stix2extensions import BankCard\n\n# define UUID for generating UUIDv5s -- this is the OASIS namespace for SCOs https://github.com/oasis-open/cti-python-stix2/blob/master/stix2/base.py#L29\n\nnamespace=UUID(\"00abedb4-aa42-466c-9c01-fed23315a9b7\")\n\n# Create bank-card SCO\n\nexample_bankCardSCO = BankCard(\n id=\"bank-card--\"+ str(uuid.uuid5(namespace, f\"4242424242424242\")), # bank-card--9ce64b19-095d-5187-a56b-79a82ae4066f\n format=\"credit\",\n number=\"4242424242424242\",\n scheme=\"VISA\",\n brand=\"VISA\",\n currency=\"GBP\",\n issuer_name=\"Big Bank\",\n issuer_country=\"GBR\",\n holder_name=\"DOGESEC\",\n valid_from=\"01/99\",\n valid_to=\"01/00\",\n security_code=\"999\"\n )\n\nprint(example_bankCardSCO)\n```\n\nWhich prints the STIX object.\n\n```json\n{\n \"type\": \"bank-card\",\n \"spec_version\": \"2.1\",\n \"id\": \"bank-card--2bb315d3-2a76-52db-9740-cb1bb46626b2\",\n \"format\": \"credit\",\n \"number\": \"4242424242424242\",\n \"scheme\": \"VISA\",\n \"brand\": \"VISA\",\n \"currency\": \"GBP\",\n \"issuer_name\": \"Big Bank\",\n \"issuer_country\": \"GBR\",\n \"holder_name\": \"DOGESEC\",\n \"valid_from\": \"01/99\",\n \"valid_to\": \"01/00\",\n \"security_code\": \"999\",\n \"extensions\": {\n \"extension-definition--7922f91a-ee77-58a5-8217-321ce6a2d6e0\": {\n \"extension_type\": \"new-sco\"\n }\n }\n}\n```\n\n## Support\n\n[Minimal support provided via the DOGESEC community](https://community.dogesec.com).\n\n## License\n\n[Apache 2.0](/LICENSE).\n\n## Useful supporting tools\n\n* Existing STIX 2.1 schemas: [cti-stix2-json-schemas](https://github.com/oasis-open/cti-stix2-json-schemas): OASIS TC Open Repository: Non-normative schemas and examples for STIX 2\n* To generate STIX 2.1 extensions: [stix2 Python Lib](https://stix2.readthedocs.io/en/latest/)\n* STIX 2.1 specifications for objects: [STIX 2.1 docs](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html)\n* [stix2icons](https://github.com/muchdogesec/stix2icons): icons for the custom STIX objects in this repository","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuchdogesec%2Fstix2extensions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmuchdogesec%2Fstix2extensions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuchdogesec%2Fstix2extensions/lists"}