~alienagain/Stix_stuff

Stuff to automate stix documents from IoCs
adding new versions
adding a script to specify a single campaign related hash
added logics so to know which bundle shall be created depending on the options chosen

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~alienagain/Stix_stuff
read/write
git@git.sr.ht:~alienagain/Stix_stuff

You can also use your local clone with git send-email.

#STIX scripts

Since I'm planning on creating reports from my personal Linux threat projects, I'm already automating some report-formatting for technical people in STIX, which is very helpful for ingesting in general systems such as MISP.

#How to

It's recommended to use a virtual environment. Evrything works on python3.

mkdir my_virtual_space
cd my_virtual_space
source bin/activate 

Then install all the requirements:

git clone https://git.sr.ht/~alienagain/Stix_stuff
pip3 intall -r requirements.txt

Then try out the hashes:

python3 from_csv/hashes.py from_csv/example_hashes.csv

or the domains:

python3 from_csv/domains.py from_csv/example_domains.csv

The files with the relationships of the example (XMRIG) will be created. Follow the docs to learn more about adding new malware and understanding the logics: