Association

JSON representation
AssociationType
AssociationAlias
- JSON representation

Associations represents different metadata about malware and threat actors involved with an IoC.

JSON representation

JSON representation
{ "id": string, "countryCode": [ string ], "type": enum (`AssociationType`), "name": string, "description": string, "role": string, "sourceCountry": string, "alias": [ { object (`AssociationAlias`) } ], "firstReferenceTime": string, "lastReferenceTime": string, "industriesAffected": [ string ], "associatedActors": [ { object (`Association`) } ], "regionCode": { object (`Location`) }, "sponsorRegion": { object (`Location`) }, "targetedRegions": [ { object (`Location`) } ], "tags": [ string ] }

{
  "id": string,
  "countryCode": [
    string
  ],
  "type": enum (AssociationType),
  "name": string,
  "description": string,
  "role": string,
  "sourceCountry": string,
  "alias": [
    {
      object (AssociationAlias)
    }
  ],
  "firstReferenceTime": string,
  "lastReferenceTime": string,
  "industriesAffected": [
    string
  ],
  "associatedActors": [
    {
      object (Association)
    }
  ],
  "regionCode": {
    object (Location)
  },
  "sponsorRegion": {
    object (Location)
  },
  "targetedRegions": [
    {
      object (Location)
    }
  ],
  "tags": [
    string
  ]
}

Fields
`id`	`string` Unique association id generated by mandiant.
`countryCode[]`	`string` Country from which the threat actor/ malware is originated.
`type`	`enum (AssociationType)` Signifies the type of association.
`name`	`string` Name of the threat actor/malware.
`description`	`string` Human readable description about the association.
`role`	`string` Role of the malware. Not applicable for threat actor.
`sourceCountry (deprecated)`	`string` This item is deprecated! Name of the country the threat originated from.
`alias[]`	`object (AssociationAlias)` Different aliases of the threat actor given by different sources.
`firstReferenceTime`	`string (Timestamp format)` First time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`lastReferenceTime`	`string (Timestamp format)` Last time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`industriesAffected[]`	`string` List of industries the threat actor affects.
`associatedActors[]`	`object (Association)` List of associated threat actors for a malware. Not applicable for threat actors.
`regionCode`	`object (Location)` Name of the country, the threat is originating from.
`sponsorRegion`	`object (Location)` Sponsor region of the threat actor.
`targetedRegions[]`	`object (Location)` Targeted regions.
`tags[]`	`string` Tags.

AssociationType

Represents different possible Association types. Can be threat or malware. Used to represent Mandiant threat intelligence.

Enums
`ASSOCIATION_TYPE_UNSPECIFIED`	The default Association Type.
`THREAT_ACTOR`	Association type Threat actor.
`MALWARE`	Association type Malware.

AssociationAlias

Association Alias used to represent Mandiant Threat Intelligence.

JSON representation
{ "name": string, "company": string }

Fields

Fields
`name`	`string` Name of the alias.
`company`	`string` Name of the provider who gave the association's name.

name

string

Name of the alias.

company

string

Name of the provider who gave the association's name.