Association

JSON representation
AssociationType
AssociationAlias
- JSON representation

Associations represents different metadata about malware and threat actors involved with an IoC.

JSON representation

JSON representation
{ "id": string, "countryCode": [ string ], "type": enum (`AssociationType`), "name": string, "description": string, "role": string, "sourceCountry": string, "alias": [ { object (`AssociationAlias`) } ], "firstReferenceTime": string, "lastReferenceTime": string, "industriesAffected": [ string ], "associatedActors": [ { object (`Association`) } ], "regionCode": { object (`Location`) }, "sponsorRegion": { object (`Location`) }, "targetedRegions": [ { object (`Location`) } ], "tags": [ string ] }

{
  "id": string,
  "countryCode": [
    string
  ],
  "type": enum (AssociationType),
  "name": string,
  "description": string,
  "role": string,
  "sourceCountry": string,
  "alias": [
    {
      object (AssociationAlias)
    }
  ],
  "firstReferenceTime": string,
  "lastReferenceTime": string,
  "industriesAffected": [
    string
  ],
  "associatedActors": [
    {
      object (Association)
    }
  ],
  "regionCode": {
    object (Location)
  },
  "sponsorRegion": {
    object (Location)
  },
  "targetedRegions": [
    {
      object (Location)
    }
  ],
  "tags": [
    string
  ]
}

Fields
`id`	`string` Unique association id generated by mandiant.
`countryCode[]`	`string` Country from which the threat actor/ malware is originated.
`type`	`enum (AssociationType)` Signifies the type of association.
`name`	`string` Name of the threat actor/malware.
`description`	`string` Human readable description about the association.
`role`	`string` Role of the malware. Not applicable for threat actor.
`sourceCountry (deprecated)`	`string` This item is deprecated! Name of the country the threat originated from.
`alias[]`	`object (AssociationAlias)` Different aliases of the threat actor given by different sources.
`firstReferenceTime`	`string (Timestamp format)` First time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`lastReferenceTime`	`string (Timestamp format)` Last time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`industriesAffected[]`	`string` List of industries the threat actor affects.
`associatedActors[]`	`object (Association)` List of associated threat actors for a malware. Not applicable for threat actors.
`regionCode`	`object (Location)` Name of the country, the threat is originating from.
`sponsorRegion`	`object (Location)` Sponsor region of the threat actor.
`targetedRegions[]`	`object (Location)` Targeted regions.
`tags[]`	`string` Tags.

AssociationType

Represents different possible Association types. Can be threat or malware. Used to represent Mandiant threat intelligence.

Enums
`ASSOCIATION_TYPE_UNSPECIFIED`	The default Association Type.
`THREAT_ACTOR`	Association type Threat actor.
`MALWARE`	Association type Malware.

AssociationAlias

Association Alias used to represent Mandiant Threat Intelligence.

JSON representation
{ "name": string, "company": string }

Fields

Fields
`name`	`string` Name of the alias.
`company`	`string` Name of the provider who gave the association's name.

name

string

Name of the alias.

company

string

Name of the provider who gave the association's name.

Association Stay organized with collections Save and categorize content based on your preferences.

AssociationType

AssociationAlias

Association