Association

JSON representation
AssociationType
AssociationAlias
- JSON representation

Associations represents different metadata about malware and threat actors involved with an IoC.

JSON representation

JSON representation
{ "id" : string , "countryCode" : [ string ] , "type" : enum ( `AssociationType` ) , "name" : string , "description" : string , "role" : string , "sourceCountry" : string , "alias" : [ { object ( `AssociationAlias` ) } ] , "firstReferenceTime" : string , "lastReferenceTime" : string , "industriesAffected" : [ string ] , "associatedActors" : [ { object ( `Association` ) } ] , "regionCode" : { object ( `Location` ) } , "sponsorRegion" : { object ( `Location` ) } , "targetedRegions" : [ { object ( `Location` ) } ] , "tags" : [ string ] }

 { 
 "id" 
 : 
 string 
 , 
 "countryCode" 
 : 
 [ 
 string 
 ] 
 , 
 "type" 
 : 
 enum (  AssociationType 
 
) 
 , 
 "name" 
 : 
 string 
 , 
 "description" 
 : 
 string 
 , 
 "role" 
 : 
 string 
 , 
 "sourceCountry" 
 : 
 string 
 , 
 "alias" 
 : 
 [ 
 { 
 object (  AssociationAlias 
 
) 
 } 
 ] 
 , 
 "firstReferenceTime" 
 : 
 string 
 , 
 "lastReferenceTime" 
 : 
 string 
 , 
 "industriesAffected" 
 : 
 [ 
 string 
 ] 
 , 
 "associatedActors" 
 : 
 [ 
 { 
 object (  Association 
 
) 
 } 
 ] 
 , 
 "regionCode" 
 : 
 { 
 object (  Location 
 
) 
 } 
 , 
 "sponsorRegion" 
 : 
 { 
 object (  Location 
 
) 
 } 
 , 
 "targetedRegions" 
 : 
 [ 
 { 
 object (  Location 
 
) 
 } 
 ] 
 , 
 "tags" 
 : 
 [ 
 string 
 ] 
 }

Fields
`id`	`string` Unique association id generated by mandiant.
`countryCode[]`	`string` Country from which the threat actor/ malware is originated.
`type`	`enum ( AssociationType )` Signifies the type of association.
`name`	`string` Name of the threat actor/malware.
`description`	`string` Human readable description about the association.
`role`	`string` Role of the malware. Not applicable for threat actor.
`sourceCountry (deprecated)`	`string` This item is deprecated! Name of the country the threat originated from.
`alias[]`	`object ( AssociationAlias )` Different aliases of the threat actor given by different sources.
`firstReferenceTime`	`string ( Timestamp format)` First time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`lastReferenceTime`	`string ( Timestamp format)` Last time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`industriesAffected[]`	`string` List of industries the threat actor affects.
`associatedActors[]`	`object ( Association )` List of associated threat actors for a malware. Not applicable for threat actors.
`regionCode`	`object ( Location )` Name of the country, the threat is originating from.
`sponsorRegion`	`object ( Location )` Sponsor region of the threat actor.
`targetedRegions[]`	`object ( Location )` Targeted regions.
`tags[]`	`string` Tags.

AssociationType

Represents different possible Association types. Can be threat or malware. Used to represent Mandiant threat intelligence.

Enums
`ASSOCIATION_TYPE_UNSPECIFIED`	The default Association Type.
`THREAT_ACTOR`	Association type Threat actor.
`MALWARE`	Association type Malware.

AssociationAlias

Association Alias used to represent Mandiant Threat Intelligence.

JSON representation
{ "name" : string , "company" : string }

Fields

Fields
`name`	`string` Name of the alias.
`company`	`string` Name of the provider who gave the association's name.

name

string

Name of the alias.

company

string

Name of the provider who gave the association's name.