F3T-CFX · Intelligence Exchange

Case Exchange Bundle

Export this case as a STIX 2.1 bundle or F3T-CFX envelope for downstream ingestion in OpenCTI, TAXII collections, or MISP. Every object is source-cited, confidence-scored, and flagged for human review before publication.

TLP:RED

CFX v1.0

Human Review Required

STIX Reports

One per finding

Threat Actors

Syndicate members

Relationships

Edges, all confidence-scored

Observed Data

Timeline events

Opinions

Per high-risk invoice

Export Targets

F3T-CFX Envelope

JSON

Producer-signed wrapper around the STIX bundle with redaction profile, review state, and case metadata.

STIX 2.1 Bundle

JSON

Raw STIX bundle for direct ingestion into OpenCTI, TAXII collections, or any STIX-aware SIEM.

MISP Event (preview)

JSON

Preview

MISP-compatible event export. Connector in human-review state — enable after analyst sign-off.

TAXII 2.1 Collection (preview)

API

Preview

Publish to a TAXII collection. Endpoint configuration required in CFX admin.

Source Integrity

Producer

BackCheck Evidence Intelligence

F3T Local Intelligence Engine · F3T-CFX

Review State

human-review-required

All actors, relationships and reports carry a confidence score. Attribution is observed, not confirmed; corroborate before external publication.

Redaction Profile

investigator-default

CNICs, account numbers, and personal contacts are kept inside the bundle but tagged for redaction-on-export to public TAXII feeds.

Bundle Preview

identity

identity--f3t-backcheck-…

BackCheck Evidence Intelligence — F3T Local Intelligence Engine

threat-actor

threat-actor--d4726383--…

Imran Siddiqui

threat-actor

threat-actor--d745e55b--…

Zubair Ahmed

threat-actor

threat-actor--71c0a4f6-7…

Dilawar Khan

threat-actor

threat-actor--36421f05-3…

A. Qureshi

infrastructure

infrastructure--f2d00287…

Acct ****7741

infrastructure

infrastructure--f2cda989…

Acct ****2210

infrastructure

infrastructure--f2d0d089…

Acct ****9008

+ 34 more objects in the bundle.