Not sure if that is the input or output. If it is an input then parse it into a field called json using
filter { json { source => "message" target => "json" } }
then reference it using
mutate { add_field => { "foo" => "%{[json][EM.simInfoValidation][0][iccid]}" } }
mutate { gsub => [ "foo", "^(....).*", "\1" ] }
If it is an output then leave out the leading [json].