{
    "type": "bundle",
    "id": "bundle--3292edb6-c47e-42d2-b4ab-080c014b8edd",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--d1954851-ca6b-442c-91ee-775ecd79d291",
            "created": "2025-09-08T00:10:24.364838Z",
            "modified": "2025-09-08T00:11:37.201974Z",
            "name": "FalconFeeds",
            "identity_class": "organization"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--ea64f973-73f1-4e82-ba45-15d7a52d33c1",
            "value": "websecuritynotices.com"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--6caf9695-d536-4ca5-92eb-66deced99f98",
            "value": "nid.navermails.com"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--84c258c7-4e35-4880-9b3f-01f379a87588",
            "value": "nid-security.com"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--7b89d38f-3c1c-4bde-9fc4-989133017788",
            "value": "websecuritynotice.com"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--97933643-103d-4c86-8b85-d43d6cc99563",
            "value": "appletls.com"
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--72097a44-7c7c-438d-b4bd-0a936729d0bb",
            "value": "156.59.13.153"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1",
            "created": "2026-06-24T23:56:24.228587Z",
            "modified": "2026-06-24T23:56:24.228587Z",
            "name": "Kimsuky"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--2d34e888-4926-4961-b003-02d4dbe16579",
            "created_by_ref": "identity--d1954851-ca6b-442c-91ee-775ecd79d291",
            "created": "2026-06-24T23:56:24.231081Z",
            "modified": "2026-06-24T23:56:24.231081Z",
            "name": "A Glimpse Behind the Curtain: Unmasking Kimsuky\u2019s Threat Actor Operations, Infrastructure, and Capabilities",
            "published": "2025-09-01T00:00:00Z",
            "object_refs": [
                "identity--d1954851-ca6b-442c-91ee-775ecd79d291",
                "domain-name--ea64f973-73f1-4e82-ba45-15d7a52d33c1",
                "domain-name--6caf9695-d536-4ca5-92eb-66deced99f98",
                "domain-name--84c258c7-4e35-4880-9b3f-01f379a87588",
                "domain-name--7b89d38f-3c1c-4bde-9fc4-989133017788",
                "domain-name--97933643-103d-4c86-8b85-d43d6cc99563",
                "ipv4-addr--72097a44-7c7c-438d-b4bd-0a936729d0bb",
                "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://falconfeeds.io/blogs/kimsuky-threat-actor-operations-infrastructure-capabilities"
                }
            ]
        }
    ]
}