{
    "type": "bundle",
    "id": "bundle--6318c3f1-2430-4292-9e2e-f00cb9e9257a",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--58adf7e3-5f6b-4a47-b31f-faa83e05d2a8",
            "created": "2026-04-20T00:58:25.121722Z",
            "modified": "2026-04-20T00:58:25.121761Z",
            "name": "Excalibra",
            "identity_class": "organization"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--ca700284-710e-483d-a94d-f0494f17f43d",
            "hashes": {
                "SHA-256": "af0309aa38d067373c54b2a7774a32f68ab72cb2dbf5aed74ac784b079830184"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--22816937-ecad-465d-9ae1-aa767a90098f",
            "hashes": {
                "SHA-256": "f20fde3a9381c22034f7ecd4fef2396a85c05bfd54f7db3ad6bcd00c9e09d421"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--879b0948-80a6-4244-95e3-fec66ff40314",
            "hashes": {
                "SHA-256": "c0866bb72c7a12a0288f434e16ba14eeaa35d3c4cff4a86046c553c15679c0b5"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--e4019bb6-7b65-4cf0-8b70-5189918ada76",
            "hashes": {
                "SHA-256": "9c3f2bd300ad2ef8584cc48adc47aab61bf85fc653d923e106c73fc6ec3ea1dc"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--f52b4d47-7660-452a-8ba5-10642f2d81d3",
            "hashes": {
                "SHA-256": "484a16d779d67c7339125ceac10b9abf1aa47f561f40058789bfe2acda548282"
            }
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1",
            "created": "2026-06-24T19:53:59.352389Z",
            "modified": "2026-06-24T19:53:59.352389Z",
            "name": "Kimsuky"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--13c671dd-b29f-4824-9cde-e09d68f7d8a9",
            "created_by_ref": "identity--58adf7e3-5f6b-4a47-b31f-faa83e05d2a8",
            "created": "2026-06-24T19:53:59.355029Z",
            "modified": "2026-06-24T19:53:59.355029Z",
            "name": "North Korea-Linked Hackers Use GitHub as C2 Infrastructure to Attack South Korea",
            "published": "2026-04-08T00:00:00Z",
            "object_refs": [
                "identity--58adf7e3-5f6b-4a47-b31f-faa83e05d2a8",
                "file--ca700284-710e-483d-a94d-f0494f17f43d",
                "file--22816937-ecad-465d-9ae1-aa767a90098f",
                "file--879b0948-80a6-4244-95e3-fec66ff40314",
                "file--e4019bb6-7b65-4cf0-8b70-5189918ada76",
                "file--f52b4d47-7660-452a-8ba5-10642f2d81d3",
                "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://medium.com/bugbountywriteup/north-korea-linked-hackers-use-github-as-c2-infrastructure-to-attack-south-korea-1bdcbaf9a9d8"
                }
            ]
        }
    ]
}