{
    "type": "bundle",
    "id": "bundle--d0a24ae1-7896-4458-ad1d-d103f058194f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--b5bcf025-fdd8-486e-85fe-9d23c45827d6",
            "created": "2026-02-26T23:33:02.446066Z",
            "modified": "2026-02-26T23:33:02.446113Z",
            "name": "Kmsec",
            "identity_class": "organization"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--5eaa831c-6546-4b2b-8280-992379bc70f7",
            "hashes": {
                "MD5": "2c1a77d61944974dc2bec5aaf0ec5d0f",
                "SHA-1": "f860fe894f11455edc4a10dce7779825a3888517",
                "SHA-256": "9ec622624f5f07c5d86e6048f2710de1e9c5ac7c6a6fad4fcb31121bb67c0239"
            }
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--508610cd-3a51-43f5-93af-ec0523da495f",
            "value": "187.127.248.20"
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--f91c3ff4-f791-407e-af72-cf80050706b9",
            "value": "187.77.111.137"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--0689ac59-e8bd-4e55-b68a-eb5d9a925ea9",
            "value": "deoft.org"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--2e6f450a-7bb2-4f1c-9894-9719e286a26d",
            "value": "dpw.jr12012025z.workers.dev"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--643db7cb-1da2-4124-a9c2-1c544ab2578a",
            "value": "keo.pages.dev"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--1d227bee-f26c-5f74-a3f8-5bdb18774b64",
            "created": "2026-06-24T16:05:12.444458Z",
            "modified": "2026-06-24T16:05:12.444458Z",
            "name": "FamousChollima"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--1aa848ea-cd13-4243-ba2b-5124079d2c43",
            "created_by_ref": "identity--b5bcf025-fdd8-486e-85fe-9d23c45827d6",
            "created": "2026-06-24T16:05:12.447052Z",
            "modified": "2026-06-24T16:05:12.447052Z",
            "name": "North Korea's abuse of Cloudflare Workers and Pages",
            "published": "2026-05-01T00:00:00Z",
            "object_refs": [
                "identity--b5bcf025-fdd8-486e-85fe-9d23c45827d6",
                "file--5eaa831c-6546-4b2b-8280-992379bc70f7",
                "ipv4-addr--508610cd-3a51-43f5-93af-ec0523da495f",
                "ipv4-addr--f91c3ff4-f791-407e-af72-cf80050706b9",
                "domain-name--0689ac59-e8bd-4e55-b68a-eb5d9a925ea9",
                "domain-name--2e6f450a-7bb2-4f1c-9894-9719e286a26d",
                "domain-name--643db7cb-1da2-4124-a9c2-1c544ab2578a",
                "threat-actor--1d227bee-f26c-5f74-a3f8-5bdb18774b64"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://kmsec.uk/blog/dprk-pages-dev-abuse/"
                }
            ]
        }
    ]
}