{
    "type": "bundle",
    "id": "bundle--625e23b9-5578-4890-80f5-0e3debf23971",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--a95e7b37-502a-4cb3-a83e-736263e8fc10",
            "created": "2024-08-02T06:36:36.69269Z",
            "modified": "2024-10-27T08:10:41.311857Z",
            "name": "Datadog",
            "identity_class": "organization"
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--22024181-f23a-446e-aefd-dd0049880942",
            "value": "142.111.77.196"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--90cd2e62-c6ba-4581-8fbc-2698118a0787",
            "hashes": {
                "SHA-256": "d2a74db6b9c900ad29a81432af72eee8ed4e22bf61055e7e8f7a5f1a33778277"
            }
        },
        {
            "type": "email-addr",
            "spec_version": "2.1",
            "id": "email-addr--41c6d1c9-f344-4efd-a898-605f27fcfb96",
            "value": "open_source@lorenwest.com"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--59045dec-a70a-464e-ac0b-18369fc858d5",
            "value": "lorenwest.com"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--57527938-7ad7-5a7f-81fa-3227b1e5c755",
            "created": "2026-06-24T21:02:27.458872Z",
            "modified": "2026-06-24T21:02:27.458872Z",
            "name": "StressedPungsan"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--2fdbf283-c89b-5093-828f-44b9484e36e3",
            "created": "2026-06-24T21:02:27.461204Z",
            "modified": "2026-06-24T21:02:27.461204Z",
            "name": "Pungsan"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--094de47c-e9b0-4579-a6c9-adb190673860",
            "created_by_ref": "identity--a95e7b37-502a-4cb3-a83e-736263e8fc10",
            "created": "2026-06-24T21:02:27.462213Z",
            "modified": "2026-06-24T21:02:27.462213Z",
            "name": "Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access",
            "published": "2024-08-01T00:00:00Z",
            "object_refs": [
                "identity--a95e7b37-502a-4cb3-a83e-736263e8fc10",
                "ipv4-addr--22024181-f23a-446e-aefd-dd0049880942",
                "file--90cd2e62-c6ba-4581-8fbc-2698118a0787",
                "email-addr--41c6d1c9-f344-4efd-a898-605f27fcfb96",
                "domain-name--59045dec-a70a-464e-ac0b-18369fc858d5",
                "threat-actor--57527938-7ad7-5a7f-81fa-3227b1e5c755",
                "threat-actor--2fdbf283-c89b-5093-828f-44b9484e36e3"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://securitylabs.datadoghq.com/articles/stressed-pungsan-dprk-aligned-threat-actor-leverages-npm-for-initial-access/"
                }
            ]
        }
    ]
}