{
    "type": "bundle",
    "id": "bundle--a548fe21-ba94-4a2b-8c14-b4c2fb8b975d",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--48edf75c-7cd8-480a-8950-deb15067ea29",
            "created": "2026-04-13T05:27:30.708162Z",
            "modified": "2026-04-22T01:03:40.519059Z",
            "name": "BreakGlassIntelligence",
            "identity_class": "organization"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--cf2a2cc0-ca47-453d-a78b-397779921565",
            "value": "arnptec.com"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1",
            "created": "2026-06-24T21:17:47.028139Z",
            "modified": "2026-06-24T21:17:47.028139Z",
            "name": "Kimsuky"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--d903e812-9623-43df-bbed-686c96c3aff0",
            "created_by_ref": "identity--48edf75c-7cd8-480a-8950-deb15067ea29",
            "created": "2026-06-24T21:17:47.030756Z",
            "modified": "2026-06-24T21:17:47.030756Z",
            "name": "Ten Operators, Nine Campaigns, and a Backend With No Password: How a Single Vercel URL Exposed a Two-Year Korean Phishing Syndicate",
            "published": "2026-04-05T00:00:00Z",
            "object_refs": [
                "identity--48edf75c-7cd8-480a-8950-deb15067ea29",
                "domain-name--cf2a2cc0-ca47-453d-a78b-397779921565",
                "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://intel.breakglass.tech/post/team24-ten-operators-vercel-phishing-syndicate-open-backend-korean-targeting"
                }
            ]
        }
    ]
}