{
    "type": "bundle",
    "id": "bundle--8939b620-9fbe-4d26-a915-3d8de4d5e013",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--2b8a973e-be8b-42cf-93af-3b2ac7926c3a",
            "created": "2025-02-24T10:20:18.023141Z",
            "modified": "2025-02-24T10:21:15.388595Z",
            "name": "Seeker",
            "identity_class": "organization"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--272f951e-3b9c-43b2-b614-0d762bde8d00",
            "hashes": {
                "MD5": "1e9d94d88fdac3c4a0a47a3a1d07e329"
            }
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1",
            "created": "2026-06-24T22:43:27.193525Z",
            "modified": "2026-06-24T22:43:27.193525Z",
            "name": "Kimsuky"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--23f32aa6-8289-4925-be05-cf4722a2bffd",
            "created_by_ref": "identity--2b8a973e-be8b-42cf-93af-3b2ac7926c3a",
            "created": "2026-06-24T22:43:27.194789Z",
            "modified": "2026-06-24T22:43:27.194789Z",
            "name": "The North Korean nation-state APT43 Kimsuky used the PowerShell forceCopy to conduct spear-phishing analysis",
            "published": "2025-02-12T00:00:00Z",
            "object_refs": [
                "identity--2b8a973e-be8b-42cf-93af-3b2ac7926c3a",
                "file--272f951e-3b9c-43b2-b614-0d762bde8d00",
                "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://malwareanalysisspace.blogspot.com/2025/02/the-north-korean-nation-state-apt43.html"
                }
            ]
        }
    ]
}