{
    "type": "bundle",
    "id": "bundle--0ecd8123-90d5-46e0-9cd4-65d4999b3a2e",
    "objects": [
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--9a8a0d25-7636-429b-a99e-b2a73cd0f11f",
            "created": "2015-05-07T14:22:14.760Z",
            "modified": "2015-05-07T14:22:14.760Z",
            "name": "Adversary Bravo",
            "description": "Adversary Bravo is known to use phishing attacks to deliver remote access malware to the targets.",
            "threat_actor_types": [
                "spy",
                "criminal"
            ]
        },
        {
            "type": "malware",
            "spec_version": "2.1",
            "id": "malware--d1c612bc-146f-4b65-b7b0-9a54a14150a4",
            "created": "2015-04-23T11:12:34.760Z",
            "modified": "2015-04-23T11:12:34.760Z",
            "name": "Poison Ivy Variant d1c6",
            "malware_types": [
                "remote-access-trojan"
            ],
            "is_family": false,
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mandiant-attack-lifecycle-model",
                    "phase_name": "initial-compromise"
                }
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--8ac90ff3-ecf8-4835-95b8-6aea6a623df5",
            "created": "2015-05-07T14:22:14.760Z",
            "modified": "2015-05-07T14:22:14.760Z",
            "name": "Phishing",
            "description": "Spear phishing used as a delivery mechanism for malware.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mandiant-attack-lifecycle-model",
                    "phase_name": "initial-compromise"
                }
            ],
            "external_references": [
                {
                    "source_name": "capec",
                    "description": "phishing",
                    "url": "https://capec.mitre.org/data/definitions/98.html",
                    "external_id": "CAPEC-98"
                }
            ]
        },
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--1621d4d4-b67d-41e3-9670-f01faf20d111",
            "created": "2015-05-10T16:27:17.760Z",
            "modified": "2015-05-10T16:27:17.760Z",
            "name": "Adversary Bravo",
            "description": "Adversary Bravo is a threat actor that utilizes phishing attacks.",
            "identity_class": "unknown"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--d44019b6-b8f7-4cb3-837e-7fd3c5724b87",
            "created": "2020-02-29T18:18:08.661Z",
            "modified": "2020-02-29T18:18:08.661Z",
            "relationship_type": "uses",
            "source_ref": "threat-actor--9a8a0d25-7636-429b-a99e-b2a73cd0f11f",
            "target_ref": "malware--d1c612bc-146f-4b65-b7b0-9a54a14150a4"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3cd2d6f9-0ded-486b-8dca-606283a8997f",
            "created": "2020-02-29T18:18:08.661Z",
            "modified": "2020-02-29T18:18:08.661Z",
            "relationship_type": "uses",
            "source_ref": "threat-actor--9a8a0d25-7636-429b-a99e-b2a73cd0f11f",
            "target_ref": "attack-pattern--8ac90ff3-ecf8-4835-95b8-6aea6a623df5"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--56e5f1c8-08f3-4e24-9e8e-f87d844672ec",
            "created": "2020-02-29T18:18:08.661Z",
            "modified": "2020-02-29T18:18:08.661Z",
            "relationship_type": "attributed-to",
            "source_ref": "threat-actor--9a8a0d25-7636-429b-a99e-b2a73cd0f11f",
            "target_ref": "identity--1621d4d4-b67d-41e3-9670-f01faf20d111"
        }
    ]
}