# coding: utf-8

from pycti import OpenCTIApiClient

# Variables
api_url = "https://demo.opencti.io"
api_token = "YOUR_TOKEN"

# OpenCTI initialization
opencti_api_client = OpenCTIApiClient(api_url, api_token)

# Get the intrusion set APT28
intrusion_set = opencti_api_client.intrusion_set.read(
    filters=[{"key": "name", "values": ["APT28"]}]
)

# Get the relations from APT28 to malwares
stix_relations = opencti_api_client.stix_core_relationship.list(
    fromId=intrusion_set["id"], toTypes=["Malware"]
)

# Print
for stix_relation in stix_relations:
    print("[" + stix_relation["to"]["stix_id"] + "] " + stix_relation["to"]["name"])