misp-circl-feed/feeds/circl/misp/5937f449-62bc-460c-a4c6-4bb9950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-06-05",
    "extends_uuid": "",
    "info": "OSINT - Shadowfall",
    "publish_timestamp": "1496855294",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1496851791",
    "uuid": "5937f449-62bc-460c-a4c6-4bb9950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:exploit-kit=\"RIG\""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "link",
        "uuid": "5937f48b-c8b4-43d1-8a3e-81a2950d210f",
        "value": "https://blogs.rsa.com/shadowfall/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "text",
        "uuid": "5937f580-9870-4490-b8c6-4262950d210f",
        "value": "Over the last several months, RSA Research embarked on a cross-organizational effort against RIG Exploit Kit (RIG EK or just plain RIG), which led to insight into the operational infrastructure (and possibly the entire ecosystem), as well as significant discoveries related to domain shadowing. Domain shadowing is \u00e2\u20ac\u0153a technique in which attackers steal domain account credentials from their owners for the purpose of creating subdomains directed at malicious servers\u00e2\u20ac\u009d."
      },
      {
        "category": "Payload delivery",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5937f7cf-18c8-4baf-89fe-4add950d210f",
        "value": "f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware - Reference",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "link",
        "uuid": "5937f7cf-11f0-4061-b502-485d950d210f",
        "value": "http://www.malware-traffic-analysis.net/2017/02/27/index.html"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware - Malcode",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "link",
        "uuid": "5937f7d0-da3c-42f8-ab04-4bce950d210f",
        "value": "https://panacea.threatgrid.com/samples/e55adbba88f8663369a1afea4f520c50"
      },
      {
        "category": "Payload delivery",
        "comment": "EITEST Campaign: Cryptoshield ransomware -",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5937f8d8-50dc-4006-b238-42a2950d210f",
        "value": "1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware - References",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "link",
        "uuid": "5937f8d9-4bcc-492e-83c2-4cae950d210f",
        "value": "http://pastebin.com/embed_iframe/y1TdBJH6"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware - Malcode",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "link",
        "uuid": "5937f8d9-2518-4cc4-9729-487a950d210f",
        "value": "https://www.reverse.it/sample/1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd?environmentId=100"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABFIAAAJYCAYAAABB8cJWAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7L0HoGRXeR/+m5lbprc3r7d92/uu6qohigSYXmWwcQvuIYmNcUnifxLHsWM7doLj2I7tYGzAGBAG0QQqqPfdlbb3+nqf3u6duTP/33dn3u7b1VuJIgSC81sdvfduOeU73/naKdczPT3dRBt33XUX9u3bh66uLqxduxb9/f1IJpPtuwoKCgoKCgoKCgoKCgoKCgo//Gg2m7AsC3OFIu55ei8mjh/B2177arzzHe/AhUDK//pf/8t96JZXvQrJ/rU4n2lC0zT4fD43EwUFBQUFBQUFBQUFBQUFBYUfHTThNJpI9YSQt0r45hc+h2TDbgVSmPDZz34W23Zeg87VOzG6UG2/pKCgoKCgoKCgoKCgoKCgoPCjjdRQEruPPofS1FgrkPKhD30Ib37zmxEb3om0rbcfU1BQUFBQUFBQUFBQUFBQUFAQBPsS2P/MAxcDKb/4i78IX2odzs+X248oKCgoKCgoKCgoKCgoKCgoKAjM3gSOPPfIxUDKr//6rwPxEZyczLYfUVBQUFBQUFBQUFBQUFBQUFAQ+HriOHHwyYuBlI985CNoxlbhxESm/YiCgoKCgoKCgoKCgoKCgoKCgovuOI4deOLSQIqsSFGBFAUFBQUFBQUFBQUFBQUFBYVL4XTFcfTyQIonMYKTEy+8tcdymrCdRvsvwOvxIKR723+tDPm+cslu8Kf7pWUXps8Lw+dp/6WgoKCgoKCgoKCgoKCg8MpHw3GwMD+L9Ow0quUSmo2L/vPLBa+mIRiOINnVg47ObvdaJr3AOs2gVMjBqdXcay8rPB6YgQDr1IuOrm7ougF7fgYz+57G+LNPo7w4337w5UWI9BnedQu6tl8HPdnZvroyrFQMh/c/fnkgZTVOvcgZKU9NFHAqXYWPRGg06hgMNfHa4Qh83suCIk35rxU4sZ0mHjifx3TFB40dWnMa2N4dxNU9Yfe+goKCgoKCgoKCgoKCgsIPA6rlMvY8/ih+/B23obe3B5qute+8fLAsC6fPnMeDj+/Drle/1r22/5mncPWW1diyaR0CwYB77eWE02ggs7iIz3/5AazbuhPRRAIH/uXTiBWncMf73oa+zlj7yZcX47MZfPofvwDP6u3Y+KZ3tK+ujEpH9PmBFG9SAim59iMr48nxPMbyNQzGA1iX0nFtFxDTWwGTZvPiipPWOpTWzwZ/LdQ82L3gw8k5CxPZCjalAri6VwVSFBQUFBQUFBQUFBQUFH54UCmX8PTDD+LDv/pTKNe9sOsv/4qUoOlDMZfBZ754L26+7Q3utb1PPIbX33oN+gcHUazU3WsvJ2TxRW8yiI/+9aewfvtViCWS2Pvpv8ewt4gP/ty7YE2cB5bWZywPLSxB7i2/fvnfl6B90/2xwoPLLvmH1+LP//zjKHWvx7Z3/Hjr4hVQTEZxaN9jlwZSfB1rcHrqhQMpT43nMJ8r4Lb1Sezashn3nTAQ9QN1h3VhZST5TSAVA3qSQIi/L5aAdBW4Kl7DFx7ajcdGK1jdlcRV31IgxUJlahrTD0wh+N6b0MWyLi5+KSG7fwzZqToit21CrD6J0U9+Bs81m3yrhaEdr8Gmq65CcG4Ks0/PI/TOXW4eF7JAEek9T+LEnmdxxv3bD5+2Ezf/+C3ojepYedcSB0IzjfOfPAL9tTvR0R+D39e+BRvW3Awm7x5FgHl0BbOY+fKXcZhtWFqolOhbg+2vfTf6/YvM4yjMt16PVHcI5oWyqqhMnMSZr9yN/e0rwBbsuO1GrF7TidAVA5o5zN53GlYihfjOYbD6bcjAzWDs00fhvXErOoY1VPY+gePP7sPZ1gPw6SaufvuHMJKqYPGek6j39yO+pR+RC3k4aDoLGP3UZ7C/XCHVBEMY3no9tt2wDnHDvbACSsgdGkdm1EL49TuQMoVbq5h/7hPYo92IDUP9SJycQSHvQ+TWTUgaTZaTx9zev8dTwbfiupFV6A9L5nVU5g/h/L578Oxp/imMtvkduO2a1ejGNPY98xSOneDAI8Idfdj5xp/Fqrj8lcHkl06gsW4VEht6EL5AuzoaltD/CMy37UIqMIN9Tz2J02cn3LvxnhFsv+39GLosKFqZuQ9H03VUY6/Czf2R9lVBFYsHyXuHZzCb3YjV26/Hjlv6EWrf/W7RsDPIn/kY0p0fQn8iCMpFQvh/FNnpBiKvY79yrLnIHsV9C3FsiDfgOzqLohNG980bkLhiH10JWUzfvRIvfK9RRXn8OM5+9RvL+H8rdtx+I9asTiGoVVA4OYGFw3mE3nyNO55fThTP/QMmPNchmdqIriWGqpdQypzDlxZ68K7BEsbuGYexeR2613e/wHhVUFBQUFBQUFD4YYQEUp568AH8mhtI8XyfAikaStkMPvul+3DL7a1AiqySuf1V16J/YACF6gtv7UkvLGBy9Ly7guTF4Pf70Ts0hMFVI+0rK0MCKX3JEP78/0og5WrEk0ns+dTHMOTJ4+d++p2wJs5ddNTFbbzotLt/F+06Ti4WcT5TvnCrLxrAuo4wnGYTp3lvplB1r3voL47Qb1qfCiOg0SD3tKMm7R+XB1L+4i8+gXLfRmx/5wsHUrLxCA489xguCRN4+M/r8b5g2twZxmsGDWyOOwgHDRSYQyMgLh2wYAETBeBMlikPTJWBRbZjjul4RgIsOtYFyri138DajuCK+T8/1VGbn8HkNw4hXWNhl9yronTqPKafPIM8mbNZzWLiCxMwu7dj7fYbsOWqGzBEJgnpNVjTk5i6/ygyzMNzSR50yo7OoXBKQ+emG7B5y0YMBPfiU48cx3TRRvOSZ5dSk5Sik/m1/ZifLaPWXH6P9c3MYuJrB7Boedg3BSw8Mg3H7sXg1lad1qzbhJifvVbLYOpLz2IxbaF+WR72/CLmHswisuEGbNp5A9amRvHYkcPYP56Fc+G5y1MJ6WeOY+7YHMrO8uvSrznMfOMAFqYKsJtV5I/MoXhad9ssddq8/Tqkwjp0XxELjx/D3KkFVBvL8xDey2Hqq5PQIhuwetsNWD9Yw/jMAdx7aAr2hecuTxZKZ0Yx/bj0EfvPqSCz7yM4mI8hGU4hGaiR/mcxvXsUBd5vWrNY3Pc7eK40jL5YAlFDh7c2i/Fvfhp7v/B15OOt+m7ZuQtbUhkUC3Xkq36k+te1rm9ai4idxT//771YbJL+ngLmHz6C+bMZWJe0p4lmLY3Ju55z6V92Auge2tDKY+MI9Pwi7vy/+5Dhsxd4zp7E+dOLGN19CoUTBzBnLeXlgTV2L74wacLu2Um6VDGRP4R7zmbb97/7JFvpdKeGz5yYRbrqtK6Tf+YP34P9D30BJ2arF561Zp9hm7JsbxDRwV6khjsoPC7N71tLbV44OX8ZL3yvE/l/Lo25h3KItvl/TeocHj1M/p/Ikf9tVMcnMPXgceTIMyvn8UIph7n7n8HJL+7Hgr3S/RdOZsPBY6zHqZx14ZpTGUf25EfhOCF4tDhSGwaRoNCWs6CWv6uSSiqppJJKKqmk0o9Gcid+iQY9RwmjvNxJYgSyEEMCCkt1kt8FKz1/eTp/+hQq9Gtff8uOF01r+uPY+/hjK+ZzeZJ6teIOrXpJnWRnS6NeayW7nZb/LqlWw3S2hMdnKrj+3e/Fde10xNLwwKkZ3H9yGmc94QvXr377O3HfuQwW82U4NfuSfC4kKcP9WXfrsJxWV0rSn3U2gj18EfLii6Vk0EAqoEH3OAgH6tg2XMDa/hpu39nErduAXZuAq1YDq7uAsClRJ2AwCtzQBwQ1/t103Pfjfn3F/K+YpH705i+93iK8m9x7Gp8bwuqdr8ZVN9+Oa5nWjKxCxGw/c6HD2n9fSDHEOrdh8w2347rX3I6b33Ebrvr848hNFulAXv6sJCEif7JOz8+rneTeUn3Rjd41u7DtxladtmzbiUSAdZf78o/PPD+fAAz/WmzYdTuu4Ts3vuuNuOboNLT948jVLn92WVrK73m0WkrtunviiH
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937f9fe-3e58-4a38-9918-819d950d210f",
        "value": "AppAFig1_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABREAAALECAYAAACfVncNAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7N0HfBzFvQfw33W1U++9W5Kr3G1cMQbbYDDFtARIQhrpySMvpLyEEAIhJIRQQi8GYzC4N9y7XGTLsmz13qWTdGrX+9tdnWwZZEESirF/33wG3c7O7c7Mzt1l/57dlc1fuNgDIiIiIiIiIiIioouQvbjlNIOIRERERERERET0uXK7XLBZLbDb7cJrtzf3iyOTAQqlEr5+/tJfmZDhdrvhsNuEelnhcrq8Jb9YCqUCPj6+UKnVkMnlQke54bFZ0NvWApvZDHi++NCdUqiLX0go/MPC4VGopDzZU29s/I9qovINhNJXKzROKWzFm0lERERERERERDSMrrZWKNw2+KgUUCrk3twvjsfjgd3pgtHmRmhULNQ+Pujv6Ybd2As/tQIqpcJb8otldzphtrvhow2BNjgE1q4O9JzKg8rUDR84hRJffBDRCQVsKn8o49IQljtNypO9+/7ai9ZEjA2KUVmRVEjo7MHCTe16aCIyoPYPglz+5XQyERERERERERF9NZScOoEZE7MwKjNtYFLal8DjsOKt1VsQl56NwOAQNNVWIdRPgXmzp0KmUHtLfbE8Tjt27T8Kk1OBuORUtJecRv3aFfj1I79AqML1pczdM3vk2HPgBPaeqMRVP/m1lCdr6+gaMYgoEV8IpYYWXLXqPcjC0uETFAmFgkFEIiIiIiIiIiK6uOKTx3HNrElITEpCv8Xhzf3iKOQyxIT44tmXVyEuPQuBIaForK5CdLAPrp43E139Nm/JT6eusgL1VZUwGQ3enAslpWcgPSsHvv7+3pzhRQb54MOdB9BjdSM+JQ1tZ06hYe0bePrFx2GpKROvA/eWFAwJznlk3pCdN0+K4wn/kRaF/0jLF5ANrJN5hFeDa4Uc7/uHZqkiorE/vxTrdp3AnF/+QcqWvbr2mKe4tQcyhQdypbARlRsKpRtfmz4GKdGRUKnOR4ZrWnrxwsbTePKBeXjxldfhCU2DX1Ak5IpPGz12wKLLR/n2v2HDUW/W9O/jtutmIDvGha7t63B8wxac8q4SrwNf+LNXMSHFDt0bL+DQqSLUeteFxGXg6u/+FeOixKVWVPz9KRysqkGztBaIypiMeff+FjkR4jX2rSh5+FHsa9ehc2A1EicswOzl30aisxhn/vBn7BLy7AOrMHbxdzDj6iWI03ozzmlB+V//hgO19cIWB8RkTcfcr/8K2eHeDC9D5T+xv0MYJNG3YGl6qDdXPCotKPnjn7E/exmmz7kKk6IDBlbBBltHHYofOY7g392BhEgfqPuK8OH6tTiWf1ZYn46Y1Nux/H+nIGzgDUDXCax5932cLamWFkPTJmLKbb/AzJTBwdmGyqefxsHQKciYfy3mJgR688+z1q3H++/3IHLiTIxJLYbT2Ax7/M+QeW4nLSh7/ChkcycjZkoygsTL4K06NLdVYXVXCn4xJe7cGOuv/IfQ5iAoYm7G9Wkh3tzB/v+T0P8d5/s/9xrMWf5DZIQ64bbX48yv/4C9JjP6vOvTr7oFs5beg5Rgb8YFLNCfWYGju3fgRG82YuZ9E/ddnQFf79pLlkOPrqISnNmiR+ovb0aicJi++MnbRERERERERF+O4hPHsWDWRCQkJcLwJQQR5TIZYkP98JwYRMzI9gYRKxEd5IP5UhDR6i356ax7ewWunT8N2aPSvDnnidfy/u0fr2L+9TchKi7Omzu8iEAf7Nh1ED02z7kgYt0Hr+Ef/3oUluoywDUkiDg0MugB3EI60qRHQUsvjHbx0mcgVtjelLgQJAT54mhTN04J6wbjhBlhAZiWEIokYd3FiGXVEdE4cLIc6/eewtzBIOK/3j/kKe/qgVvuglzp8gYRXbhn8kSkx0RLN3UcDGmWNerxp5WH8c6vb8KLr74BeVg6/IKjpJtRjswDl6EKdXs3oaKoG/Hffhg5g0E3axU6zPEI0NrQt/k4WipdiPjxEiSJcTChYxQKFWSyZpQ9ug+m5AzE3DQJUWhD46kCvP6aGt97fQlilY0ofnAXnLOnIP6aHITJOtB+rAJn1rsx4ZmrESOrR8F3PoTia9ciYWoyglUDAUq5wg5rcwVO/mA3gp75LlJjfOHTewLr32qDIzwTi74xDmHnojxiH9Sj8Gc74b5mJuLnjUKoow5nDxRjx/5g3PfUAsQIZcVj6e4vQn5+K3qaWhGWHI+ISQuREihuSAyo1ePkdz9ES8p+aGZ9DZnZNyAlXCm8zwxLSyVOfG83Qv/1ANK01Tj2fAt8xqdj1HXJ0Dp7YTN3o9M5CinRHjhq1+L5V7qRvmAups1IFdpkh7nlIOry16Ih/nEsnhEBlbwRZ3+1G/WqLvgvnoVR44V6B3hHm0eoi6saeQ/9HnvKYpH9jXswZ44P6ttbcdQ8Cj+ZEQ+ZUMbTewx7H3sO+tyvIXfBAmRGaWDXl6O15jiKA27B9dmB0o1J3X2ncVxoc19zG0JTEhE5aQGStWKbxYFejxP3C/3/9euQODUJQdZK5O+oQH5pBO56ZDoi7LU4/vUt8P31nUjOjkSAeJtNuUI4PkIa+uE4R/goujvQtC4fTUV2RP3yZqQJ/Tts0RF1ovHdfOiaFIj84aKBMfeZEvr/N/vgnDkZCdeMRrhGqLfwWXK7PJApFVK//ft1JiIiIiIiIvpqKjp+DFdflYv4pCT0WQancn1xFDI54kJ98fwr7yIxMwdBoaGor6xAhBhEnDsDHSMEEcUHwThsNjid54Ofm1atxJKFM5Gdne7NGSCXyxGoDcBvf/83LFi2HNEJCd41w4sK9MXO3QfRZ/MgMS0dracLUL36VTz17MMwV5bAMxhEHAwiDEYEBS63B385Uotv/eB+5ORkQq1WYc/ePOzduh2hKqBXE4hHHv6lFIPo6zNgxZvvIdrQjjmJoR+PSQzJUEfE4GBhJTbuL8LVD/1RypPLFC6YPSY09Lehpq8ZdX1NqOtvgs318YOp8rcjcrTu3EZlQueLwTjp70jJ0w9dwT70ODTI+MlfMCHOB2qNNwWNRXxMCIIDxKCKUuhoNVSD69Q+0qXS4j0XpXUK77qAEIRERWNyYB8cVnEfA+sVSg1UwnvUvn5QBqnhCbXAbZOLjRSqPGS9sA2VSg2FGEgU6y+uE/PFFBaHjHA1ElTiU3mGtEHax8B25IPbCQpHVFQYxvobhIE0WM4NY30ZEB6F5Bni9fVAY2MfPOe2IyRhG0kTf4QAmxrdNWfQLQySge2L68RIpNBmpwUtyf3oDnEKOWqo/aOhjchBaoyw2qVD6ZbNuOquubhqdg4iA8Q2BSI4cTZSx38X6pWH0CYcPrfwTnFfYbFBcBsdaK/shlOqg0w4Jg5YyopQeNu9GJMyCmniPv3DEa8IwMTONvS5hZoIbektP42we78LrU8cPJ0muGU2WDqsMJwNQE5K8ED/CeUM9aWQCQMseUYWAgI9H2+zeHxU3n4LjkRsZBCy/Uxw2MXjIwYbVcJ64bicOz7CsscOi6kbNR3ifoduSwwwCuuF8aAQt6sQ8oT+6j/bDHNvl/AFUIyKMyfR2NwKo9S3MnicJhhbT6Ly7ElpXUe3Hn0NjehqrUGzvgb11eXC2LcJ/SK0rbQVfbpm1Fd1oEtvhLmzB4aGbtjc4r6FvhP6wFDWCpPBMdDHwufBZW6Hvn5g21Ulp9FntaKvrAK63kY0N5WipqkJOuEL0m02wVTbJW1LbLfMbUZfXRnqhfdJda6vh8nh3Q8G6mLSd6KxplRa39DYhH5vm+C2wtx2EtUlA+/VCfW0u8T3MjExMTExMTExMTExMTFdgkmcKSSeow9Elb7wJO5XOKMWqiCmwToJScoXffw9g6mtuQkHP9yM4zvPp6jwIBQUlmDlqo3457Nv4NHHX8A/nluJv/7tJempz+JGP11bB/4MrZP4TrfTBZfdDpfDMZDs3uT0LgvJ7XLgmqRgvPvS69i1Yx96e/ux8JrZ+Nq370Vo9lj8+U+/kuImNbUNeO
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937fabc-4f0c-444e-bdde-477f950d210f",
        "value": "AppAFig2_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABREAAALACAYAAAAExzUbAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7J0FfBzH1cD/0ulAzMxoWbbMzEyJIbHDzIxNmgaaJm3atEkaatIwM4MpZibJbEkWMzOedDr6ZvdOtpzYDnxpmzbz//3G1u3uzc68efPmzbvZHZfps+fbkUgkEolEIpFIJBKJRCKRSCSSU+Dy4oqDMogokUgkEolEIpFIJBKJRCL5l2KzWjH1dNPb2yv+tjmP/vtwcQGNmxvuHp7q/y7igM1mw9xrEuXqwWqxOq/896Jx02AwuKPV6XBxdRWCsmE3ddNaU4XJaAT7vz905ybK4uEfgGdgEHaNVj3m8uQbX/2kkmjdfXBz9xaVcxO5OA9KJBKJRCKRSCQSiUQikUgkJ6GxphqNzYRBq8FN4+o8+u/DbrfTa7HSabIREBqBzmCgvaWZ3s5WPHQatG4a55X/XnotFoy9Ngze/nj7+dPTWE/L/h1ou5oxYBFX/PuDiBY0mLSeuEUmEjh8rHrM5YOPPztlSZTYoBKVVVAvEsLuu7iitgl9cDI6T19cXf8zQpZIJBKJRCKRSCQSiUQikfx3kL0/k/EjUhmQkuhYlPYfwG7u4e2PVhCZNBAfP38qigsI8NAwbfIYXDQ651X/XuyWXtZt3kWXRUNkXAK12Qcp/ewt7v3jnQRorP+RtXtGuysbtmSyMTOfibfeqx5zqalvPG0QUUX5Q1zV/8L33/8Ql8AkDL4haDQyiCiRSCQSiUQikUgkEolEIjk1WXv3MGvSSGJiY2nvNjuP/vvQuLoQ7u/OP15+n8ikVHz8AygvLCDMz8CMaRNobDc5r/xhlOTnUVqQT1dnh/PIicQmJZOUmoa7p6fzyMkJ8TWweu0WWnpsRMUnUnN4P2WfvcHTLz5Kd9FR5Tlw55WCfsE5u4szZOc8psbxxD/qR/GP+vkEXBznXOzir76z4ojz+/0PaYPD2JyRw+frMply9x/Uwy6vfrbbnlXdgovGjqubyERrQ+Nm46Jxg4kPC0GrPR4ZLqpq5YWvDvL4DdN48ZXXsQck4uEbgqvmh0aPzXTXZZD7zRN8uct5aNz1LJs7noHhVhq/+Zw9X65gv/OU8hz47NtfZVh8L3VvvMC2/Ycodp7zj0xmxrWPMSRU+VRN3t+fZGtBEZXqWQhNHsW0S+8nLVh5xr6a7IceYVNtHQ2O08QMm8nkc64mxpLF4T/8mXXiWK/jFOnzr2H8jAVEejsPHKOK3MeeYEtxqcjRQXjqOKZefA8Dg5wHnHTkP8PmeqEkYWezMCnAeVRplSqyH/4zmwcuYdyUiYwM83KcwoSpvoSsP+7B74HziA4xoGs7xOovPmN3xhFxPonwhHM557ejCXR8ARoz+fSDjzmSXah+DEgcwehldzIhvk85a8h/+mm2Bowmefocpkb7OI8fp6fkCz7+uIWQERMYnJCFpbOS3qjbSTl2kyqOProLl6mjCB8dh6/yGHxPHZU1BXzUGM+doyOP6Vh7/lOizr5ows/ijER/59E++f9JyL/+uPyHz2LKOTeRHGDB1lvK4Xv/wMYuI23O80kTz2bSwkuI93MeOIFumg6/xa71a8hsHUj4tCu4bEYy7s6zv1jMTTQeyubwiiYS7j6LGNFM//7F2xKJRCKRSCQSiUQikfxnyMrcw8xJI4iOjaHjPxBEdHVxISLAg+eUIGLyQGcQMZ8wXwPT1SBij/PKH8bn77zFnOljGTgg0XnkOMqzvE889SrTz1hMaGSk8+jJCfYxsGbdVlpM9mNBxJJPXuOpfz5Cd+FRsPYLIvaPDNrBJtLOiib2VbXS2as8+gwRIr/Rkf5E+7qzq6KZ/eJcX5wwOdCLsdEBxIpzp0K5Vhccxpa9uXyxcT9T+4KI//x4mz23sQWbqxVXN6sziGjlklEjSAoPU1/q2BfSPFrexJ/e3c579y7mxVffwDUwCQ+/UPVllKfHjrWjgJKNX5N3qJmoqx8irS/o1lNAvTEKL28Tbcv3UJVvJfiWBcQqcTAhGI1Gi4tLJUcf2URXXDLhi0cSSg3l+/fx+ms6rnt9ARFu5WTdtQ7L5NFEzUoj0KWe2t15HP7CxrBnZxDuUsq+a1ajuWgO0WPi8NM6ApSuml56KvPYe+N6fJ+9loRwdwytmXzxdg3moBTmXT6EwGNRHkUGpRy4fS22WROImjaAAHMJR7ZksWazH5c9OZNwca3Slrb2Q2RkVNNSUU1gXBTBI2cT76NkpATUStl77Wqq4jejn3QRKQPPJD7ITXzPSHdVPpnXrSfgnzeQ6F3I7uerMAxNYsDcOLwtrZiMzTRYBhAfZsdc/BnPv9JM0sypjB2fIOrUi7FqKyUZn1EW9SjzxwejdS3nyD3rKdU24jl/EgOGinJ7ObXNLspiLWTH7x5kw9EIBl5+CVOmGCitrWaXcQC3jo/CRVxjb93Nxr88R9Pwixg+cyYpoXp6m3KpLtpDltfZnDHQR30xqa3tIHtEndsqawiIjyFk5EzivJU6K4peSuZVQv4XzyVmTCy+PflkrMkjIyeYC/44juDeYvZcvAL3e88nbmAIXsprNl01on1E6t85jiG6oq2eis8zqDjUS+jdZ5Eo5HvSS09LA+UfZFBXoSHkpnkOnftZEfK/bxOWCaOInjWIIL0ot+hLNqsdFzeNKrcfX2aJRCKRSCQSiUQikUj+Ozm0ZzczJg4nKjaWtu6+pVz/PjQurkQGuPP8Kx8Qk5KGb0AApfl5BCtBxKnjqT9NEFHZCMZsMmGxHA9+fv3+uyyYPYGBA5OcRxy4urri4+3F/Q8+wcwl5xAWHe08c3JCfdxZu34rbSY7MYlJVB/cR+FHr/LkPx7CmJ+NvS+I2BdE6IsICqw2O3/dWcyVN15FWloKOp2WDRt3sHHlNwRooVXvwx8fuluNQbS1dfDWmx8S1lHLlJiA78Yk+h3QBYez9UA+X20+xIzfPawec3XRWDHauyhrr6GorZKStgpK2iswWb/bmFrPXkIG1R3L1EUIXwnGqf+fLtnbqdu3iRaznuRb/8qwSAM6vTP5phMV7o+flxJUcROC1qHtO6czqI9KK+9cVM9pnOe8/PEPDWOUTxvmHuUejvMaNz1a8R2duwduvjrsAd3YTK5KJUWR+50XeWi1OjRKIFEpv3JOOa6kwEiSg3REa5VdefrVQb2HIx/Xvnx8gwgNDSTds0MoUt91NjpLj0JQKHHjlefroby8DfuxfEQSecSOuBkvk47mosM0CyVx5K+cUyKRos6Wbqri2mn2t4gjOnSeYXgHp5EQLk5b68hZsZyJF0xl4uQ0QryUOvngFzOZhKHXont3GzWi+Wzim8q9AiN8sXWaqc1vxqKWwUW0iZnuo4c4sOxSBscPIFG5p2cQURovRjTU0GYTJRF1ac09SOCl1+JtiMTe0IXNxUR3fQ8dR7xIi/dzyE9c11Gag4tQsLjxqXj52L9bZ6V9tE65+YUQEeLLQI8uzL1K+yjBRq04L9rlWPuIz/ZeuruaKapX7ts/LyXAKM4LfdAo+WrEMSGv9iOVGFsbhQHIIu/wXsorq+lUZeuC3dJFZ/Ve8o/sVc/VNzfRVlZOY3URlU1FlBbmCt03CbmIuuVU01ZXSWlBPY1NnRgbWugoa8ZkU+4tZCdk0HG0mq4Os0PGoj9YjbU0lTryLsg+SFtPD21H86hrLaeyIoeiigrqhIG0GbvoKm5U81Lq7WIz0lZylFLxPbXMpaV0mZ33wVGWrqYGyoty1PNl5RW0O+uErQdjzV4Ksx3frRPl7LUq35VJJplkkkkmmWSSSSaZZJJJpl9gUlYKKXN0R1Tp356U+4oZtSiCkvrKJJJ6XOG73+lLNZUVbF29nD1rj6fQIF/2Hcjm3fe/4pl/vMEjj77AU8+9y2NPvKTu+qxk+sPq6vivf5mUb9osVqy9vVjNZkfqdSaL87NINquZWbF+fPDS66xbs4nW1nZmz5rMRVdfSsDAdP78p3vUuElRcRnPPvlPNDWlJHjrsPd9X8mrLy
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937faed-d610-4f3d-8da2-4226950d210f",
        "value": "AppAFig3_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware - Trafic",
        "data": "iVBORw0KGgoAAAANSUhEUgAABKgAAACTCAIAAAFSSoaZAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAJBwSURBVHhe7Z2HWxXH/v9/f8MRTUxuvPemHaScQ/EgglIUS2KJ3UgsqFHJVZMbk4tJ7MZrjcZAYo/GggULKiqCIEg5JBqDMbaIWICbe7/pVjRB/H1mZ3fPzJY5e5ZDn+d5PTyHnZ2ys1N35jPv/3fl18ec5sv/q3pcouB8Lfo7NLwT/G0/ec35Y0PbjFhV8VMK/NsrMwffA/gEjDwn3AnINwDX/3RWPcrEv4UbCvFvTSy9EuTfEBcOMO2NUPkiAOnJrHb9K3NF/v1H+nvfa8cCHttEvol/P2Ptdf7C0jdj7PDb4hstXCwsf1zy4uwvnp287PSZhXClT/JGS0Csc8tA+F0h+BrosJ07M/dZa4hwvxvKz08Xf9/blnEP/ThVU3L+wqLUXwqSTuyHf1+wwqMV4HtGdba1H7n02sPcVWX5ltDXqu5urnrsvCk4QT4MdoTfqM4EJ8kXcnphzrYRn26AK+VSzmu8v1ZL960H5RLZFPi+hlX0MdT7K9kG5a4IiqT/kl2d/MLgCv5hGbHqyj1UEJ7x65m5OBbfPDAjU35acC3+zyH40c437sado/gi0CfIdjw7CX68vne7fJEkJ2fejWoIGUUK/0KAX539CH6M7uew2IcI94hOaqD+fVmRcaoiA+pfjlYFBaD+LRzuOH9xmeJ6PZD/gjWiICfx6cRk4V8nvo6zaP+cmMkHd1lChuI75drDIP2OGAIb6v2Nddiq7m9Ju1tisY+ZsHsPXME/LFZb113oreTsTKysPohv/r62BK7PEBqudpH94PfFrCHwN6mHDd9gsYbEJH0IVzD4ogLxuhAp/tcS1B3f/8Ui4f3h9Gg1X2T7KV9UgBteS5BY5uqT/I7WbtB+dpj+xRtRQVUP9wwqyIPr0oMXRUUGbVoWj++Ev6U1yJfFGgY3PG21LZzSs6oG+qY8uUpcf1ziN3jSR/MHtRk6tzcEcnfzmFP5JQ9Kds0S8+fGzflwWyttP9vEp1T+8oniIuL2WuWVugGvAV6e4uJlGD0krFNcJHFuGaC4ogf1/iqr98m/C9f2wj/SpofD8MRn5Mfw+2/vbBoVjvp/wGfwIrmw4Bvav/IO/rfq8cmD99EPdMODtPzL+wgnJcsHB5V9/UbiGVQqhQAL4X4oiRa/4ME27VqLMVL/2ti6n02HTgENGbIX4zFLScWdDEuMkJ4HadnVJbO3bOy57QD8i+J9kPbcrG34NhOI45eH+yt/RaM5S8x04f2VrDwFg6O8uf2Ce0BNepCmfn/gJDe5PoMWw1+cpVcfl1gX7IR/r5ZOgfoHTseXxsgjIICPX5o32u8Puo3LznHwA8as8APKwpCQEGhzRzpRm475i7U/Wf+69umX+ovU5Vbv2i+MnuGGkk19rj1yP47C4Pon/M6bNa4b6aTmyGXUQyP06x+QnxLX3k9sS+qPE5dTcf8ndXgiOIt2L+t/uWQKzr3ys2+O/xo1NhhoqPwcnSyDlylmTe1tdjQmeJAWtS+TdEq7DoG4hja8/jVvNN4fni/jglPf83fglcAg+Tfc/2xMP+F3XuXtrc6tg2SnwZlZVTUZ8r+Akfn7mT9Klg6yF+Z9AL/7h9jKHxScu50Lv9Xz9x1lx+BK+a3UtgH9BSczuObvQhcF023o/2CSLlxBla/iT1fXBU4VP68dcfJ4UpE840KucdsO+lptkA9CtctrbxuQOh71jpWC0+DO9g7RrhTy+te8od6fPH+H+gdTb7hicP4ON5z68UhVLSraeP5eJlyHG54ItN2sRQNoxVQdU9/z97GFORBmo8/fi/9zCObvkHvCxaJrj0tmnhNHEpaIKfiHGjwn1uUuGidT70+ev8P7g6k3XDE4f4cfcr8tz9/xdRi/wF88tUcXpam6fAN5Ef717vy9Qgyzkefv8Bfm75B78v0DgsVcClm9v429C0zSUWt5e+1b5wss1vC+Sz5deeEwzOvBY1rKaHCqvLsV3x+V9G+fsD7Cb5Tzrbf9vHJqIu6Tmhe4QMhQ70+ev8O0V65G9T1//+r4gqq7mzf/hhocIUBUrGCKDX9RXNV7D0lBlT5y+QIMzt/hL/YozHxLIJ3QIMMkHb8/CBZm2fhmYOvE0DbxMBBzVj3ci9dhAPx0N6DSpIxHqb2/FSdJwDUeAeT5O/7XEjZJ+FEMfyHkeenpc/vYbvywfPFN1KGcSH8NO+GFjuWDg6pqDn9VU2IJiL9ePg+uQLXD+Qa+8D1q+PileaP9/izBCTDthR/G5+/gWv4j+gqFEObvFvtY7JT37WbxugSEr7iCkesf1AyvzN8h/QtW9W3i8/c29jEKX3jCHu4fB3UdX6n4aWXy/4p7ZuUqKiKvf80bvn+ieUPXP/EDR95TDuha0ZVemTnoe4p0w/ljQ/G3jErpCiDf0H7yGvgLDaajWxd8ZVyY2CzIeyMUoN0A9FcV3KXHbTu4dJA4UJraE4071Fh6zIC/U76lRhAk4LHy9lb8fcfiGL070fUVsX+ILXLn0fJHhUkn9v/Vt3/J9sFV1bsP30dfTOICbWdLFwVPmg23tbcNKPq8/9XSKTPLtL/vYGKg9SPacPKDC24JgRdnf3GqpiRiQ/q1h7nlt1ItvnhKgxLvk7DO12rbUXbsJoybauUvXIUwgAInyDfwBU5ob0evhIyZERCyPCduRe2nnJXNBUVXp1kBqPd3PDup+D+HXt+7HX8pwD+E7ylOmK3DlU5+YXl5s+DH5IO7cnLQGBfIQeNy8StJVIDNMmIV/EAfUEKGCh900HX/Jbss0j4iEkjTld/34L0XEGDFz6tlp46+kfAXnCAo+SIJ1L8vKzLGZO8/XSWNmxTU5l65l3/0Q3HZr/6A8f3Nu5mld4q/rDg8qocta3n3tsJ4RM4iYGBGJv6kBWnGV+TyBJUsNcH1EVgNNBWKKzLU+4NREAZ/KcA/yO8p6FuMHWVHVGQQuIb6odlVxZ006gOKxKZl8eiDDg7ZPkbeB0YCt+FPJNIHGtR4CtdDFn+TE3MgCwcl30/itv1E3NlQeVcaptYb8P4UV4gnEq9ABcCftACHw57Uw546Lgjvimg7es2aqWGWIJSZBEU9Nu4/dtsZPFXcg9I1MiTCIfQpgi+HkPmtpf0UZuXUFblQQ/8nX/QSyg0TGMauCIYTu2oq31/az8Uw57fEvQe/4cff3tlEuU4Px19mL2u1xRgYv8Bf/AEFfa2Qrms23+hibW47/yB8/+HZqM3ECIW3GO+lgF6d3Nsh3uCu/rXzD3asO7BkBpqGChsmnFUP0vDGoezF0fj9XcXv76GrjmYt8ri9/WgINX7BZOFP6tK3GEz5hX+hv+grsX1mL1Q7YVCDN0wAqVc+g7/CXgrxfkt8yrQoG2QpmgvCv9FvC4/jmj62ovFLi4R6f+39eu1e1j/1F6f4naUmi/zgUiZ8i9mwbiLUjMsl1KpHxY8rVv23GG/Ww/UP833p9Kra/EtCzYOq1is9E8KXXdUXoazJTgtW9YW/gpMrDSRy/SO7GRptj16H7P+ej3/73CONse5frP3xlhQgYOob8nWgZ1bu2fRXoHlICLNDCxG9/9i1KjQTw5w/Mhge5G9T0chu2ishfTpCXOiz7TXBlde/5g39/oSpNDlfru/5O744Nh/tXQA+G+5a54Px6gVx3dVN/SMvkox8zTWis/hGC3sXinDPrZi/C7YH4p1xdr3arIt6/g6TdJhuX3sgpI2whSh/UHATRje1OeC0ezLUUbQrImhlGjhBxoIvuM0S+pqQD+JQfKDD1iG6/4iTx+F3+9DhaC/F7fXbb4lx8fpXX2iWV69DvT88f4cBId6pb3D+LtxQDNM43P/B/P34f1B9km7Il/dSyFN1GfKi1+fvH5zYB2E2gfk7+rgB83dsUpJdttu1ckmD+j/VRYmTqisI6v3heSL8wDv14beR+bt8A7w/PBkHFLNXAP7FrpoX62P+7uuP/Db+/F34uAEVQDQpsdoU76+NNUyYpD
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937fb02-c7d8-482b-93ff-81a2950d210f",
        "value": "AppAFig4_Traffic-a.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABRIAAALFCAYAAAC/PR+rAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7P0JtG7bdRYGrtPc/t3XSk+yJEuWLBvZuMMNULaxLdsYx2AjY2KaUIaMGhSjklSSqpTLqUpokpFApaoyKNKNVEOTUGUMxRihiwkkhAAmODZgGxvFaiz5yZLe03t6eu/e+2532prfnPNba65u//s/51xJqfG+/8y915rNN+dq9t7/+e855+6899u+6TS9jtfxOl7H63gdr+N1vI7X8Tpex+t4Ha/jdbyO1/E6XscCdr7tW7/x9Q8SX8freB2v43W8jtfxOl7H63gdr+N1vI7X8Tpex+t4HYvY2fm2P734QeLOzk46PTUXtM+LU3klpZlzrcmzcyEffyKPVtSjK6EoLmAaDMKz0yTSagYF0e/0dJBcVQiaTMrOLg4irQ+5Ws7eD2OmpvUugAVCz1FE1Jl+vN4nfl4JpXA+PTaQtHGldV9XtXhlgafU2kDM7brJwtjZx0Luzk/s2LtmHfHDf6RHaMP12Qbza4l5EBcIjq8Qc7vr2H2OY9puTtqaGrM5nErcbl4yYOf0xENDQHWTEb19GZr1vjiAL+adY9N+4H2b0D0vOmg1sps78y/qcI34aSknXNQNLu6f0YaJPapy3GrkbBVKapLNSLEHvFXN067p8/rGds0Vr/HIMM0YeGY+EZzr0Tr2GN8vLVTyDWuveSOW6uui8jPJa9Au7nOeRZ8/AAwx2moo2tbuyHzaM6gO8FWQg9plnHQbTtMEOUaknW9A5y+s3wx5T7hrxaTk1tyEslfsBKzbNSsgNMokhzzUvIZ1gTrstUVHgO4EB4kldQDmU1mrcdaOnINB+OcvfDhnmrMJuv0oc4dri9AWdMh6lrQSY2HzYN0HA3N1TV4AmAP5YjnbzSeD2xj2y47qptbvYRuziYNej+poz5LRfePiYTliqp1qEXivFQSn0/B8sNHjWOahBuIipyFfj7o4pZ8BdR+2Fco1L2Renq79kBdK99f7lwc4GILron5CO2r3fjzngVJFPqkA6xRVkk9LkPmkWvvBJ7or5H3qNrAhBRZJUPat9degnpsT46iCtyTMQJy89470Z4HEM3P5FjmSQhnnrq5TV4BFwKRNGWVwW78/6FfnACJHfE+WL2FteEdOxbuwqU5i2e+ztAgsiPOAeK1ZC/exOZtmlC+Ls7ncwf1m5UNA3lnrWddnEIJ7b07vDXaJUX2mioRljPQvYeanehG3Bn/tmh0Qd29lxBqs6ZwaqM0F1HUCs30V9doM9JVNDw2HKbXZImtbDkccwqy2FuGpMwaIMEGjBdwWWhJX6nOOSQ1NeTZsVzS2c2PdGmV07lJLuWkK0JfDqSwrH52bU4wGBB22BoX9kW+L5YzYRyr6sn6LdXX3YAzjWwFG52zPpZgGpQ3K64A3OuQjyggHWMEJrHT73KAf8PlBDk68iL64CNQvAeYohLa50tHg2BXdruxxPUOghB8EHy7hMcjrQQQfjuQP6CEXBxvvZk67ybcLYVCtzpd2FdET9w1GZ/H5tXsH31yAIJBMQI7syrAV4Zbn0WB0f2lR5jv4xu6Ew3entzcDeVS8D4Aa/VpbY2kMed4nYM7PDnBNeBPQwfmYVVzfAaPH9RV9t6wZ7rhumzBcI2vfDBFt/tzGeUNdOoa2iIC141K/Tbno4zKseYQtpsNuMRzTAmcG/Xpf1ETRvutmtCPTaFwj3ecMKOVRlaMT4uSxnbGQWNYRa0mpbhwIWwi1tZ/ggud+OKxzoR3sOmzcU2JWVri5K2IoRK0r+keDlt9y2sj5XuUss2Fox5ZhaS4EOUfgE423DKMa+B48Sg3ElDkA9FrwtqHnPTNWUcFJpCpiU6C9N1v2K/bRcik2UTQYrvuFYR33phr6decgGRfj6d1HnRmaqs1Zg/vbxmK59QrNIWUfTygMehNfQmZpUHSlDqZfSliAEPiu9d8Ey+28KsYMiWCtEaayMeXYxm0UF7HBnGHc65zXvu+kT/RFi70RT8fb9ldAeXF2GWFW0wgbfyIR0GVdOdlLKB969Yu9LVZ+CD5AndimUzCpx+ocGJl/m3G0NWNjepMwl35w2MC6rpxEP0FlTY4kMvq/GuQPPIDIHX2Xse4CQj74QbRYEaDEZpo8jmIDShT+1auHuoch6LzI2UYvxmgnQfYPBvnChbI0LjNh3jOBQcNLXJn5ORdgdOYTKdsSunyOtTexFmHU5wPz43RSatSW6PL4Ub80VW/NzTXAsHJ8cX5Wz0ksQqD75iw8qxASVYB+3b1PGTJNzRdrN66ekFeixjIccd4chLRpauR84+IXeSfgfsn34FXwBP4AIENBW0AYczVnRJubxlb/aKBrGXNVaaUW+1KUNS8DKO5oVcEO+Jp/iYKn+EKhJ4vTo+tG0LRig5lc6to8k1oC+8YH8dnBAb/IBtSx6JtGdks0hVyqdlubYzRna3HW2HhfyXCKvOejj6qYQ/Rowjyg0UUIdWmrzSd6pRjV4eCQskd+czaJ6eag/ekOxnluV9nJbLN5nGQUiKUyxjwTiAuHPc62HtUSbUG2NO9nReTUeQx9bYlOZ2eWW9SbxmNmXK1uVEJr4uIbUS+9D48mpst0fl5EQ1DNARSqQy86AmCHjtJCrpuRWuF3qybfGHBSNosJaGP1Wt3Id8HwdLz+vNist04Pu6tkp61w3jEyXCsL5VVrHzbvYj4xwXM8SsyKOzjQ/GysUZUDJUhianRfqx1SiqM930uzTfo0BlVB1TkXqjXwc0FbxFogrq7xzGuwWEI09jk1ZJB31V5zF7NKR/xK1BJiHfgeHfkGP52JvhDmWrKD9ce5ah+FNqW2zGOnCmMyBe+5feCIqEf7E4k24gA8TJgC3dhpIWNo71Nxrfq2+QW1c5g9+/P7CvatpAo1N44eA0+GcY1isKtaLO33YgPRyK9+Luv9Qb7G3mbr9aVM4yoerW8cTsTOznv/dL6fDhOESTsP8vtUweIGWYmlNzDrYNtQR93UkrtLY98mP2k0hh07t/NrDwonhynkQdN+hF8gV2Hcq9aUo/DZ5cFAjXLZAK1F/BkqyFG5ThiDwxBtrhJbaLzhiopVVXUeVTFYP8QqF39+uLq55hEUmhzzucDa3FaujykP4uyo5iPOhZ9Xg/U7D29a2hdpa83rIi/eEGsP8WE8To9ibUJd+XrxNPEGfrbcjC+x4Om1BC0l7wiYN/PoGaBZU2n5Nl+uOU9nP3Fo7a0g8eUaawg4lAVenZMw14DysK7MraeyTiBd4N0auVY0ZsR0Itp+DR3GskuF2T7TOZCvaCdtjJimmg0H8CC4RM7IlfvKgxZkRCp6+bJrqux1hbtjenU83sf82LBaPkRD4ltK6ohyLbTRFRiy6PTZweiN4Wjds1+cG50sa1bTQDhP5dLka3NtqgczHGe3rouoOZfegDWeXqSgMxgiU8uKEEh3/3Cycu8o7+eq8kUPy2AKNiLGNFO6CNbKOe7mv61lBXfkUF72J4VtzJmTRgN0jWOmH8/h0vvw/J5ffNpsmXZL9HOrR20DeV+LwbQlI34F2OLxPIoVlHjAOKBzhtHAFSXXFGKDFzhbHlS44a52YcjzpkfkXsasKptVG9MMyu0J4vbsp6mvgj4atpSkAVc7UmJvLtd5Ur4NcQHm633BQB6k0uSeHX3NT0MB//gO1KN9Y2WHtXH30DgX4rwwR8vcV7UJYBjXp2s6Np0B8R++xtDafYzaLgfFdF+4S44UvxK1BPLhzA8SS46SjszGuh23x+DUBgYX5orXK2D9NrDFeG7zvdjBoek1J21aLQWOwiOnopd7JjuCrK948evQsV/ba5usi3d1LvHliuynOmsqQp1EzY8jJ7JGq215AJv3cTwR991sD268Z4k53yMXsKme0RgA370SWs3exQElVc9sSbZpzNsDCdYKcc4iKrrIPxIAZ0x31M1AnyJ2axLBOkHw94c4hLx2prNNBR31KwBXxCknDq3gZsH2JtCnrgGjyDY1mW3KKn
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff05-b534-4159-a9d0-434a950d210f",
        "value": "AppBFig1_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABRIAAALECAYAAAB0YcwOAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7P15tyw5ktgH4m5vzbUqs7Kyspq9sNmkeI44c0SxRzqaD6dPRp0zf4nSEUcjiuIiks1e2F1r7plvudvAABhgMJhhc3hE3Pfe7z5EuAO2A+7h4S/i3jPzyX9zbyqc2YYCsL0VZ6th6GyJpweAlmZ1RiZwfuBBM8wD2RIAtSWtnLKPe5+iZYSnxORHM665o7YKuTPbEwUkr6ChRAO679gI1pbXUurn8yCNHW9OWsvhnoXvlh7t4/phjNqN4sIYh7nbmZa3RnEyqC1JD8eVgnX7avnJwVpL81jChAJe176iMp17RR6pRVdo3qN0GAm7Z3bXu9es1WMYAk3VAn9IvGn5vHWsW9v8+Ic1AccW4jahD7bXuT0OGL9Lxm/Oc+hiHNAfdaWdI7JweGyaEnDouiXQM41Oj4aM2E3+vjHZUizwEuiOJqEGIQrZAYSRSyYKjakYuRJPvIcpx4dDLCDvbOSAw0SUXrr0n1upIY5khK7cfJzuoUzNepMpJQ9GSdfxdAxSGSzqpWINQSd1ha3Y4R1r95iSf3kcyEZ0se2EBUdLhe6U8iWcQFMqIvkAei2ch2cVMASGV9TLBbVn4R8a/fPcx7La4oxLrUU9KTiA/Y9uESyMlAbltQZI/bRJjGRMbdRyc/QYfceBkWYM+2pj6+l9Ma1d2LghFmJF3BPkcT035QkjsqcHFooUq4tRndIPzHXeU1JbD615cvZrxpcCzsImANvdvoeESzaqnxxvWj7v2A5dE2/q+njQeWHwNAHaR/sPzbH99yFF2dpH8LVQf01kmrUXziOh3eA4PqcaVw2IGdsBiK5qPnEsjfMb3fr6PQ3KDNYwZY8oqXFNGS4Rba8A3sgpb+ak3hVrA2zQJjHip3kjcRUuqDgL6XaS9PNWQWcTm0RPWTTdCDcC+6P1Rh2pbYemQEtCW0aHa6dDw2zIH44QDL7bd82PvGMvoMDHLXI23ULzQuFZIMrMALrYJuDHIrbDQxOR2kr2sJmAD/S5D/UxF+76Imy35pzOhdY0BNeqPj5LOpGggLJtGsm94x0Piv6V30M89sNx5XbD9luDdIp4EKcNOlELJwxyx/YG0busfeokeXfxBM+kxSfSkW0zf6l7EejLG555f5u0GdpAVVhTegNopoWz3JF/zwKkbCwrrkHnltgpwgh+pt1NKe0H5jGVDx7vKrJV7Rg8s/ag1YhztBd4Q3HwxmIO6paS2FuO5NXSZGrErzaDEc3BCuK3nyyjJ9M3G14LMgvapADamDMnDXI/s2gBcWgMybcWRWa1FSoxK3mpRdgyvSuNE1VOWbt3nD7wYqTPXG1lJlpSPSsis/FuKe0GHNLKa76IdApw6sFGYc/uU5UBVwVgB/XpNpDva16SlI9J+dKY67QPTshLyqA2lREtvuMdDwi+rtma5ku8dogE6DnBnUO4C8bIOelBwfPWahn7iQCtW1Y4yQjvmwXtrLQ5wTLX++ZAqzWCGJXtrNu5Z+9LA/umSKCOaKRyAENh7ZLDwQqzA52xBzE3G2zxqOdUJtdfJirojZyR31nB/XE3Q0wqh6jco46SMFdDMejnuWUvag3iRbSXL6MjPWywlPW0biJSMsl+NRmXQj3vrqp0vOB32ZkkfiJxLydgl56sYeeNvcg5CFBM27JXQLLtCg4PQW4KZ0RpI+Qx+LedpY1Rqzw13J2JcBjrCEqPLQtkb2Beew6eXrl37AKsCHlVHHCtvGMzfLbgNOtOtaHF0y7Zj+MDoAqqoR3XQh+w5xGNtr0/eJQawPdLfA3qMh5JpqVTA+1pLafsebt49x+6h4KsP3eg7V93d/gdkIO5I6V0NB2jAlekSP2a7CjUL26vsr0japgr4tf1Z6zPvS6WWnu+vvazKIqtU/SWMrP+CroN1AXjNSC00DeFqtxjddJzSw3GSYKw6psrH+UJ5V7eg+gjnK5IElsOV/ceXTcwGInKKjs1sj+20lfoPrLAqWEcqDh7cy9whwuRoOKxuGHDHVxhO8qhchS2VHxlUJ1ZJF8xuPAs0BuiA4T7Yh0yW8Mayu7R2TrHz+W0QrGy6RfVpojK2DIH4dmCjtnJtKBX7h27U/5Pl7xI5N5OUPnddC8DSknnxJU21FebKyx/Ns7mBmUKiJxmXwLsjcgjPI5RG1IeNNVkj1qWoq1ZGmWlrT2R6vCONwacWrYc3Wu//Zeub4OgtGwZ+TWHbc5O2FbIdN5EevLj9RF1eCcq7VnAI07OjOuiJIeNn3qDUHCfbhdUQwyDbH1ku1X97eR/tKIocMFwOMvi54basZ4eWg4AGQubMNqbHb3E7z3ngo78Nk0w0BuIRma/TXn/hQYgGRMCrIk14hGH2fsov8f9EhlmRLRJSO/TOoO0ZBJMHI9tV8vGoqiPduAMJCs99mi4m/1bzs4af7U5UStsaSLrqakCKBzkyoX80JHyYUlLLCkDnYleg+V84pzQFz+AzlWhtSR+Ss2gFPMsqElsui54sH3+n8eegKIf8spwT04eQSvYQNJO1u1A3XLkHccDZyPNbAfsBVBnyGrOu+Ui4soBx6Lb88Q5bLy4w7RREW/LbUZGZoypRsTYwvMsYIfbre1L8HhRnvcD3DaQ+tIWnCn564dsEeByFE1HomYHKCN+x2LcwQQbb0mNMU1MmxG/vYYbVEhajmCHy9h9FK1B1d44MDmpZoBWoFjMUMgCrniIKh7Ch8KU68PGq3lbM1NJi68I+tfRVyPfSKTkzodDWRY7N6QdN6cMxivVGQkyA6nxy/vWqSWK18LIsEZq8aCd6JcarinqlO/p70mPFLjiRxJ14ICsl6nxAltUswgRaMpa8g97xEKGZx2QiBnYHXquiMd2ENKsEZU+BAXdRt06xjQcg8DuNxJBCyYK5ur83DZ4ts31eRE35p7xIRyN8GbPbcFz3E62vWK04tTuSDssLnC/6cC4NKysE2nJnRa1aLOSD6eFCmhlvC66RmsxaJpED9aa3Y3RBZWwVP1+HAzPhHhiifKaz0PR4x8TekesV3oX6J9wAUgsm+PRedji982Yc/fqUikD3kjE45DfWOyZulalwESPDEWS7wjl5KB5zMTP61CzEWWpUKvwUcAqgV6UzxVhHcVzNwGvXnAsuS7lJRuZSwLaSZfuVErq6yePo9NWDDRuyMABw4fRBVI7VyJcB+hQe2hgSi5dtxN6XJndg9t1HUkowXZVnG7iPv5KnF4DDxBSOpkgwOtc5RD16oll5zh4CNQdDcv17xwLgXvaZ7YELdtV+OIdk2Wgrwn4eqKTZKfcTcZYZxejJ4SSX+jWrhHdMFF1Yq3pVbGGlDAcTeOoDDI1QyBR2qHaMswmdZMpSRa8oGhbKK4oRwkCTTlG141E2NVSRVG7k1sKHbEfrr9qKKMVpbo9Sr/kDJtvJHJlkLo4N+bR5bl5fOW37abdP3Pt8gL6zvxNRZC3Cq45bW/t/u7O3Nl2C+32xtzc3prbmxtzdwt9dnrsBamXBC3bwNgZWLswt/fn5s62W2v9zrbbuzPz+taY65v7ys1FsNNZBhVuw2eETyUoqwo8TIp0eF00ttdh10qGNOKsBWf43sjtkyml75noeSqTPyo9AZCECkiCbwWhBj03Eg82ua05mImD2+Q2Djvv2o2+FjFqZS74jcQ8L6pDb73k/YgWGUhrYwiPTovioSHlgX1SFWt1AGq14LIikgHqvMuIJkQNaJHmuqVL1CN2nBCV0mT8XtafbSOSXlTO8Dcd3QYRkWVziD/qGqC5OLsowPo5OCyIP1RoCtmnnmyOWKZYCtgoauc3iRTDCkhDoeb0JsZbzXQZ9qgf2tTmFNh53ngI1J24nsJzlZ1jFuBpIDwSGM/76J4dDbupHLbD7nR9UjEpidBjcORGItITgkYMbYuRGAFY22TotKCpSNMSiqZd5rtRYmO3twPxhaLmAANpz9H0jURqWhWUBrxSPmL3FBuqaSQINOUYMx/qAY16NQ
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff22-d304-4ff5-bc3e-40b1950d210f",
        "value": "AppBFig2_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAAA9UAAAK6CAYAAAA3n38kAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7H0FgFzV9f437jvrbtlNsslm467ECO4QihYpLqWllLa0pQYttKWU4m4luBMS4u6y7u46u+M+/3PuzCabZBOS/gql/74vOTsz7913Xc53z733yd5aVxKyuQKQIEGCBAkSJEiQIEGCBAkSJJwctEYNbHBB9twXhaHINQkSJEiQIEGCBAkSJEiQIEHCSUIda4Ls+ZVFEqmWIEGCBAkSJEiQIEGCBAkSThGqWCNkL60qlki1BAkSJEiQIEGCBAkSJEiQcIqQRROpfnl1iUSqJUiQIEGCBAkSJEiQIEGChFNEyGyA7JWvyv5tpFop80Ent0IX6oQyMIBgMAg34uBSJMMHE4JQRFxKkCBBggQJEiRIkCBBwv8OfF4P7DYbPG43goFv/6BomVwOtVoNk9kMlVoDmUwGv98Hl8MBJ0nA74+4/HahojgZTCZotTrIFcQXA354LL3obqiDm/LrPwG1Xo+Y1HSYklMogprI1eHhjyJS/dqa8lMm1f5gCO0OL7rdgF2th0Ijx2hDPSZrSxHraUFnVzt6O7ogD5DXmjhEpU2DQz8DLllixAcJEiRIkCBBggQJEiRI+N9BbWU5ovVKRBn1UCm/fWNjIBiE3eFCR58dI0aNgVqjQXtzE0I+J2KJGGo1qojLbxcOlxtdFgdiE1NgjolFX20levdtQ4JeDrNOGXH17cLhDaDHGYAqfRTSZs6PXB0eXpP+1Eh1gEhyr8uPIivQZkpFlB5IMnRgtrYck9V74GitxP6yAFo9Kai3pGNWwWhoVSHEBw/AZ54Bj64g4pMECRIkSJAgQYIECRIk/O9g58b1OG/ZXCSnpiAYkkWufnuQIQSf24EXXv8I0+cvhE6vR3nRQeSmxWHa1AkIhOQRl98uVLIAPvh0LQxxyUhOS0fNxjVw7NuAe+67GXqvI+Lq24VbqcVHn6xDeY8PM2+8I3J1eHiIFMveWFdx0qS6xe7Hll4Z+uKykZagw9nqFZiv2QZ/TwUOlARQ0Z0Ba9o8+MaeA5lPifqd5Rib5EBs/1bEp0+HPkEi1RIkSJAgQYIECRIkSPjfw7Z1a3D5hafDGB0Lp+fbX/6tVsphUIXw+DNvYtbCxYJUlx7cj7EjUjB58gRY7N6Iy28XyTE6rHjvC+hjEpGSkYGqdavg2r8Rv/zNPXDVVUI2OP8whLUOfuV7ocgP4ezo30eApxXoJt2QDU5qyOj3Ic9IIt/VKRl4/9MN2N9iw9xb7wlfPA6cRiLV/9xQNejNCdFq92CzXYtSQwaWJvfidvPfkO3Yi20H27BukwJ22SQM5J2D+tSFiEpIQUIcxcnhR8eWbciPs2JcVgpijDER3yLgFIf88Ng70brjMazdUISKZrqeOglZS2/ADUvzYfq3rowIwE+VJaRSQaFWQn5sTh+JUACB/mZU7/oCz7zxERSilK7D9x48CwWjfeh4aSd6XSYk37AYGYbIM4NwVGHfS4VwJ+Ug9/ypSNZFrh+DbjSt2IOORhkS7zwL2cbI5UPoQO1zO9AXjEXK909Dup6vcZGF4HcPwN29H289Xw1D3lQsvmQ6UoYJJ+TvRf22J7BxzRYU145DRsFluPi+uchWn3rmWqueQOMAVcjMOzAhSc6ekzRg142fQXnzxciZkokYDd231qCoqR5fDIzAT3L6sPoXB5D18+XIzYmB4ZRWcdgwUFKOkr8UIubvN2GUCVB945NonL82NKz8ET78pBL1SZfgtAuX49wpadCGHQyDIAIeH4I+QG7QQPF1devfBo5rEL4BD6CncJWKo+q1h+5VYPd1d2OlRgGnQi76i4Jl38fC868BFce/gFaUP7wZzhGjkXbhieq2BAkSJEiQIEGChEFsXfsVlp+/FMaYWDg83/7+ZSbVRhXwdybVi5ZAbzCgZP8+jGFSPWk8+hykT54AXW1tKN67G12tTNhODIVShbTsEZg2fwE02hMriykxerzNpDo2CamZmahc+yUce9fjgV/dBVdtRcRVBEP1XFKDHb4AvqrtQuWAT2xRZqTolZiWbEKMVoVtzRbU2khBjyDHpMKCzBikR504TurUDHz4+SYcaHdh/m0/ilwdHjaDDrIVG2vCoZ8AfODYrlYbdtr8mD7ehwcS30R0z1Z8tsOCr7aEEDX6e0gauxgWpxf7O0Mojj4DcbF6jB0ZRE+tC6o9r2HBhGyMzBsT8ZERQijohqvhI2x6YS0MZ9yBsTOmIoFJo98Cl6MPXZ5cZP1bt2E34uBP1sI3cyoyz5uEpOMzpDBcjajcUI592/RY+tACJIqSK0erIwtmkxXtr2xDjzMKqbcvQ5Ygu/8KOlH/+k6018uR/JPzkHM0OUcbqp7Yit5gHNJuXoJMEU6QxI7GlffhM/1MxH/owojJU5DxvdlIPaZ++NFf+Cw+7BtJFXsOFkc3o6j0AD7vmIafXzoGvHPilPhffxHWVvehLjgSN85MhzzgRrBnA1b+8WUMLLgbcxdMx4h4NVyte9HYWIPWpPOxJPeYmYJTgI3iX4yDDx1A3At3YMy3QqoH0YSiB9bDnV+AjEumIeWE9aUbzR/sQeMeJ5J/eSlG/l+SfErgDrke2y//Atp7LkHOtAxEH7Edhkl1NbZd9jmiH78JI0fHwfh/3prSjOIH18OZOxaZl80YdiJHggQJEiRIkCBBwpHYsnY1Lj1/CQzRTKr/M5ZqkyqEfzz7T8xetFSQ6uL9e5GXnYyJglSf2FJdUXgQHTWl+PUvT2y5ZfT0WnDHXQ/g+3f/CEZzdOTq8EiN0eGd91fCQKQ6LTMLFWtXwr57LX7+i9vhqimLuGL2KKN/Q6grfe1z+/DE3mbcfvfNGDt2FLRaDb5YuQ57N22FIuhH/MjRuPWWa4Tz+oZmvPbim5hh8GNCEpEKwpE8iH+F/dekZuHDL7eisNODBbf/WFw7Hvr1Wiguu/6Hv+GT304kfr8HDmsrRiv24KbUrxBj2YvPd1jx+0+zcTDxQlTIR2Bftw9F/V60eoywumNh86hg1AbROxCEu2YHclOikZScfNhf+BB0NmDv0y/DdOXvMG5SPuJ0kXsKHVTaWEQbOVF2dG+ug93XiZrqLnR3lMFL16BOgk7F/gQgc7Rgb4sHOp0fnop2OPoHYOtvRvO+nahrb0MgKg1mrRN929ehcOsBtIas6DfpIDOYEa8NwU9pa9i8EeV1lWgk8amjoTOYoA5a0NZbhzKbBRljxiJep4RMnYgooxoalR19e5vg8gShSKcC3bcNVU318EVlwETuFHIXrKUtsFv94t1lapkXvv4WNGzZJMJpqpNBTdd1Bi+sRa0UXxlMc8cgVkUNzNONpq2bUVFdBqssAHtxH0JKI6Km5SBazXkkJ9EievR5mDkiAbI97fBFx8E8PgNRnCeDeSykF02ffApjdB5G5o1DrFEGeYsLWNEE3XnjEK2g30e4/xpRBiHr6Ie+1wlTThq0ARt6dn2BwKLl8FdrEBdH8UwMwlrSBkt5CGnz8mGGFd0ba+GNjaZypdIra4W9qxud/Y0o3b8bbW0t8EelI0rHVlYKIzCA3opC1Bzch5b+bngcITh3dUN/wUwkaGVQBPrRVbQX1cUHUEN52TdggzomHTqFB672lehHBtQqNZRyN+w17bC2OxCKi4JGHkDI24vGriAMesDdvgs1pQdQWVGJfruLyiMV+iPyz4qudfUIJCYiOj8eyt5uWIqb4VT148COrVSGlXCpY6DTy+CtK0LN5m2obGlFf4wMNn0C0qieyP19aN+3C9Vlhaits8Lp1VH+qEGVFN1bauFQdaGs0AEF1XVvYxecnV3oGmhCCedLa7OoT+ZD+WJFbyXnC6W9rhO9vSpEJXhgWf8l9m4rRY/JTY3aBI3BCLOG6qpIgx9BjwXN71ZDd9ZUxMXroaEyl1G98lnrYWkvR588hdoH1SlnCw60uKHUBOCv7YS92wK7ox3Ne7ajurWJyojioqW4yClfNjTAHxeP6I
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff47-eacc-4b7e-9105-4161950d210f",
        "value": "AppBFig3_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABRUAAALKCAYAAACst7YHAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7J0FYJxF/vc/u5u1bDbu0nia1N1doKUKLUWKu3PcHXaHu+vh7m2hSo26u1vaSBt3l836vvNstqVAgcL/jpN3PvBrsjPzjM/s83wz84xq5NjxHiQSiUQikUgkEolEIpFIJBKJ5CxRvb1438+Kih63C7utBZ3BjMNmQaPV43E5vX4qtQaX045W54/d2uwNo1KrvX4SiUQikUgkEolEIpFIJBLJL+F2ubBZ27Db7eJ3t8/1j0OlAo2fH0Z/k/enSji43W4cdpvIlxWX0+UL+cei8dNgMBjR6nTtWpvIk8fWRkN5KTaLBTx//PpAP5EX/5BQTGHheDRar9uZRUWNijZ7KzUFuSSnxpJ/rJjohEjqaxvRGfXezLe12TEFB1BfXos5LhxzcCx6S70orAmPn78vIolEIpFIJBKJRCKRSCQSieSn1JSXoXHbMGg1+Gn++IVqHo8Hu9NFi81NaFQsOoOBpvo67C0N+Os0aP00vpB/LHanE4vdjcEcgjk4BGtNFfV7NqNtrcOAstjvjxcVnWiwaU34xaUS1rO/1031zuL9P8yJCtwGDS4/O+aGCrr268/2jRtI6dKN4oICdOZA7C4XDfUNBEbHkn/4IMEdO+MnCmQ8thI/UwYqc7IvMolEIpFIJBKJRCKRSCQSieSnHN6zk4G9MumYkYpK7edz/WPxOKx8OnsxcWlZBAaHUHw8l1B/DSOG9kOl0flC/bF4nHZWrttKq1NDXFIKFYf3UTD3E+5/7M+EalyKdPeHY/GoWb1+J2t25jD4jvu9bqp3lvxQVFRp1HiMGsyhRnrHhOJ0e7C73NjcwsRPq7I0VfnpdNGmmN1JZUMjYUY97t2z8Qvuhiakoy82iUQikUgkEolEIpFIJBKJ5Kcc2rWdMUN60yExkaY2h8/1j0OjVhETYuT1d78kLi2TwJBQivJyiQ42MGrEIGqabL6QZ8eJnGMU5ObQ2tLsc/khiWnppGV2wmgy+VzOTGSQgWUr1lNvdROfnEr5gT0Uzv2IV95+mrb8bGXfuC+k4DRVz6PyrhU8tTvaKz6Kf7wfxT8/FSNV7X4qj/jtpK9w8V1/upM2Ipp1O44wb+VOht39sNdZ9e7SAyeDevHo1Kj9/QgO0JEYqMchcuJURMVT1i4qKqaIiq02B5V1dXSNiaB11xzUQd3QhGb6YvsVHHU0NdZQ3BRJVlITB3ZAx64xonLb92a3Y6Eldxt7X3ydVT4XhT4X3kP/AQOJNDVTv2ctu9/9iI0+P4XBVz1Jn+6dCHXmsXPttyxeukG4hmEwXcaVTw1Fe/hPLPq2hKLy9vAnMYZE0/uq5xiRFoBWI2qvbh9L589j+86DXn9zbDp9L32I4cK/nUqOv/c2m3bvI9/nEhybxqgbn6NbVDMly+9m8foqKmLPZ9jYAWRV72HfuoMUTLydW3pG+65QqKbwiz206COInNiLCINw8thwNxxi3ZMvs6ullVYlWMfx9B8ziTGinn6ol5dx7PkXWJ9/glKfS2hqV7qNGUfU0ef5RlSOa8DtXDwuCe2yHOyB0USe14NwvS+wt8eUcuTxp1hXWi5K1U58t+EMv+hPZAS34S7fwIuvfEpLi0X4jGPojPEMGNWBkzXxA9ryOFHtL9rSD43dSmODkbSsCJ/nb6Gaoq8+ZUuNAe25FzMtI8znrlDK0We3gZiAYvolEXR6t/mPwY6zuYgD928i8K/TiE8wY/j3rJ6WSCQSiUQikUgkEonkP4pDO7czekgvEhI70PxvEBXVKhWxof78QxEV07N8omIO0UEGRnpFRasv5Nkx77NPOGdkf7I6pvpcvscj/nvh5fcZOWEKUXFxPtczExFo4LuVG6i3eU6Jiie+/oCX33yCtrxscJ0mKp6uFHrALWxLcS27SxtosbefixIr4usbF0JCkJGtxXXsEX4nxcD0sAD6J4SSKPx+DiWsLiKa9buOMn/NHoafFBU//O7QyXi82PUqNP5aYgOMxIb44xC5UYRFZT+31ScmelcrOhVR0U2LzU5pZRXTu2eQs/I97KZOaMOyfLH9DC47bZZWmsr3UVt1nCrzaDqbstlbkkinTglEhJrQ+al99dJMw4FDHHpuD0GvXE+aGfxqN/Ppm7WE9e7GiKmRODbtI+erE4Q8PpN04a+g9vND3ZbH3lkF1DvD6Xp1F0LcbbhbT1Bs7UpChBuNSjSpRxGtdlBZqiHqlnEkmlSoNOJa4ecqWsxHn1QQ0q0fQ8Z0IkznwFqzl4L1r3E05jXGD4zApC8n+8m1tCakEjO1D1FUULx3F++9q+Wmj84jVnOCQ/etxTmkP4nnxOJcs5vD33xH83kNRPZ8m/7JWvw0ih5cRs4rm2j0jyH2siHEaGppzNnC2pcq6fjIDBKjjOjVojaO52AVZfNPyyS4vag+Cth31wqcowYQPzJT5FU0rlrEq3bibDjGtiu+I/DZa0nLsFH26kaaQxKIvWQwsadef6m8ELWAXTcuQzV9NB0GpRCsVeJQo/a00npiPwserGfgP0YRG6RHay2kri0QtSGKiKD2GLxSuKuNhsYWWvPnU+jpRGCgPxp7G42uDmRlRmP213nb9fQ+/8uUk/v6RvKOr8IxJoGEbvfRPUGL2tulC9h75yoYP5QOSplPCaRnopKCT7ZTXWck+oaxJPzyHwX+iVixN+Sz/bKlBL94HSmpIZj+PSu6JRKJRCKRSCQSiUQi+Y9i//ZtjBrck/jERBrb7D7XPw6NSk1cqJE33vuKDhmdCAoNpSDnGBGKqDh8IFW/ICoqB8s4bDaczu/F0EVffs55YweRlZXmc2lHrVYTaA7g7w+9wOipFxKdkODzOTNRgUZWrNpAo81Dh9Q0yvbtJm/2+7z0+iNYcg7jOSkqnhRXTlP2XG4Pz2w5zjW3XEunThnodFpWr9nMmiXLCdVCgz6Qxx6523tITWNjM598PIvo5gqGdQj9qVZzmoMuIoYNe3NYuG4/o+571OumVokKPN3c4gola8ppN81tbbRYLDS3ttJkUX5vo9Vr1vbfhX9rmwW7zSoypkEncvTj+M5olkL2rPqED/7xLl9/voItnz7E28+8yfbFz/HFmj0cr2vDfVp4tUojfmrx0xnQ6YVFJJAVJipZY8flVML4/BU/n/kpwqDLTk1UMxUxNlRuLTpjCIbwXqTHazHo9Wi98YmfGh1+amHis1an974cVO2p5tiK5fQY35Nh5/YixqyENRMY3Zv0Ifdi/GANlc0OHIj0EWmJOLRK2gEhhERF0zewEadV5EutF51U5E2thNGIsvhhDu9OavdbsWz/hpJmUQbPafXmjc9Ga+lB8tYtIfHZG8nsEILZ2F6usKxuxKV3IuS0+vn+Wj80fifLJcqiVcrS7qYRfn5+4nfRkZU0RMa8guEZ4xDXfR+HTlzrwalu5Vj3RhweNVoRny6oI9HRMUQGn36tE1XdHma/9QgffLCKNV++w8I3nuWbd19l9YrPmLerFLsIpz4Z/qxNQ3jSOGKiR9B8YBXlFtFLvW0u7GRZFPM4sdeXU35gF8d8VtfiEPXroK24iJqK45TW5HEi/xgFTQ5xjah3Vwt1xw5w3Bu+gMrKNlyKoNzaQtPRMizWJmoO7yVP+JdW1WF1iuREWh5HPc0V36dzrLoFqxg47fmwY60uplS45x3LprZVeIh6O5VPadKkSZMmTZo0adKkSZMmTZp4TFYpD9I+TUxRsP5YU9L1bvw9Xc/y6iYndbqfXnPSykuK2bDsW7av+N6iwoPYvfcwn3+5kFdf/4gnnn6Ll//xOc+98I5XZ1MiPbuytv84PU/KlW6nC5fdjsvhaDe7z5y+z8LcLgdjEoP56p0PWfndWhoamhg7Zigzr7uC0KyuPPn4vWg0avKPF/LaS2+iKS8gxazDc/J6Ja6TpnxW3H1peJQynF5Xn6462l4egVtk2KoDtVFDpEFHaIAOh7hAeaei972Kp6x9C7TF4aLV2o
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff55-6e90-4b98-bd38-81a2950d210f",
        "value": "AppBFig4_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware",
        "data": "iVBORw0KGgoAAAANSUhEUgAABRMAAAKTCAYAAACKKJ9/AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAAP+lSURBVHhe7J0FnBzHmfafYcadWWbe1YqZbUu2ZKbY4cROHHDocomTL7kLX/jCiZNL4pCd2I5RFlmymGml1TIz4zDTV9UzK62klSzbkiwn71+/0sx2V1dXV1e93fXMW1Wi/9t8OgaCIAiCIAiCIAiCIAiCuEaMDQ5AEg1AKZNAKhEntl47YrEYguEI3IEozCnpkCuVcNomEHTboZZLIJNKEjGvLcFwGN5gFEqdCTqjCf6xEdhOHYLMMwElwizGtZfxwpAgINNAmlGApLmLIfr95moSEwmCIAiCIAiCIAiCIIhrRv2pE1g6rxQlxQUQiaWJrdeWWMiPJ/+5GRmFZdAbTejtaIVZLcENKxdBJJEnYl1bYuEgduw9Ak9YgozcfAzVn0bXi3/DV7/zBZglEYgS8a4l3pgYu/adwO4TLVj+ua9C9PstJCYSBEEQBEEQBEEQBEEQ1466ymNYu2I+snNy4PSFEluvHRKxCGkmFX79h6eRUVgKvcmMnrZWpBqVuOmGZRhzBhIxL4/OlmZ0tbbA43YltpxLTmERCkvLodJoElumJ9mgxKuv7YPNH0VmXgEGa06h+8W/4Bf/9wP42huBaCQRkzFF0YuJIAiNscQ2QXRk/wl/sv8uFCFF8X2iGPs2uZdtSRw/dZPMmoq9xxvw0o4TWPWlb0L0h601k9EIgiAIgiAIgiAIgiAI4qpTd+IY1qyYh6ycbLjeBjFRLBIh3azGb7iYWFSWEBNbkGpQ4kZBTPQnYl4eLz31N9xy42KUlRQktpwlxv795OdP4Mbb70ZKRkZi6/RY9Ups37EftkDsjJjY+fyf8PPffhe+tkYgMkVMnKoQxoAoC4d7x3Gy3w53kA+JBtJZegszTMgyqHCkdwKn2L5JIbAoSYvFWWbksH0Xg8eVW1Oxr7IJL+8+hdVcTPzz9joSEwmCIAiCIAiCIAiCIIhrRvWxo7hp+Vxk5uTA4Qsmtl47JCIxMswqPP7HZ5BdXA6D2YyulmZYuZi4eilGLiEmRiNRhAIBhMNnRdCNT/8dt928DGVlhYktccRiMfQ6Lf77Gz/BmnseQGpWVmLP9KToVXht5344AjFkFxRi4PRJtP3zCfzs19+Ct6UesUkxcYrn4CSRaAw/PNyBj3zqoygvL4ZcLsOu3Yewe8s2mGWAXaHHd771JYjYsQ6HC3/767NIdQ1hVbb5HF1SYMoGuTUN+6ta8Mreatz0lW9D9JfXGkhMJAiCIAiCIAiCIAiCIK4Z1ceP4MZlc5GRnf22DHPmnokZZjV+9wQXE2fExcTWZlh1cqxevRSjlxjm3N/dhYbKY5DEps/3+PgEXG4/NDodIkEfvvPN/8TXv/kz3HTvA0jLyk7Emp4UvRKv7doPZ0AUFxOrT6L1md/jJz//BjxNNYhFo4mYCbjol1D2ouzLqSEXDvU5sOq2dVi+cgnMZiPq6ptx7HgVPvrwe4R4rW2dePpvz8IccGJxmh4ZWoWQBBcZp4qEQtJsgzwlDQer27HxQB3WfOU7ED25s4nERIIgCIIgCIIgCIIgCOKaUXX0MJYvnAlLWhpsrkvPTxjweeC2T8Dv9SS2XByJVAqNga+EnJTYMj0SiQh5KXr8+ckXkVdWAaM5CZ0tTTCqJFiydCEGxi9+rvaGGjj62vDlxz6Z2HIuW1/dg72Hq5CZm4cOFvdrX/00/uf7v8GSdXfDmnbpYc4ZFi327z8CX1SCnIIi9J+uRONTj+N73/4sJo7uQzQcH77MhT/OpKg3qSmK2H+tdh9OuoDMRcuwet0a5OZkCnGCwSAqT9Zi69+fQWHMiQqTHCaF9JxEzhcJeXrq3EKc6J7AtpOduPm/vgvR33c3nx+PIAiCIAiCIAiCIAiCIK4ap44cxrxZxdAYzBixXVok7Gtrgtg3gVkzzh1CPB0TNidO1XdgzqpbElumRyoVozzHin++sAWFFbMEMbGjuQlqWQyzZs9E56AtEfNC+tubEZ7oxUcfehA7dx9KbI0za2Yp2tq7cfToKcycWQKlQoEli+fgRz/5A0qXroHRmpKIOT0F6WZUVlYhLFYgt7AIfVWVqPvzz/Hfn3oX+ra+iGjoYkPCE+oiYhiWaNEot0I/eyEW37gKJcX5wh6/P4B9B46h+rUdyHP2ICdkh/oC78qz6UxiLJ+Deo8UezscuOW/vwfR03tbSUwkCIIgCIIgCIIgCIIgrhknDx8UxEStMQkjNm9i6/S0VVfCqo7i/e+9O7Hl4nAh7/d/fh6r731/Ysv0cDGxLNuCf76wGUUVc2BMSkJ7UyPU0ihmz5mFziF7IuaF9Lc1ITDajQfedRu+/6PfoWLJKkhlMnTUncbNqxcgGAxh3/5jyMpKFeLzocLj7jCK5i6GxmAUtl2MgjQTTlSeQkSsRG5RMfqqTqDmiZ/ha595EIO7tiAauviQcL4uc4dYi1qxGWWrb8D8xfNhtZrR1d2P5uYOrLtlpRCvvqEV+7Zsh3G4AyVRO8yxS89ZqS+ZgVpWHHvb7Vj/9e9D9Oz+dhITCYIgCIIgCIIgCIIgiGvGycMHMH92KfRJKRhz+hJbp6fp5FFoY27ce/fNiS0XhwtnTz+/DTe/9yOJLdMjlYhRnGHE0/98BcWCmGhBe1MD1DJg7vw56BlxJWJeSE9zPVx9Lbj3nlvwvz/9I3QmM0QiMbwuJ26/dRVCwTAq6zsxY9GKxBGAXKmCXKWCWCxJbJme3BQ9jh09IXgm5hWVoPfUcdQ88XN8/T8/gJH9r50Z5szHHws+hFNUvQjb8o9QCtbedxeKSwqgVCpwuroRJ/YegMLrBLIK8KEP3CvEHRu3YceWXbB2VWOOxM22nCcPxiYHTgPawlJUjwaxp2UMt37jhxA9f6iTxESCIAiCIAiCIAiCIAjimnHiwAEsmlcOU0o6bO5Lz5k43NuFjvpq2IYHElsujkKtQUZBCUrnLU5smR6JWIT8VB2e+sdLKJ45FyZLEtoaGqCRAwsWL8DA+MW9JTsb6zDSVoMH71+HQPBcT0GZVIqTVfXoGHRhyS13JLZePpkWDQ4fPIqwSI68khL0njyO00/8DN/66scwdmQPYuHEas4CUyU9EaKxGE74lWiJquFHXLQ0i4Iol/iQKo3gdECBtphG2M5JF/kxW+ZDpiwhUE6FJ52YmFGTV4hT/S7srh/E7d/6EUQvHekmMZEgCIIgCIIgCIIgCIK4Zhw/uB+L51XAkp4Ju+fSw2yvBhKxGDlWNf761AsonTkHJosFrVxMVIiwZMkiDNov7i3pGB9DR2MtBrs7E1vOxZBkRV7pDKTnxucqfCOkm1Q4cOCwICbmF5eg++RxVP3xZ/je/3we43wBlkj4zKyGXPA7I+qd2XiWyU2XFP6m7Dzri8i/i9j3+F9avgBL1xh2VHXjru/8GKJXjvVdMk2CIAiCIAiCIAiCIAiCuJIcP3QAcyoKkZWTi5AwpPbaws+olkTw3ItbUTprLkxJFrQ2NUApjmDx4vnwR8XxiNcYpTiKQ4eOIyZTIb+oBD1VJ3DyT7/EV776KCRj/UA0KsQThL+pip5QhHzDZFmev/Mif0/dfObYc4nqjDhc04bD9f244xs/gGjjif5zDiMIgiAIgiAIgiAIgiCIq0l3eztiIS/USjlkMlli67UjFovB5/PBHYgiK68Aao0Go0NDcE6MQKOUQqFQJmJeW/x+P7z+MAzWFFiSU2Dr6ULj1pehj7hh1CohSgw9vpb4AiE4QiIockpRcfs9EG0+OUBiIkEQBEEQBEEQBEEQBHHNCIVCcDkc8Pt9iEXfHmlKIpHAaDZDrlBALBYjEo7A63HD7XIhmvAAvNbwfGj1ekHc5PmLsHLyjI9iuLWFfQ8KIui1RiKVQmuxwpKTB7lWB9HWU4MkJhIEQRAEQRAEQRAEQRAE8bqItp0eJjGRIAiCIAiCIAiCIAiCIIjXRbS9eoTERIIgCIIgCIIgCIIgCIIgXpe3Z2kagiAIgi
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff62-0500-4258-b798-4a18950d210f",
        "value": "AppBFig5_Screenshot.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware - Traffic",
        "data": "iVBORw0KGgoAAAANSUhEUgAABKEAAAFMCAIAAAHrQAgdAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7J2HXxNJ+8D9G2K58+r7u/fujSKGUBXBiliD2BUV+yl69l5Rsbc7y9nrqehZUUFRQEE6SJcaqvReA4Sa3zM7m83uJgRQqk4+38/y7PPMzM5O3dlhZnsoPvsnjYumpc74fc7VOzfmbfLrUQu/6o/oqOknkUhoqekfpMJMq+adaf8xF6pKvXfaJw/LtVVptND0D67ekkjW1hTRAvWLPT8fjuA3oxorav+e97m3oP6T/PEEjgmFcnzaHr8elTJZ2PlFQb4vy2QykHn45Mui/rYF4Y1fIFvPBlLBx8//krOPZOp6yfxznn6BAd6veW6aRbLgLzjCr7IobKNbjkSySbLmWWVZEkSM7UwduHpKmWza/gBw6R3g67BAEuT3ZqpkGs9ZZUVOWZqLLBtFjLkp7Lci072yRPpuj5qXz0ay8sGZeZJKWUV2Bd/UVvR48uAuofvSo7Y0Tp2o42N6Tr8CwgZn/xUvg18vNaxJux28e7hFv0GgLKUocl+G3dAUBcARHMiTLlyTxoA8eKBxTtAFEDKL4wRCEQiMCQC/kX4PscxQnXqvNuM2CALhTEoThvV9bK5AHLAcmBuXXYKEbwYaQshYCeHjS7SYaBzhdoaOP0PMX+PgyNwLg5w6fjdQzy2bowd+FE6GpAYBkuuKfyAIW81FtZmOT9KRVXP+EboLmvPP5jHkcxQI5yfpwZEpLzMGiuFYScl5T2Yz9e//RCwHmY7OGUieoG+cH3wWqsXNPbZ9DeYgB0oTFDfktzAE+wJKSuMW6Ivizk2uLY2E017z7sw0EoVfn19VGttz4CLGmUaSCgLB+8+rHvH0WrB76c/TtAdlftsEuhbUTaFT8aFXPwnHl8WiBka9as47ivRMUr+Yr1+b4+SXG9drymk43eQXWVoUBRpsrS2lmzFS/7o3PaTFCo0IprnA0VxX5Hz/UG+hKDKrEk7976+SFldFUA4MdEyxG8Bbmg3HH/pPok4b4pUOsLUlLLwV3mvsFReHsfhUZ280XBFfVIsJ4+z+MrJY8ZPQaIeliFFqwdX50t2tYyFYnr7NcY1K/nFVsP+j9dK8FJccpBEIR7EdMMQXNjKy21N7RmZzO5OvAZrOPyFKCzj2MZsLR4kulTRFMsbBguvxoDfSmYCdhT5e5HJtN2PFDtin2oEQTmxdFJ9BexGI1s08FdRnyCzQN2XCp0gjHAT55+tyvoX5JxBZSovrIFievs2BS0D+SYtrIf+wxt6tAN/RkCGGt46vZVyy+eB/fMNIPe8HDjHFsqAihVN6wz+bxwvEku8pj+Dr1lJj7BISv8n8I7QT4hPJPE0rSH/L07Qg/4rKIcOvLER5ftBaLM0MvJiKKvvtVeY9le0nEJ+R+fNqfyQXZHkVIA04YKzN8q3khN2zQof16xiNy8Hx0mK5a3BiUybmFID6J7B2bGH9gxa+zwB9CFZN38ZArKD+7bcSMfXv5BxDnH9RxYpfNodJixuleUnYxIDr30jUPKD618vqXx0k19+C9jM3Dnwx9Q8g9a9702T+eZ6bCselzwpsXUogwxNS3j7dZWHeDz2SQLECwt02MfUPO8AyRmCwBY5KB6pes2n4btz+RE9D7LKmhcfBCZZPy1tY//4+tR36P2lBAU/f5kAq9Z3/SF+ox9S/qHf74DjTrRJ6sg0j+bEFJRyp+ieKiXmD6x88DGI9en7JjTO/lU/q35dDk/n349DZcDwwSQ+OTIZLdMVwjKHk948Ws/s/wOJRCRLSva+l0w4YU0sQjN54fb4BlvsufjP9hDeOg3YTBkq68fn0FtY/d+fzhmZDE9T0bQ7u/4ZD7clL2fi+Bmk8tgd4343PL3lfpPjWYGnIcw2PoFD/ZuiLntnDQ7IsGlL1auYPQmtvrzvXU+TR6ZG9dWffWkzq35dCk/nn5eMExxaO37GDPv0k1Cl6Ou2/MwKO2IHN+MGUXhvgBkLwvGTLaOYMRXUdQoajy9Pr1Pi9IaJI5YWhG43fH2Ypnj69JC1SvXxQp43G72J6YN7C8Ts4wN2sNC9h0kuZVy7d8WIYX02B3GT4zDWiXQqERmP3uQ9zLAR96ONFcGTG7+p0o/E7NImC/ppfwTCQ8XsXpddcL56m1bRw/E4NkJWnLRi/YwcH55vhU0BgvBOO4AAG4FDoYADOmJpAJi0qTchWDWbd/7L2TK+HkOMzMhllU8QWK87GN/CU2nmZx9e0B8H356tG4nO9qJE4bfp1a4Sj3SBm/P6HH/1G4jszpv2sgXZFYILeSnp+yECa3LgfV/h4Pf0HBH/qJQmpf90bzfnnekxCDXK7zfg9JgO6mZbWPxyrI35FbGV7EB4dCfWPGYlD/WN3uqZXs9Hdpb+7lIZO/zMQDbdQhROKVkiMkOnjmwupKLa3I2TYY7jbPmlhOfaOIfWve9OjfMd4derl1bJbd0CQZzXCsSq2Buvr6hqwAFTcjVR8PIZlxgHFRDjK7JGsdDBNUeijtGqmpjCf7QZ7rzh7RhXy7gnlDnuqHGgHfM49gaO8QMFRNgEEC0e4Ihxr/5lbl5pDm3bOw0JdpZyJOTpl3XWrqICUvDdLnonSECPbNb7c3rpil3X12ekVD2Mp5QTaam9VcfECCGBS1CWU79uO9Y1Bm5Dp+L6q8NKKqx6K+kTZu1yIWMVOZO1RvHEUobOolYaW77LgadinzdIjUxGgzjixSFrpBcIwXZG7yxo0iKZOw13mZSq8Eig3RjomglmnsPsn9iPelCEHadXomEgpZ5iIsANbibGHx17KLx2+OuAGLhFwezKjmT9cD45waTiCd4+jIzIV/gmNKi9svD3sAtOd94xDjpsFLhSY62J64AxP3+ZIFQEQq+B058xaJ4/qgLfygCgq/vimAHaaBFwfB8cHMiQLhq1m9IDjQjEWPP4cnfjejtEDmvNvxJb9fcwkIEC32cfcGo7WutQlGz0ZN0vuPwS9sc4o6tRXV4+fdha7j4EDBrZfdZCDiisLjOlABEKDCUfOjXj6GvSxr6fBMb3iAeNYneToDXBsYf7BrUGAMycO5unbHMg/Wq51wgJcF98UrWeliZlQ1MtkHAzSQRZYbM2sfwVCeENAz1mnLqwywW4WDhJlVj/KrPdIL7p8p9APEl9z/hHaCf9/JvE0n4nm/IMC0ktVRt48WGF463dDkI9PFWfKbtwo8Qf5wYbBUDSwG+zg2GJViRaYLIMjOPCKf5yp8Fz95jVj0kifAfpsN9h7psIPQk6vcKb19S5B9bQDHq2qfxAsHNMpuc8AMRYo3j2rQkKw40Qm5nCK7lrlphVA/fve7vz0eb/z9JholylYCFa7qf/tccyseYhlwQh0a1BToe/4mHHgv7tubxoFt+mJm2JS/7o3mvOvp9maTIUPCHZvXi3y8oBKkFF88dX+YcP6oYYYHk+AeP9FTP2D/k8pBGRW//ukEgkLRugrHaBSjP02Db939L5gCUe4NFupkbfxD1tZ/3w8I29ENPCUbc+LeLoOMf0frjT4pgxHLqPSBDVmgC96fvGnn1+EonH96UoGaXhzHnqUQ3qTZVBrJTqq2yT1r3ujOf9m/X1lqjHqzI5OQTnPVALrgagnSKXk6FfTmfrHrSWodwmuQTJT/wRjFiqtzROtHCTExB7jXLr88p0y2sSjdfWv3jm94CyW14zQ2+v/wujy04A7UzMrbztTLQfcYFLGRccib5BT5N7+/9CjGgOd0WB6H3pAf9nuLb4vfzK08b1mBZUmA3pTKs5gSm7wiQnEnXfAR0XATxtuYpkHmHrrWv0mhLvzhG5yd6JPstwHIobjA9VOGkz3mpZ3nZEJefFlQoYK/ZZKYVL/Oh1tw6pm0Zx/B2Yau7ttAaGF43ewLn10BwRqAE436Mz4HUw/6lh25Ph9yIVHRgMNGCsPiJVf1nN8R+2K9vF7n36jqTTxww/Avwn1Xp9FY+5W0WT9w2NMOLZk/G7+70vsHg3Aax5O8UbO2ON3j3
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff77-cd5c-4435-ba7a-401a950d210f",
        "value": "AppBFig6_Traffic-a.png"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware - Traffic",
        "data": "iVBORw0KGgoAAAANSUhEUgAAAw4AAAEACAIAAAHisobVAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7L0HfBVV9gc+gSSPKqEKCAIKll2FXSvKWlBR7Lu6P1xdxYJ1LYvrqqsLTkJCgEBCCS2EGnoXFqQTWkIgCSWQRnp7eW3oEJL8P////9wy8+6Z994QEBX0ns/3k8ybO/fec889c+bOzJ3vVf4/KQ0QYqZopVv+/4XVa65Y5fp6TQMUvNSSbTgqParSCzZURWGod+UbSXM/nDEuhOzM+vwhkuTMZUkxA8YmfZY0452x5GfFurwvB9L95fBX7Ze0Km63UVrJqFdZlhNuzVMNtfC6Mj/uTwrU6yopck94cpiqNIPtc3QPQXXa5p122DjpIT8PDrCxJv0UQszEa/0RYIr+GHgb/yPAmvRTCDFT1KMTWTX5ZahWgCvzoGmPiDph+/w67hcMEb2+FH9eNpiWv7gQM5WXuBf9Z0W9VhqlKNM7hKh9Z4mKgi3A2+EUODP3QfjpmfnmBa0UNspK3OzEIWjSur5y95LmCsui3judbHjIYVt221Wle/FrbVgSgNalTQm5iaQ+fEO9fVd9yYIftldVlXvyBtrU5j2gQNCkeMTLdcWbmZa/uBAzqd0+Zw3A3uS4QDeIFWztYWNCC24FA8uiNrFSfvXCzTSzaXBNzrq189OYy5zIyqp359fo5nAu/xqMlb6j8Fw5CcP1mrvGpZ0rrxgfFMZK+dXLpYVwfjZhsIJ+3ULMNLX5reUfdobYlFemnfFoNDZ5DCtcOJYJSbChNnlaDFtq61ccw3qB4VhBv265NG+6KFihvz4hZqqxu2bDWI62E65rNTn7ZjdS6ovnZxXgs6xinb5dCgMlVXnQkV0JPyELuRr2nZUUTEr7VcqvtmFXVqSZGiTSTA0SYiaIL1t78NiU9OU8Ptq074D7rLMeLTL4Thah6JCqIrknPzJOaZf03Zby4feujP2hGu5a+86KCfodhK3yKi28wxB2jF/EPj0GRmGwUbP9o/jvUsnO6rRKu6b2GArbtRmRdZoHktgxkAR/J36xK7fATX4KYA34eYSb6VoEa8DPI8RMteBELZTclJxxjRulf/gYeFPx622ZKmq7wdHPLqLe5DTdxEMS+UuTYGNKVMaq1gp0/nmaVPWv7saRAOKD1C9YkjPy9rrcWVBv9EtrEsFrShZnF2ullVpq76Dozn3gMKhr9uwCw3MBs1o0cyz6CnKlbjsW+9Z0o65ZozMgCQ5wV+dDLlCDHF+dtmu/AzbUDkNO74iDJDb0MxD55Hy6QZ7DRPQeDU3OuDsUttn92ek5/WgqUQPq4mZiuyQCgZvpWJGn6I128HtCl79WQYxgsYmOkuY//825DZ/Xe4qZy0DnE0dzZrgcGuSK7vSGe/xDsB+sHn7feNL5lRtOuDW166fQjfVaGSRB/4Tfn/h9O4XlGtEv4diLzdkjOlbgvj7EL0i9v4sqeqU17AQ1oMBt8w4zH6ywEzUgF6sLChxxyzCjLhiy5T/XNGXII+ObKJu3HwgP7UoK1CrgSKhr+apSqrwG5UNdKXc0gm2GOgdxNwDUVbP9Y1KgruHBAcQ9AeDvkCS9qUHgZnIfyp/TTHFvnjT2ri5VGXujFRvrRuioqEcnqkoHCEDOQxlT308Mv2VYbSU4QgUEhfkJ2YtaK67MzIo1M86Vl49s3LP0PbgxJOWO6J+4onMj2Ok6esiemQkbFZ90gVzQbxCAYoPaQS5IWjNtG+SqLT1Sr7mgLshYXK6Vzf8GCtyatF1t+0Lxu5CL+B0UGB/cIqL9YE9mamVR+dK2TVhFgNh3N8ItAUnKObx60g+VC1Say33Oo8X9Y1tSG9KuCEXZdlOw2vQBo11jXl0L/g6KkWcenmKoyzX6XlYXtAuSKpKGgoZQIOTyetOMQVFqMxJ04TKsLfmKFQc/y0vcu1bnkEdOirL4trD9b5HHLAygx8zBcTRLs/mhSuW4V+vLdiX3UtRuQ/duKZr78dyIDr1ZxvrSpXWlO1guMNOeDYU0l5LQIRhybe7GLvx7C8gZV6Y27gAFTgprlP5Ov/rqQywXFLg6bifLFddUOblmGGyzutxwttKhA6uLbOu51CbPJLw2FtrFDjjy4YNGu4oLXGALpiH8hLpWhFE1aLsgySgNcnEzVZS410xKUVuSx4YTWtCa9Gf1gLnvTw9vdyfsdI74/bmUyaymY2Wa2uWTOe9NU1veWFe0iufykIgAgAIh14hO96m29rAfctH93msN5IL9DGQPVd1R6amhSVDgpLCgg+8/TCxIkwAzXh6uNusCx4MabA8D2H1Z1CZWEfw8OvSpejt/MA1qJL4ey5KgwHrNUe+GOFWRV6pN/GYv1BX74TaWq2zUIEN5NXQA7DRQMPxFbqbIR6aE2/qeKSqK+2xH+o7CqCenF73Xtd6df9LtXHadsrqrUhb/qjs7C4qYHhzCzHTaTp60QJaq9bO1rEyW68zqt2AnnI9QIOQ6+ObN9o1JEDshF9Wg1HjOB7k8OQfXdVKiBiaqTQdeoCfCmZLK+pIVrMAty9LV9n8hB5Mkosa2x9tUr46GsxV2wplCzn1PsebSsvdnjw8Kcy7/GvZrWVmq7d5jf+9Qr3kgGIMaS7sokATKQ4HZBZ6T815g0X3yVzuhLtgo2LkHco0K6kaVd7Nzn8QEip0r0tRWz3AzQYKEBbiZ1Nav0N/V8BfuTuo9JHYw6EnkRgGujqn9W8FGXdaEPRkOtc2rJ6ZC2CMjNHKydP8XbJxf//e1P3DvBUSEBEPYJmPIYBtLEguEroMCU/s0ri9bnVXgUW3d818OYwUSNSAVkjQ7uOfU5reSRzf0ngmSRv11pXv+COYXY95YX5c7jSkP/T9lZCbx99JluSXaTEUBDZkDklPeU0iSnAfdTlL4hbTv4IaMaTh3fDJJYmq0eRWSYKgBx0ASFCi9qUHgZopQ7qjLnbp58g+wa8K/d9fbsxfY+DBMtT0JYayO9jB4E/wlVtcq2HZ1KrlxhQPgL7gMy5VTRMLq6XmPuiJvzxtoY94E+yHKpB4kY1QtDm5HILQ5IInlhaRZ03Nr7K6Kj7swlzmRQEaSi5tBD68CvwA1PDG9yZFcDffGW7qyn44DheBooAkAkqAuoqE71+MiasABhpJGXaBGuHLPqcQHQMMRtsdgJ9eQjkLhL7g5NBmS0p7pAEnSm/wDbGISYiZm9dlTssHeNTn7R7R//tzGf4DLOB1arNI+3tb00PD/g87PyXdP6jooIagFdMjaTZVq0+d2fnFnfcGChS1sZ78fvHR1GUmiuaBA8iSE+gUML3n1nnLyPqL5C2sX8oEY309Aco0fshaSTiXHuzL20tDgoZ7rgb6FuqBAqAvc88DmXPWuSeQlqKZtT62GyDXm9R9YgYCox+OTewYzDeGAmL4fqkrjWOX6CZ/vGhlKb2j1EYbHSRxtpGKDXGXvdazXqth+KJCZRhTpTX7ATCMKMdOR1Rkn1sLFgpizulo7lXi/ZxwPBOwgKcRMUi4qClxuRj6/aHVbb6RYsawQTtdwRYlv3Rg2jP0AVemlXtcTNiCpZNSrtRkweCH7S4rckBTe4sbag+NimzUtHP7n+jK4iSPvqSB11ttTZzZpB0Vt3n5g7yt3wQ0g3OWVV5GkuR/OIEm2zgldWop1FRbQeRy0rqzPHwq/Lybn0WCWxJ7zrNvCQ0lkNxpx6GMf3qafQJAVrk4wW0PwFnf6BW/TTyBKwocQlcz1MVQveM2050diZhB5kOqLla3hvhTtCX94Id0o4Wr+0qIs+l3bvK+fZn0FwzM+yYj6P7kG+3RjWvLBcU2UvUPug2O8E5qUFhFhPclpoiinPdrkb1NWdeQWiRm8YbyiXNhJ3prMCGoBdcG1/PzGN1esJQ93MsltKhn78XlVrmMsV0S/+bOHTJ79yQyu5i8tJDYxzUR8fz0f19C/fNqFo9LD/H9zLxgcby4bNYiX8RsQYqaI0D8W/I08C2ePEQBFX9x8PHs/eTFXtfVCWjjbGf3cPFdp+Y
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5937ff89-0154-437e-860e-4b06950d210f",
        "value": "AppBFig6_Traffic-b.png"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851791",
        "to_ids": true,
        "type": "domain",
        "uuid": "59380950-8978-4ec7-9394-4736950d210f",
        "value": "hurtmehard.net"
      },
      {
        "category": "Payload delivery",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware - Xchecked via VT: f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851800",
        "to_ids": true,
        "type": "sha1",
        "uuid": "59382558-df44-42e8-a60e-440902de0b81",
        "value": "a85c021282ca5f8b6c0f18d3cdc819c44cfbc5ed"
      },
      {
        "category": "Payload delivery",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware - Xchecked via VT: f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851800",
        "to_ids": true,
        "type": "md5",
        "uuid": "59382558-a914-453e-9e28-42aa02de0b81",
        "value": "0b14f1e403909435e2a98ddefffd744f"
      },
      {
        "category": "External analysis",
        "comment": "PseudoDarkleech Campaign: Cerber ransomware - Xchecked via VT: f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851800",
        "to_ids": false,
        "type": "link",
        "uuid": "59382558-29e0-4a87-938e-417402de0b81",
        "value": "https://www.virustotal.com/file/f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef/analysis/1492378270/"
      },
      {
        "category": "Payload delivery",
        "comment": "EITEST Campaign: Cryptoshield ransomware - - Xchecked via VT: 1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851801",
        "to_ids": true,
        "type": "sha1",
        "uuid": "59382559-ad5c-4181-b334-4c3102de0b81",
        "value": "06841d0af2d945807c4373ad610c996278d51515"
      },
      {
        "category": "Payload delivery",
        "comment": "EITEST Campaign: Cryptoshield ransomware - - Xchecked via VT: 1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851801",
        "to_ids": true,
        "type": "md5",
        "uuid": "59382559-97b4-4f89-bb1b-4fbe02de0b81",
        "value": "f83692698014c9144c4dbecacca28777"
      },
      {
        "category": "External analysis",
        "comment": "EITEST Campaign: Cryptoshield ransomware - - Xchecked via VT: 1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1496851801",
        "to_ids": false,
        "type": "link",
        "uuid": "59382559-7650-44b3-9f13-4ae602de0b81",
        "value": "https://www.virustotal.com/file/1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd/analysis/1493984950/"
      }
    ]
  }
}