2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2017-06-05" ,
"extends_uuid" : "" ,
"info" : "OSINT - Shadowfall" ,
"publish_timestamp" : "1496855294" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1496851791" ,
"uuid" : "5937f449-62bc-460c-a4c6-4bb9950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:exploit-kit=\"RIG\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5937f48b-c8b4-43d1-8a3e-81a2950d210f" ,
"value" : "https://blogs.rsa.com/shadowfall/"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5937f580-9870-4490-b8c6-4262950d210f" ,
"value" : "Over the last several months, RSA Research embarked on a cross-organizational effort against RIG Exploit Kit (RIG EK or just plain RIG), which led to insight into the operational infrastructure (and possibly the entire ecosystem), as well as significant discoveries related to domain shadowing. Domain shadowing is \u00e2\u20ac\u0153a technique in which attackers steal domain account credentials from their owners for the purpose of creating subdomains directed at malicious servers\u00e2\u20ac\u009d."
} ,
{
"category" : "Payload delivery" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5937f7cf-18c8-4baf-89fe-4add950d210f" ,
"value" : "f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware - Reference" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5937f7cf-11f0-4061-b502-485d950d210f" ,
"value" : "http://www.malware-traffic-analysis.net/2017/02/27/index.html"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware - Malcode" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5937f7d0-da3c-42f8-ab04-4bce950d210f" ,
"value" : "https://panacea.threatgrid.com/samples/e55adbba88f8663369a1afea4f520c50"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware -" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5937f8d8-50dc-4006-b238-42a2950d210f" ,
"value" : "1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - References" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5937f8d9-4bcc-492e-83c2-4cae950d210f" ,
"value" : "http://pastebin.com/embed_iframe/y1TdBJH6"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - Malcode" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5937f8d9-2518-4cc4-9729-487a950d210f" ,
"value" : "https://www.reverse.it/sample/1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd?environmentId=100"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B F I A A A J Y C A Y A A A B B 8 c J W A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 L 0 H o G R X e R / + m 5 l b p r c 3 r 7 d 92 / u u 6 q o h i g S Y X m W w c Q v u I Y m N c U n i f x L H s W M 7 d o L j 2 I 7 t Y G z A G B A G 0 Q Q q q P f d l b b 3 + n q f 3 u 6 d u T P / 33 d n 3 u 7 b 1 V u J I g S C 81 s d v f d u O e U 73 / n a K d c z P T 3 d R B t 33 X U X 9 u 3 b h 66 u L q x d u x b 9 / f 1 I J p P t u w o K C g o K C g o K C g o K C g o K C g o //Gg2m7AsC3OFIu55ei8mjh/B2177arzzHe/AhUDK//pf/8t96JZXvQrJ/rU4n2lC0zT4fD43EwUFBQUFBQUFBQUFBQUFBYUfHTThNJpI9YSQt0r45hc+h2TDbgVSmPDZz34W23Zeg87VOzG6UG2/pKCgoKCgoKCgoKCgoKCgoPCjjdRQEruPPofS1FgrkPKhD30Ib37zmxEb3om0rbcfU1BQUFBQUFBQUFBQUFBQUFAQBPsS2P/MAxcDKb/4i78IX2odzs+X248oKCgoKCgoKCgoKCgoKCgoKAjM3gSOPPfIxUDKr//6rwPxEZyczLYfUVBQUFBQUFBQUFBQUFBQUFAQ+HriOHHwyYuBlI985CNoxlbhxESm/YiCgoKCgoKCgoKCgoKCgoKCgovuOI4deOLSQIqsSFGBFAUFBQUFBQUFBQUFBQUFBYVL4XTFcfTyQIonMYKTEy+8tcdymrCdRvsvwOvxIKR723+tDPm+cslu8Kf7pWUXps8Lw+dp/6WgoKCgoKCgoKCgoKCg8MpHw3GwMD+L9Ow0quUSmo2L/vPLBa+mIRiOINnVg47ObvdaJr3AOs2gVMjBqdXcay8rPB6YgQDr1IuOrm7ougF7fgYz+57G+LNPo7w4337w5UWI9BnedQu6tl8HPdnZvroyrFQMh/c/fnkgZTVOvcgZKU9NFHAqXYWPRGg06hgMNfHa4Qh83suCIk35rxU4sZ0mHjifx3TFB40dWnMa2N4dxNU9Yfe+goKCgoKCgoKCgoKCgsIPA6rlMvY8/ih+/B23obe3B5qute+8fLAsC6fPnMeDj+/Drle/1r22/5mncPWW1diyaR0CwYB77eWE02ggs7iIz3/5AazbuhPRRAIH/uXTiBWncMf73oa+zlj7yZcX47MZfPofvwDP6u3Y+KZ3tK+ujEpH9PmBFG9SAim59iMr48nxPMbyNQzGA1iX0nFtFxDTWwGTZvPiipPWOpTWzwZ/LdQ82L3gw8k5CxPZCjalAri6VwVSFBQUFBQUFBQUFBQUFH54UCmX8PTDD+LDv/pTKNe9sOsv/4qUoOlDMZfBZ754L26+7Q3utb1PPIbX33oN+gcHUazU3WsvJ2TxRW8yiI/+9aewfvtViCWS2Pvpv8ewt4gP/ty7YE2cB5bWZywPLSxB7i2/fvnfl6B90/2xwoPLLvmH1+LP//zjKHWvx7Z3/Hjr4hVQTEZxaN9jlwZSfB1rcHrqhQMpT43nMJ8r4Lb1Sezashn3nTAQ9QN1h3VhZST5TSAVA3qSQIi/L5aAdBW4Kl7DFx7ajcdGK1jdlcRV31IgxUJlahrTD0wh+N6b0MWyLi5+KSG7fwzZqToit21CrD6J0U9+Bs81m3yrhaEdr8Gmq65CcG4Ks0/PI/TOXW4eF7JAEek9T+LEnmdxxv3bD5+2Ezf/+C3ojepYedcSB0IzjfOfPAL9tTvR0R+D39e+BRvW3Awm7x5FgHl0BbOY+fKXcZhtWFqolOhbg+2vfTf6/YvM4yjMt16PVHcI5oWyqqhMnMSZr9yN/e0rwBbsuO1GrF7TidAVA5o5zN53GlYihfjOYbD6bcjAzWDs00fhvXErOoY1VPY+gePP7sPZ1gPw6SaufvuHMJKqYPGek6j39yO+pR+RC3k4aDoLGP3UZ7C/XCHVBEMY3no9tt2wDnHDvbACSsgdGkdm1EL49TuQMoVbq5h/7hPYo92IDUP9SJycQSHvQ+TWTUgaTZaTx9zev8dTwbfiupFV6A9L5nVU5g/h/L578Oxp/imMtvkduO2a1ejGNPY98xSOneDAI8Idfdj5xp/Fqrj8lcHkl06gsW4VEht6EL5AuzoaltD/CMy37UIqMIN9Tz2J02cn3LvxnhFsv+39GLosKFqZuQ9H03VUY6/Czf2R9lVBFYsHyXuHZzCb3YjV26/Hjlv6EWrf/W7RsDPIn/kY0p0fQn8iCMpFQvh/FNnpBiKvY79yrLnIHsV9C3FsiDfgOzqLohNG980bkLhiH10JWUzfvRIvfK9RRXn8OM5+9RvL+H8rdtx+I9asTiGoVVA4OYGFw3mE3nyNO55fThTP/QMmPNchmdqIriWGqpdQypzDlxZ68K7BEsbuGYexeR2613e/wHhVUFBQUFBQUFD4YYQEUp568AH8mhtI8XyfAikaStkMPvul+3DL7a1AiqySuf1V16J/YACF6gtv7UkvLGBy9Ly7guTF4Pf70Ts0hMFVI+0rK0MCKX3JEP78/0og5WrEk0ns+dTHMOTJ4+d++p2wJs5ddNTFbbzotLt/F+06Ti4WcT5TvnCrLxrAuo4wnGYTp3lvplB1r3voL47Qb1qfCiOg0SD3tKMm7R+XB1L+4i8+gXLfRmx/5wsHUrLxCA489xguCRN4+M/r8b5g2twZxmsGDWyOOwgHDRSYQyMgLh2wYAETBeBMlikPTJWBRbZjjul4RgIsOtYFyri138DajuCK+T8/1VGbn8HkNw4hXWNhl9yronTqPKafPIM8mbNZzWLiCxMwu7dj7fYbsOWqGzBEJgnpNVjTk5i6/ygyzMNzSR50yo7OoXBKQ+emG7B5y0YMBPfiU48cx3TRRvOSZ5dSk5Sik/m1/ZifLaPWXH6P9c3MYuJrB7Boedg3BSw8Mg3H7sXg1lad1qzbhJifvVbLYOpLz2IxbaF+WR72/CLmHswisuEGbNp5A9amRvHYkcPYP56Fc+G5y1MJ6WeOY+7YHMrO8uvSrznMfOMAFqYKsJtV5I/MoXhad9ssddq8/Tqkwjp0XxELjx/D3KkFVBvL8xDey2Hqq5PQIhuwetsNWD9Yw/jMAdx7aAr2hecuTxZKZ0Yx/bj0EfvPqSCz7yM4mI8hGU4hGaiR/mcxvXsUBd5vWrNY3Pc7eK40jL5YAlFDh7c2i/Fvfhp7v/B15OOt+m7ZuQtbUhkUC3Xkq36k+te1rm9ai4idxT//771YbJL+ngLmHz6C+bMZWJe0p4lmLY3Ju55z6V92Auge2tDKY+MI9Pwi7vy/+5Dhsxd4zp7E+dOLGN19CoUTBzBnLeXlgTV2L74wacLu2Um6VDGRP4R7zmbb97/7JFvpdKeGz5yYRbrqtK6Tf+YP34P9D30BJ2arF561Zp9hm7JsbxDRwV6khjsoPC7N71tLbV44OX8ZL3yvE/l/Lo25h3KItvl/TeocHj1M/p/Ikf9tVMcnMPXgceTIMyvn8UIph7n7n8HJL+7Hgr3S/RdOZsPBY6zHqZx14ZpTGUf25EfhOCF4tDhSGwaRoNCWs6CWv6uSSiqppJJKKqmk0o9Gcid+iQY9RwmjvNxJYgSyEEMCCkt1kt8FKz1/eTp/+hQq9Gtff8uOF01r+uPY+/hjK+ZzeZJ6teIOrXpJnWRnS6NeayW7nZb/LqlWw3S2hMdnKrj+3e/Fde10xNLwwKkZ3H9yGmc94QvXr377O3HfuQwW82U4NfuSfC4kKcP9WXfrsJxWV0rSn3U2gj18EfLii6Vk0EAqoEH3OAgH6tg2XMDa/hpu39nErduAXZuAq1YDq7uAsClRJ2AwCtzQBwQ1/t103Pfjfn3F/K+YpH705i+93iK8m9x7Gp8bwuqdr8ZVN9+Oa5nWjKxCxGw/c6HD2n9fSDHEOrdh8w2347rX3I6b33Ebrvr848hNFulAXv6sJCEif7JOz8+rneTeUn3Rjd41u7DtxladtmzbiUSAdZf78o/PPD+fAAz/WmzYdTuu4Ts3vuuNuOboNLT948jVLn92WVrK73m0WkrtunviiH
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937f9fe-3e58-4a38-9918-819d950d210f" ,
"value" : "AppAFig1_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B R E A A A L E C A Y A A A C f V n c N A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 N 0 H f B z F v Q f w 33 W 1 U + + 9 W 5 K r 3 G 1 c M Q b b Y D D F t A R I Q h r p y S M v p L y E E A I h J I R Q Q i 8 G Y z C 4 N 9 y 7 X G T L s m z 13 q W T d G r X + 9 t d n W w Z Z E E S i r F / 33 w G 3 c 7 O 7 c 7 M z t 1 l / 57 d l c 1 f u N g D I i I i I i I i I i I i o o u Q v b j l N I O I R E R E R E R E R E T 0 u X K 7 X L B Z L b D b 7 c J r t z f 3 i y O T A Q q l E r 5 + / t J f m Z D h d r v h s N u E e l n h c r q 8 J b 9 Y C q U C P j 6 + U K n V k M n l Q k e 54 b F Z 0 N v W A p v Z D H i + + N C d U q i L X 0 g o / M P C 4 V G o p D z Z U 29 s / I 9 q o v I N h N J X K z R O K W z F m 0 l E R E R E R E R E R D S M r r Z W K N w 2 + K g U U C r k 3 t w v j s f j g d 3 p g t H m R m h U L N Q + P u j v 6 Y b d 2 A s / t Q I q p c J b 8 o t l d z p h t r v h o w 2 B N j g E 1 q 4 O 9 J z K g 8 r U D R 84 h R J f f B D R C Q V s K n 8 o 49 I Q l j t N y p O 9 + / 7 a i 9 Z E j A 2 K U V m R V E j o 7 M H C T e 16 a C I y o P Y P g l z + 5 X Q y E R E R E R E R E R F 9 N Z S c O o E Z E 7 M w K j N t Y F L a l 8 D j s O K t 1 V s Q l 56 N w O A Q N N V W I d R P g X m z p 0 K m U H t L f b E 8 T j t 27 T 8 K k 1 O B u O R U t J e c R v 3 a F f j 1 I 79 A q M L 1 p c z d M 3 v k 2 H P g B P a e q M R V P / m 1 l C d r 6 + g a M Y g o E V 8 I p Y Y W X L X q P c j C 0 u E T F A m F g k F E I i I i I i I i I i K 6 u O K T x 3 H N r E l I T E p C v 8 X h z f 3 i K O Q y x I T 44 t m X V y E u P Q u B I a F o r K 5 C d L A P r p 43E139 N m / J T 6 e u s g L 1 V Z U w G Q 3 e n A s l p W c g P S s H v v 7 + 3 p z h R Q b 54 M O d B 9 B j d S M + J Q 1 t Z 0 6 h Y e 0 b e P r F x 2 G p K R O v A / e W F A w J z n l k 3 p C d N 0 + K 4 w n / k R a F / 0 j L F 5 A N r J N 5 h F e D a 4 U c 7 / u H Z q k i o r E / v x T r d p 3 A n F / + Q c q W v b r 2 m K e 4 t Q c y h Q d y p b A R l R s K p R t f m z 4 G K d G R U K n O R 4 Z r W n r x w s b T e P K B e X j x l d f h C U 2 D X 1 A k 5 I p P G z 12 w K L L R / n 2 v 2 H D U W / W 9 O / j t u t m I D v G h a 7 t 63 B 8 w x a c 8 q 4 S r w N f + L N X M S H F D t 0 b L + D Q q S L U e t e F x G X g 6 u / + F e O i x K V W V P z 9 K R y s q k G z t B a I y p i M e f f + F j k R 4 j X 2 r S h 5 + F H s a 9 e h c 2 A 1 E i c s w O z l 30 a i s x h n / v B n 7 B L y 7 A O r M H b x d z D j 6 i W I 0 3 o z z m l B + V //hgO19cIWB8RkTcfcr/8K2eHeDC9D5T+xv0MYJNG3YGl6qDdXPCotKPnjn7E/exmmz7kKk6IDBlbBBltHHYofOY7g392BhEgfqPuK8OH6tTiWf1ZYn46Y1Nux/H+nIGzgDUDXCax5932cLamWFkPTJmLKbb/AzJTBwdmGyqefxsHQKciYfy3mJgR688+z1q3H++/3IHLiTIxJLYbT2Ax7/M+QeW4nLSh7/ChkcycjZkoygsTL4K06NLdVYXVXCn4xJe7cGOuv/IfQ5iAoYm7G9Wkh3tzB/v+T0P8d5/s/9xrMWf5DZIQ64bbX48yv/4C9JjP6vOvTr7oFs5beg5Rgb8YFLNCfWYGju3fgRG82YuZ9E/ddnQFf79pLlkOPrqISnNmiR+ovb0aicJi++MnbRERERERERF+O4hPHsWDWRCQkJcLwJQQR5TIZYkP98JwYRMzI9gYRKxEd5IP5UhDR6i356ax7ewWunT8N2aPSvDnnidfy/u0fr2L+9TchKi7Omzu8iEAf7Nh1ED02z7kgYt0Hr+Ef/3oUluoywDUkiDg0MugB3EI60qRHQUsvjHbx0mcgVtjelLgQJAT54mhTN04J6wbjhBlhAZiWEIokYd3FiGXVEdE4cLIc6/eewtzBIOK/3j/kKe/qgVvuglzp8gYRXbhn8kSkx0RLN3UcDGmWNerxp5WH8c6vb8KLr74BeVg6/IKjpJtRjswDl6EKdXs3oaKoG/Hffhg5g0E3axU6zPEI0NrQt/k4WipdiPjxEiSJcTChYxQKFWSyZpQ9ug+m5AzE3DQJUWhD46kCvP6aGt97fQlilY0ofnAXnLOnIP6aHITJOtB+rAJn1rsx4ZmrESOrR8F3PoTia9ciYWoyglUDAUq5wg5rcwVO/mA3gp75LlJjfOHTewLr32qDIzwTi74xDmHnojxiH9Sj8Gc74b5mJuLnjUKoow5nDxRjx/5g3PfUAsQIZcVj6e4vQn5+K3qaWhGWHI+ISQuREihuSAyo1ePkdz9ES8p+aGZ9DZnZNyAlXCm8zwxLSyVOfG83Qv/1ANK01Tj2fAt8xqdj1HXJ0Dp7YTN3o9M5CinRHjhq1+L5V7qRvmAups1IFdpkh7nlIOry16Ih/nEsnhEBlbwRZ3+1G/WqLvgvnoVR44V6B3hHm0eoi6saeQ/9HnvKYpH9jXswZ44P6ttbcdQ8Cj+ZEQ+ZUMbTewx7H3sO+tyvIXfBAmRGaWDXl6O15jiKA27B9dmB0o1J3X2ncVxoc19zG0JTEhE5aQGStWKbxYFejxP3C/3/9euQODUJQdZK5O+oQH5pBO56ZDoi7LU4/vUt8P31nUjOjkSAeJtNuUI4PkIa+uE4R/goujvQtC4fTUV2RP3yZqQJ/Tts0RF1ovHdfOiaFIj84aKBMfeZEvr/N/vgnDkZCdeMRrhGqLfwWXK7PJApFVK//ft1JiIiIiIiIvpqKjp+DFdflYv4pCT0WQancn1xFDI54kJ98fwr7yIxMwdBoaGor6xAhBhEnDsDHSMEEcUHwThsNjid54Ofm1atxJKFM5Gdne7NGSCXyxGoDcBvf/83LFi2HNEJCd41w4sK9MXO3QfRZ/MgMS0dracLUL36VTz17MMwV5bAMxhEHAwiDEYEBS63B385Uotv/eB+5ORkQq1WYc/ePOzduh2hKqBXE4hHHv6lFIPo6zNgxZvvIdrQjjmJoR+PSQzJUEfE4GBhJTbuL8LVD/1RypPLFC6YPSY09Lehpq8ZdX1NqOtvgs318YOp8rcjcrTu3EZlQueLwTjp70jJ0w9dwT70ODTI+MlfMCHOB2qNNwWNRXxMCIIDxKCKUuhoNVSD69Q+0qXS4j0XpXUK77qAEIRERWNyYB8cVnEfA+sVSg1UwnvUvn5QBqnhCbXAbZOLjRSqPGS9sA2VSg2FGEgU6y+uE/PFFBaHjHA1ElTiU3mGtEHax8B25IPbCQpHVFQYxvobhIE0WM4NY30ZEB6F5Bni9fVAY2MfPOe2IyRhG0kTf4QAmxrdNWfQLQySge2L68RIpNBmpwUtyf3oDnEKOWqo/aOhjchBaoyw2qVD6ZbNuOquubhqdg4iA8Q2BSI4cTZSx38X6pWH0CYcPrfwTnFfYbFBcBsdaK/shlOqg0w4Jg5YyopQeNu9GJMyCmniPv3DEa8IwMTONvS5hZoIbektP42we78LrU8cPJ0muGU2WDqsMJwNQE5K8ED/CeUM9aWQCQMseUYWAgI9H2+zeHxU3n4LjkRsZBCy/Uxw2MXjIwYbVcJ64bicOz7CsscOi6kbNR3ifoduSwwwCuuF8aAQt6sQ8oT+6j/bDHNvl/AFUIyKMyfR2NwKo9S3MnicJhhbT6Ly7ElpXUe3Hn0NjehqrUGzvgb11eXC2LcJ/SK0rbQVfbpm1Fd1oEtvhLmzB4aGbtjc4r6FvhP6wFDWCpPBMdDHwufBZW6Hvn5g21Ulp9FntaKvrAK63kY0N5WipqkJOuEL0m02wVTbJW1LbLfMbUZfXRnqhfdJda6vh8nh3Q8G6mLSd6KxplRa39DYhH5vm+C2wtx2EtUlA+/VCfW0u8T3MjExMTExMTExMTExMTFdgkmcKSSeow9Elb7wJO5XOKMWqiCmwToJScoXffw9g6mtuQkHP9yM4zvPp6jwIBQUlmDlqo3457Nv4NHHX8A/nluJv/7tJempz+JGP11bB/4MrZP4TrfTBZfdDpfDMZDs3uT0LgvJ7XLgmqRgvPvS69i1Yx96e/ux8JrZ+Nq370Vo9lj8+U+/kuImNbUNeO
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937fabc-4f0c-444e-bdde-477f950d210f" ,
"value" : "AppAFig2_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B R E A A A L A C A Y A A A A E x z U b A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 J 0 F f B z H 1 c D / 0 u l A z M x o W b b M z E y J I b H D z I x N m g a a J m 3 a t E k a a t I w M 4 M p Z i b J b E k W M z O e d D r 6 Z v d O t p z Y D n x p m z b z //3G1u3uzc68efPmzbvZHZfps+fbkUgkEolEIpFIJBKJRCKRSCSSU+Dy4oqDMogokUgkEolEIpFIJBKJRCL5l2KzWjH1dNPb2yv+tjmP/vtwcQGNmxvuHp7q/y7igM1mw9xrEuXqwWqxOq/896Jx02AwuKPV6XBxdRWCsmE3ddNaU4XJaAT7vz905ybK4uEfgGdgEHaNVj3m8uQbX/2kkmjdfXBz9xaVcxO5OA9KJBKJRCKRSCQSiUQikUgkJ6GxphqNzYRBq8FN4+o8+u/DbrfTa7HSabIREBqBzmCgvaWZ3s5WPHQatG4a55X/XnotFoy9Ngze/nj7+dPTWE/L/h1ou5oxYBFX/PuDiBY0mLSeuEUmEjh8rHrM5YOPPztlSZTYoBKVVVAvEsLuu7iitgl9cDI6T19cXf8zQpZIJBKJRCKRSCQSiUQikfx3kL0/k/EjUhmQkuhYlPYfwG7u4e2PVhCZNBAfP38qigsI8NAwbfIYXDQ651X/XuyWXtZt3kWXRUNkXAK12Qcp/ewt7v3jnQRorP+RtXtGuysbtmSyMTOfibfeqx5zqalvPG0QUUX5Q1zV/8L33/8Ql8AkDL4haDQyiCiRSCQSiUQikUgkEolEIjk1WXv3MGvSSGJiY2nvNjuP/vvQuLoQ7u/OP15+n8ikVHz8AygvLCDMz8CMaRNobDc5r/xhlOTnUVqQT1dnh/PIicQmJZOUmoa7p6fzyMkJ8TWweu0WWnpsRMUnUnN4P2WfvcHTLz5Kd9FR5Tlw55WCfsE5u4szZOc8psbxxD/qR/GP+vkEXBznXOzir76z4ojz+/0PaYPD2JyRw+frMply9x/Uwy6vfrbbnlXdgovGjqubyERrQ+Nm46Jxg4kPC0GrPR4ZLqpq5YWvDvL4DdN48ZXXsQck4uEbgqvmh0aPzXTXZZD7zRN8uct5aNz1LJs7noHhVhq/+Zw9X65gv/OU8hz47NtfZVh8L3VvvMC2/Ycodp7zj0xmxrWPMSRU+VRN3t+fZGtBEZXqWQhNHsW0S+8nLVh5xr6a7IceYVNtHQ2O08QMm8nkc64mxpLF4T/8mXXiWK/jFOnzr2H8jAVEejsPHKOK3MeeYEtxqcjRQXjqOKZefA8Dg5wHnHTkP8PmeqEkYWezMCnAeVRplSqyH/4zmwcuYdyUiYwM83KcwoSpvoSsP+7B74HziA4xoGs7xOovPmN3xhFxPonwhHM557ejCXR8ARoz+fSDjzmSXah+DEgcwehldzIhvk85a8h/+mm2Bowmefocpkb7OI8fp6fkCz7+uIWQERMYnJCFpbOS3qjbSTl2kyqOProLl6mjCB8dh6/yGHxPHZU1BXzUGM+doyOP6Vh7/lOizr5ows/ijER/59E++f9JyL/+uPyHz2LKOTeRHGDB1lvK4Xv/wMYuI23O80kTz2bSwkuI93MeOIFumg6/xa71a8hsHUj4tCu4bEYy7s6zv1jMTTQeyubwiiYS7j6LGNFM//7F2xKJRCKRSCQSiUQikfxnyMrcw8xJI4iOjaHjPxBEdHVxISLAg+eUIGLyQGcQMZ8wXwPT1SBij/PKH8bn77zFnOljGTgg0XnkOMqzvE889SrTz1hMaGSk8+jJCfYxsGbdVlpM9mNBxJJPXuOpfz5Cd+FRsPYLIvaPDNrBJtLOiib2VbXS2as8+gwRIr/Rkf5E+7qzq6KZ/eJcX5wwOdCLsdEBxIpzp0K5Vhccxpa9uXyxcT9T+4KI//x4mz23sQWbqxVXN6sziGjlklEjSAoPU1/q2BfSPFrexJ/e3c579y7mxVffwDUwCQ+/UPVllKfHjrWjgJKNX5N3qJmoqx8irS/o1lNAvTEKL28Tbcv3UJVvJfiWBcQqcTAhGI1Gi4tLJUcf2URXXDLhi0cSSg3l+/fx+ms6rnt9ARFu5WTdtQ7L5NFEzUoj0KWe2t15HP7CxrBnZxDuUsq+a1ajuWgO0WPi8NM6ApSuml56KvPYe+N6fJ+9loRwdwytmXzxdg3moBTmXT6EwGNRHkUGpRy4fS22WROImjaAAHMJR7ZksWazH5c9OZNwca3Slrb2Q2RkVNNSUU1gXBTBI2cT76NkpATUStl77Wqq4jejn3QRKQPPJD7ITXzPSHdVPpnXrSfgnzeQ6F3I7uerMAxNYsDcOLwtrZiMzTRYBhAfZsdc/BnPv9JM0sypjB2fIOrUi7FqKyUZn1EW9SjzxwejdS3nyD3rKdU24jl/EgOGinJ7ObXNLspiLWTH7x5kw9EIBl5+CVOmGCitrWaXcQC3jo/CRVxjb93Nxr88R9Pwixg+cyYpoXp6m3KpLtpDltfZnDHQR30xqa3tIHtEndsqawiIjyFk5EzivJU6K4peSuZVQv4XzyVmTCy+PflkrMkjIyeYC/44juDeYvZcvAL3e88nbmAIXsprNl01on1E6t85jiG6oq2eis8zqDjUS+jdZ5Eo5HvSS09LA+UfZFBXoSHkpnkOnftZEfK/bxOWCaOInjWIIL0ot+hLNqsdFzeNKrcfX2aJRCKRSCQSiUQikUj+Ozm0ZzczJg4nKjaWtu6+pVz/PjQurkQGuPP8Kx8Qk5KGb0AApfl5BCtBxKnjqT9NEFHZCMZsMmGxHA9+fv3+uyyYPYGBA5OcRxy4urri4+3F/Q8+wcwl5xAWHe08c3JCfdxZu34rbSY7MYlJVB/cR+FHr/LkPx7CmJ+NvS+I2BdE6IsICqw2O3/dWcyVN15FWloKOp2WDRt3sHHlNwRooVXvwx8fuluNQbS1dfDWmx8S1lHLlJiA78Yk+h3QBYez9UA+X20+xIzfPawec3XRWDHauyhrr6GorZKStgpK2iswWb/bmFrPXkIG1R3L1EUIXwnGqf+fLtnbqdu3iRaznuRb/8qwSAM6vTP5phMV7o+flxJUcROC1qHtO6czqI9KK+9cVM9pnOe8/PEPDWOUTxvmHuUejvMaNz1a8R2duwduvjrsAd3YTK5KJUWR+50XeWi1OjRKIFEpv3JOOa6kwEiSg3REa5VdefrVQb2HIx/Xvnx8gwgNDSTds0MoUt91NjpLj0JQKHHjlefroby8DfuxfEQSecSOuBkvk47mosM0CyVx5K+cUyKRos6Wbqri2mn2t4gjOnSeYXgHp5EQLk5b68hZsZyJF0xl4uQ0QryUOvngFzOZhKHXont3GzWi+Wzim8q9AiN8sXWaqc1vxqKWwUW0iZnuo4c4sOxSBscPIFG5p2cQURovRjTU0GYTJRF1ac09SOCl1+JtiMTe0IXNxUR3fQ8dR7xIi/dzyE9c11Gag4tQsLjxqXj52L9bZ6V9tE65+YUQEeLLQI8uzL1K+yjBRq04L9rlWPuIz/ZeuruaKapX7ts/LyXAKM4LfdAo+WrEMSGv9iOVGFsbhQHIIu/wXsorq+lUZeuC3dJFZ/Ve8o/sVc/VNzfRVlZOY3URlU1FlBbmCt03CbmIuuVU01ZXSWlBPY1NnRgbWugoa8ZkU+4tZCdk0HG0mq4Os0PGoj9YjbU0lTryLsg+SFtPD21H86hrLaeyIoeiigrqhIG0GbvoKm5U81Lq7WIz0lZylFLxPbXMpaV0mZ33wVGWrqYGyoty1PNl5RW0O+uErQdjzV4Ksx3frRPl7LUq35VJJplkkkkmmWSSSSaZZJJJpl9gUlYKKXN0R1Tp356U+4oZtSiCkvrKJJJ6XOG73+lLNZUVbF29nD1rj6fQIF/2Hcjm3fe/4pl/vMEjj77AU8+9y2NPvKTu+qxk+sPq6vivf5mUb9osVqy9vVjNZkfqdSaL87NINquZWbF+fPDS66xbs4nW1nZmz5rMRVdfSsDAdP78p3vUuElRcRnPPvlPNDWlJHjrsPd9X8mrLy
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937faed-d610-4f3d-8da2-4226950d210f" ,
"value" : "AppAFig3_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware - Trafic" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B K g A A A C T C A I A A A F S S o a Z A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s M A A A 7 D A c d v q G Q A A J B w S U R B V H h e 7 Z 2 H W x X H / v 9 / f 8 M R T U x u v P e m H a S c Q / E g g l I U S 2 K J 3 U g s q F H J V Z M b k 4 t J 7 M Z r j c Z A Y o / G g g U L K i q C I E g 5 J B q D M b a I W I C b e 7 / p V j R B / H 1 m Z 3 f P z J Y 5e5 Z D n + d 5 P T y H n Z 2 y s 1 N 35 j P v / 3 f l 18 e c 5 s v / q 3 p c o u B 8 L f o 7 N L w T / G 0 / e c 35 Y 0 P b j F h V 8 V M K / N s r M w f f A / g E j D w n 3 A n I N w D X / 3 R W P c r E v 4 U b C v F v T S y 9 E u T f E B c O M O 2 N U P k i A O n J r H b 9 K 3 N F / v 1 H + n v f a 8 c C H t t E v o l / P 2 P t d f 7 C 0 j d j 7 P D b 4 h s t X C w s f 1 z y 4 u w v n p 287 P S Z h X C l T / J G S 0 C s c 8 t A + F 0 h + B r o s J 0 7 M / d Z a 4 h w v x v K z 0 8 X f 9 / b l n E P / T h V U 3 L + w q L U X w q S T u y H f 1 + w w q M V 4 H t G d b a 1 H 7 n 0 2 s P c V W X 5 l t D X q u 5 u r n r s v C k 4 Q T 4 M d o T f q M 4 E J 8 k X c n p h z r Y R n 26 A K + V S z m u 8 v 1 Z L 960 H 5 R L Z F P i + h l X 0 M d T 7 K 9 k G 5 a 4 I i q T / k l 2 d / M L g C v 5 h G b H q y j 1 U E J 7 x 65 m 5 O B b f P D A j U 35 a c C 3 + z y H 40 c 437 s a d o / g i 0 C f I d j w 7 C X 68 v n e 7 f J E k J 2 f e j W o I G U U K / 0 K A X 539 C H 6 M 7 u e w 2 I c I 94 h O a q D + f V m R c a o i A + p f j l Y F B a D + L R z u O H 9 x m e J 6 P Z D / g j W i I C f x 6 c R k 4 V 8 n v o 6 z a P + c m M k H d 1 l C h u I 75 d r D I P 2 O G A I b 6 v 2 N d d i q 7 m 9 J u 1 t i s Y + Z s H s P X M E / L F Z b 113 o r e T s T K y s P o h v / r 62 B K 7 P E B q u d p H 94 P f F r C H w N 6 m H D d 9 g s Y b E J H 0 I V z D 4 o g L x u h A p / t c S 1 B 3 f / 8 U i 4 f 3 h 9 G g 1 X 2 T 7 K V 9 U g B t e S 5 B Y 5 u q T / I 7 W b t B + d p j + x R t R Q V U P 9 w w q y I P r 0 o M X R U U G b V o W j + + E v 6 U 1 y J f F G g Y 3 P G 21 L Z z S s 6 o G + q Y 8 u U p c f 1 z i N 3 j S R / M H t R k 6 t z c E c n f z m F P 5 J Q 9 K d s 0 S 8 + f G z f l w W y t t P 9 v E p 1 T + 8 o n i I u L 2 W u W V u g G v A V 6e4 u J l G D 0 k r F N c J H F u G a C 4 o g f 1 / i q r 98 m / C 9 f 2 w j / S p o f D 8 M R n 5 M f w + 2 / v b B o V j v p / w G f w I r m w 4 B v a v / I O / r f q 8 c m D 99 E P d M O D t P z L + w g n J c s H B 5 V 9 / U b i G V Q q h Q A L 4 X 4 o i R a / 4 M E 27 V q L M V L / 2 t i 6 n 0 2 H T g E N G b I X 4 z F L S c W d D E u M k J 4 H a d n V J b O 3 b O y 57 Q D 8 i + J 9 k P b c r G 34 N h O I 45 e H + y t / R a M 5 S 8 x 0 4 f 2 V r D w F g 6 O 8 u f 2 C e 0 B N e p C m f n / g J D e 5 P o M W w 1 + c p V c f l 1 g X 7 I R / r 5 Z O g f o H T s e X x s g j I I C P X 5 o 32 u 8 P u o 3 L z n H w A 8 a s 8 A P K w p C Q E G h z R z p R m 475 i 7 U / W f + 69 u m X + o v U 5 V b v 2 i + M n u G G k k 19 r j 1 y P 47 C 4 P o n / M 6 b N a 4 b 6 a T m y G X U Q y P 0 6 x + Q n x L X 3 k 9 s S + q P E 5 d T c f 8 n d X g i O I t 2 L + t / u W Q K z r 3 y s 2 + O / x o 1 N h h o q P w c n S y D l y l m T e 1 t d j Q m e J A W t S + T d E q 7 D o G 4 h j a 8 / j V v N N 4 f n i / j g l P f 83 f g l c A g + T f c / 2 x M P + F 3 X u X t r c 6 t g 2 S n w Z l Z V T U Z 8 r + A k f n 7 m T 9 K l g 6 y F + Z 9 A L / 7 h 9 j K H x S c u 50 L v 9 X z 9 x 1 l x + B K + a 3 U t g H 9 B S c z u O b v Q h c F 0 23 o / 2 C S L l x B l a / i T 1 f X B U 4 V P 68 d c f J 4 U p E 840 K u c d s O + l p t k A 9 C t c t r b x u Q O h 71 j p W C 0 + D O 9 g 7 R r h T y + t e 8 o d 6 f P H + H + g d T b 7 h i c P 4 O N 5 z 68 U h V L S r a e P 5 e J l y H G 54 I t N 2 s R Q N o x V Q d U 9 / z 97 G F O R B m o 8 / f i / 9 z C O b v k H v C x a J r j 0 t m n h N H E p a I K f i H G j w n 1 u U u G i d T 70 + e v 8 P 7 g 6 k 3 X D E 4 f 4 c f c r 8 t z 9 / x d R i / w F 88 t U c X p a m 6 f A N 5 E f 717 v y 9 Q g y z k e f v 8 B f m 75 B 78 v 0 D g s V c C l m 9 v 429 C 0 z S U W t 5e+1 b 5 w s s 1 v C + S z 5 d e e E w z O v B Y 1 r K a H C q v L s V 3 x + V 9 G + f s D 7 C b 5 T z r b f 9 v H J q I u 6 T m h e 4 Q M h Q 70 + e v 8 O 0 V 65 G 9 T 1 //+r4gqq7mzf/hhocIUBUrGCKDX9RXNV7D0lBlT5y+QIMzt/hL/YozHxLIJ3QIMMkHb8/CBZm2fhmYOvE0DbxMBBzVj3ci9dhAPx0N6DSpIxHqb2/FSdJwDUeAeT5O/7XEjZJ+FEMfyHkeenpc/vYbvywfPFN1KGcSH8NO+GFjuWDg6pqDn9VU2IJiL9ePg+uQLXD+Qa+8D1q+PileaP9/izBCTDthR/G5+/gWv4j+gqFEObvFvtY7JT37WbxugSEr7iCkesf1AyvzN8h/QtW9W3i8/c29jEKX3jCHu4fB3UdX6n4aWXy/4p7ZuUqKiKvf80bvn+ieUPXP/EDR95TDuha0ZVemTnoe4p0w/ljQ/G3jErpCiDf0H7yGvgLDaajWxd8ZVyY2CzIeyMUoN0A9FcV3KXHbTu4dJA4UJraE4071Fh6zIC/U76lRhAk4LHy9lb8fcfiGL070fUVsX+ILXLn0fJHhUkn9v/Vt3/J9sFV1bsP30dfTOICbWdLFwVPmg23tbcNKPq8/9XSKTPLtL/vYGKg9SPacPKDC24JgRdnf3GqpiRiQ/q1h7nlt1ItvnhKgxLvk7DO12rbUXbsJoybauUvXIUwgAInyDfwBU5ob0evhIyZERCyPCduRe2nnJXNBUVXp1kBqPd3PDup+D+HXt+7HX8pwD+E7ylOmK3DlU5+YXl5s+DH5IO7cnLQGBfIQeNy8StJVIDNMmIV/EAfUEKGCh900HX/Jbss0j4iEkjTld/34L0XEGDFz6tlp46+kfAXnCAo+SIJ1L8vKzLGZO8/XSWNmxTU5l65l3/0Q3HZr/6A8f3Nu5mld4q/rDg8qocta3n3tsJ4RM4iYGBGJv6kBWnGV+TyBJUsNcH1EVgNNBWKKzLU+4NREAZ/KcA/yO8p6FuMHWVHVGQQuIb6odlVxZ006gOKxKZl8eiDDg7ZPkbeB0YCt+FPJNIHGtR4CtdDFn+TE3MgCwcl30/itv1E3NlQeVcaptYb8P4UV4gnEq9ABcCftACHw57Uw546Lgjvimg7es2aqWGWIJSZBEU9Nu4/dtsZPFXcg9I1MiTCIfQpgi+HkPmtpf0UZuXUFblQQ/8nX/QSyg0TGMauCIYTu2oq31/az8Uw57fEvQe/4cff3tlEuU4Px19mL2u1xRgYv8Bf/AEFfa2Qrms23+hibW47/yB8/+HZqM3ECIW3GO+lgF6d3Nsh3uCu/rXzD3asO7BkBpqGChsmnFUP0vDGoezF0fj9XcXv76GrjmYt8ri9/WgINX7BZOFP6tK3GEz5hX+hv+grsX1mL1Q7YVCDN0wAqVc+g7/CXgrxfkt8yrQoG2QpmgvCv9FvC4/jmj62ovFLi4R6f+39eu1e1j/1F6f4naUmi/zgUiZ8i9mwbiLUjMsl1KpHxY8rVv23GG/Ww/UP833p9Kra/EtCzYOq1is9E8KXXdUXoazJTgtW9YW/gpMrDSRy/SO7GRptj16H7P+ej3/73CONse5frP3xlhQgYOob8nWgZ1bu2fRXoHlICLNDCxG9/9i1KjQTw5w/Mhge5G9T0chu2ishfTpCXOiz7TXBlde/5g39/oSpNDlfru/5O744Nh/tXQA+G+5a54Px6gVx3dVN/SMvkox8zTWis/hGC3sXinDPrZi/C7YH4p1xdr3arIt6/g6TdJhuX3sgpI2whSh/UHATRje1OeC0ezLUUbQrImhlGjhBxoIvuM0S+pqQD+JQfKDD1iG6/4iTx+F3+9DhaC/F7fXbb4lx8fpXX2iWV69DvT88f4cBId6pb3D+LtxQDNM43P/B/P34f1B9km7Il/dSyFN1GfKi1+fvH5zYB2E2gfk7+rgB83dsUpJdttu1ckmD+j/VRYmTqisI6v3heSL8wDv14beR+bt8A7w/PBkHFLNXAP7FrpoX62P+7uuP/Db+/F34uAEVQDQpsdoU76+NNUyYpD
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937fb02-c7d8-482b-93ff-81a2950d210f" ,
"value" : "AppAFig4_Traffic-a.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B R I A A A L F C A Y A A A C / P R + r A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 P 0 J t G 7 b d R Y G r t P c / t 3 X S k + y J E u W L B v Z u M M N U L a x L d s Y x 2 A j Y 2 K a U I a M G h S j k l S S q p T L q U p o k p F A p a o y K N K N V E O T U G U M x R i h i w k k h A A m O D Z g G x v F a i z 5 y Z L e 0 3 t 6 e u / e + 2532 p r f n P N b a 65 u //s/51xJqfG+/8y915rNN+dq9t7/+e855+6899u+6TS9jtfxOl7H63gdr+N1vI7X8Tpex+t4Ha/jdbyO1/E6XscCdr7tW7/x9Q8SX8freB2v43W8jtfxOl7H63gdr+N1vI7X8Tpex+t4HYvY2fm2P734QeLOzk46PTUXtM+LU3klpZlzrcmzcyEffyKPVtSjK6EoLmAaDMKz0yTSagYF0e/0dJBcVQiaTMrOLg4irQ+5Ws7eD2OmpvUugAVCz1FE1Jl+vN4nfl4JpXA+PTaQtHGldV9XtXhlgafU2kDM7brJwtjZx0Luzk/s2LtmHfHDf6RHaMP12Qbza4l5EBcIjq8Qc7vr2H2OY9puTtqaGrM5nErcbl4yYOf0xENDQHWTEb19GZr1vjiAL+adY9N+4H2b0D0vOmg1sps78y/qcI34aSknXNQNLu6f0YaJPapy3GrkbBVKapLNSLEHvFXN067p8/rGds0Vr/HIMM0YeGY+EZzr0Tr2GN8vLVTyDWuveSOW6uui8jPJa9Au7nOeRZ8/AAwx2moo2tbuyHzaM6gO8FWQg9plnHQbTtMEOUaknW9A5y+s3wx5T7hrxaTk1tyEslfsBKzbNSsgNMokhzzUvIZ1gTrstUVHgO4EB4kldQDmU1mrcdaOnINB+OcvfDhnmrMJuv0oc4dri9AWdMh6lrQSY2HzYN0HA3N1TV4AmAP5YjnbzSeD2xj2y47qptbvYRuziYNej+poz5LRfePiYTliqp1qEXivFQSn0/B8sNHjWOahBuIipyFfj7o4pZ8BdR+2Fco1L2Renq79kBdK99f7lwc4GILron5CO2r3fjzngVJFPqkA6xRVkk9LkPmkWvvBJ7or5H3qNrAhBRZJUPat9degnpsT46iCtyTMQJy89470Z4HEM3P5FjmSQhnnrq5TV4BFwKRNGWVwW78/6FfnACJHfE+WL2FteEdOxbuwqU5i2e+ztAgsiPOAeK1ZC/exOZtmlC+Ls7ncwf1m5UNA3lnrWddnEIJ7b07vDXaJUX2mioRljPQvYeanehG3Bn/tmh0Qd29lxBqs6ZwaqM0F1HUCs30V9doM9JVNDw2HKbXZImtbDkccwqy2FuGpMwaIMEGjBdwWWhJX6nOOSQ1NeTZsVzS2c2PdGmV07lJLuWkK0JfDqSwrH52bU4wGBB22BoX9kW+L5YzYRyr6sn6LdXX3YAzjWwFG52zPpZgGpQ3K64A3OuQjyggHWMEJrHT73KAf8PlBDk68iL64CNQvAeYohLa50tHg2BXdruxxPUOghB8EHy7hMcjrQQQfjuQP6CEXBxvvZk67ybcLYVCtzpd2FdET9w1GZ/H5tXsH31yAIJBMQI7syrAV4Zbn0WB0f2lR5jv4xu6Ew3entzcDeVS8D4Aa/VpbY2kMed4nYM7PDnBNeBPQwfmYVVzfAaPH9RV9t6wZ7rhumzBcI2vfDBFt/tzGeUNdOoa2iIC141K/Tbno4zKseYQtpsNuMRzTAmcG/Xpf1ETRvutmtCPTaFwj3ecMKOVRlaMT4uSxnbGQWNYRa0mpbhwIWwi1tZ/ggud+OKxzoR3sOmzcU2JWVri5K2IoRK0r+keDlt9y2sj5XuUss2Fox5ZhaS4EOUfgE423DKMa+B48Sg3ElDkA9FrwtqHnPTNWUcFJpCpiU6C9N1v2K/bRcik2UTQYrvuFYR33phr6decgGRfj6d1HnRmaqs1Zg/vbxmK59QrNIWUfTygMehNfQmZpUHSlDqZfSliAEPiu9d8Ey+28KsYMiWCtEaayMeXYxm0UF7HBnGHc65zXvu+kT/RFi70RT8fb9ldAeXF2GWFW0wgbfyIR0GVdOdlLKB969Yu9LVZ+CD5AndimUzCpx+ocGJl/m3G0NWNjepMwl35w2MC6rpxEP0FlTY4kMvq/GuQPPIDIHX2Xse4CQj74QbRYEaDEZpo8jmIDShT+1auHuoch6LzI2UYvxmgnQfYPBvnChbI0LjNh3jOBQcNLXJn5ORdgdOYTKdsSunyOtTexFmHU5wPz43RSatSW6PL4Ub80VW/NzTXAsHJ8cX5Wz0ksQqD75iw8qxASVYB+3b1PGTJNzRdrN66ekFeixjIccd4chLRpauR84+IXeSfgfsn34FXwBP4AIENBW0AYczVnRJubxlb/aKBrGXNVaaUW+1KUNS8DKO5oVcEO+Jp/iYKn+EKhJ4vTo+tG0LRig5lc6to8k1oC+8YH8dnBAb/IBtSx6JtGdks0hVyqdlubYzRna3HW2HhfyXCKvOejj6qYQ/Rowjyg0UUIdWmrzSd6pRjV4eCQskd+czaJ6eag/ekOxnluV9nJbLN5nGQUiKUyxjwTiAuHPc62HtUSbUG2NO9nReTUeQx9bYlOZ2eWW9SbxmNmXK1uVEJr4uIbUS+9D48mpst0fl5EQ1DNARSqQy86AmCHjtJCrpuRWuF3qybfGHBSNosJaGP1Wt3Id8HwdLz+vNist04Pu6tkp61w3jEyXCsL5VVrHzbvYj4xwXM8SsyKOzjQ/GysUZUDJUhianRfqx1SiqM930uzTfo0BlVB1TkXqjXwc0FbxFogrq7xzGuwWEI09jk1ZJB31V5zF7NKR/xK1BJiHfgeHfkGP52JvhDmWrKD9ce5ah+FNqW2zGOnCmMyBe+5feCIqEf7E4k24gA8TJgC3dhpIWNo71Nxrfq2+QW1c5g9+/P7CvatpAo1N44eA0+GcY1isKtaLO33YgPRyK9+Luv9Qb7G3mbr9aVM4yoerW8cTsTOznv/dL6fDhOESTsP8vtUweIGWYmlNzDrYNtQR93UkrtLY98mP2k0hh07t/NrDwonhynkQdN+hF8gV2Hcq9aUo/DZ5cFAjXLZAK1F/BkqyFG5ThiDwxBtrhJbaLzhiopVVXUeVTFYP8QqF39+uLq55hEUmhzzucDa3FaujykP4uyo5iPOhZ9Xg/U7D29a2hdpa83rIi/eEGsP8WE8To9ibUJd+XrxNPEGfrbcjC+x4Om1BC0l7wiYN/PoGaBZU2n5Nl+uOU9nP3Fo7a0g8eUaawg4lAVenZMw14DysK7MraeyTiBd4N0auVY0ZsR0Itp+DR3GskuF2T7TOZCvaCdtjJimmg0H8CC4RM7IlfvKgxZkRCp6+bJrqux1hbtjenU83sf82LBaPkRD4ltK6ohyLbTRFRiy6PTZweiN4Wjds1+cG50sa1bTQDhP5dLka3NtqgczHGe3rouoOZfegDWeXqSgMxgiU8uKEEh3/3Cycu8o7+eq8kUPy2AKNiLGNFO6CNbKOe7mv61lBXfkUF72J4VtzJmTRgN0jWOmH8/h0vvw/J5ffNpsmXZL9HOrR20DeV+LwbQlI34F2OLxPIoVlHjAOKBzhtHAFSXXFGKDFzhbHlS44a52YcjzpkfkXsasKptVG9MMyu0J4vbsp6mvgj4atpSkAVc7UmJvLtd5Ur4NcQHm633BQB6k0uSeHX3NT0MB//gO1KN9Y2WHtXH30DgX4rwwR8vcV7UJYBjXp2s6Np0B8R++xtDafYzaLgfFdF+4S44UvxK1BPLhzA8SS46SjszGuh23x+DUBgYX5orXK2D9NrDFeG7zvdjBoek1J21aLQWOwiOnopd7JjuCrK948evQsV/ba5usi3d1LvHliuynOmsqQp1EzY8jJ7JGq215AJv3cTwR991sD268Z4k53yMXsKme0RgA370SWs3exQElVc9sSbZpzNsDCdYKcc4iKrrIPxIAZ0x31M1AnyJ2axLBOkHw94c4hLx2prNNBR31KwBXxCknDq3gZsH2JtCnrgGjyDY1mW3KKn
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff05-b534-4159-a9d0-434a950d210f" ,
"value" : "AppBFig1_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B R I A A A L E C A Y A A A B 0 Y c w O A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 P 15 t y w 5 k t g H 4 m 5 v z b U q s 7 K y s p q 9 s N m k e I 44 c 0 S x R z q a D 6 d P R p 0 z f 4 n S E U c j i u I i k s 1e2 F 1 r 7 p l v u d v A A B h g M J h h c 3 h E 3 P f e 7 z 5 E u A O 2 A + 7 h 4 S / i 3 j P z y X 9 z b y q c 2 Y Y C s L 0 V Z 6 t h 6 G y J p w e A l m Z 1 R i Z w f u B B M 8 w D 2 R I A t S W t n L K P e 5 + i Z Y S n x O R H M 665 o 7 Y K u T P b E w U k r 6 C h R A O 679 g I 1 p b X U u r n 8 y C N H W 9 O W s v h n o X v l h 7 t 4 / p h j N q N 4 s I Y h 7 n b m Z a 3 R n E y q C 1 J D 8 e V g n X 7 a v n J w V p L 81 j C h A J e 176 i M p 17 R R 6 p R V d o 3 q N 0 G A m 7 Z 3 b X u 9 e s 1 W M Y A k 3 V A n 9 I v G n 5 v H W s W 9 v 8 + I c 1 A c c W 4 j a h D 7 b X u T 0 O G L 9 L x m / O c + h i H N A f d a W d I 7 J w e G y a E n D o u i X Q M 41 O j 4 a M 2E3 + v j H Z U i z w E u i O J q E G I Q r Z A Y S R S y Y K j a k Y u R J P v I c p x 4 d D L C D v b O S A w 0 S U X r r 0 n 1 u p I Y 5 k h K 7 c f J z u o U z N e p M p J Q 9 G S d f x d A x S G S z q p W I N Q S d 1 h a 3 Y 4 R 1 r 95 i S f 3 k c y E Z 0 s e 2 E B U d L h e 6 U 8 i W c Q F M q I v k A e i 2 c h 2 c V M A S G V 9 T L B b V n 4 R 8 a / f P c x 7 L a 4 o x L r U U 9 K T i A / Y 9 u E S y M l A b l t Q Z I / b R J j G R M b d R y c / Q Y f c e B k W Y M + 2 p j 6 + l 9 M a 1 d 2 L g h F m J F 3 B P k c T 0 35 Q k j s q c H F o o U q 4 t R n d I P z H X e U 1 J b D 615 c v Z r x p c C z s I m A N v d v o e E S z a q n x x v W j 7 v 2 A 5 d E 2 / q + n j Q e W H w N A H a R / s P z b H 99 y F F 2 d p H 8 L V Q f 0 1 k m r U X z i O h 3 e A 4 P q c a V w 2 I G d s B i K 5 q P n E s j f M b 3 f r 6 P Q 3 K D N Y w Z Y 8 o q X F N G S 4 R b a 8 A 3 s g p b + a k 3 h V r A 2 z Q J j H i p 3 k j c R U u q D g L 6 X a S 9 P N W Q W c T m 0 R P W T T d C D c C + 6 P 1 R h 2 p b Y e m Q E t C W 0 a H a 6 d D w 2 z I H 44 Q D L 7 b d 82 P v G M v o M D H L X I 23 U L z Q u F Z I M r M A L r Y J u D H I r b D Q x O R 2 k r 2 s J m A D / S 5 D / U x F + 76 I m y 35 p z O h d Y 0 B N e q P j 5 L O p G g g L J t G s m 94 x 0 P i v 6 V 30 M 89 s N x 5 X b D 9 l u D d I p 4 E K c N O l E L J w x y x / Y G 0 b u s f e o k e X f x B M + k x S f S k W 0 z f 6 l 7 E e j L G 555 f 5 u 0 G d p A V V h T e g N o p o W z 3 J F / z w K k b C w r r k H n l t g p w g h + p t 1 N K e 0 H 5 j G V D x 7 v K r J V 7 R g 8 s / a g 1 Y h z t B d 4 Q 3 H w x m I O 6 p a S 2 F u O 5 N X S Z G r E r z a D E c 3 B C u K 3 n y y j J 9 M 3 G 14 L M g v a p A D a m D M n D X I / s 2 g B c W g M y b c W R W a 1 F S o x K 3 m p R d g y v S u N E 1 V O W b t 3 n D 7 w Y q T P X G 1 l J l p S P S s i s / F u K e 0 G H N L K a 76 I d A p w 6 s F G Y c / u U 5 U B V w V g B / X p N p D v a 16 S l I 9 J + d K Y 67 Q P T s h L y q A 2 l R E t v u M d D w i + r t m a 5 k u 8 d o g E 6 D n B n U O 4 C 8 b I O e l B w f P W a h n 7 i Q C t W 1 Y 4 y Q j v m w X t r L Q 5 w T L X + + Z A q z W C G J X t r N u 5 Z + 9 L A / u m S K C O a K R y A E N h 7 Z L D w Q q z A 52 x B z E 3 G 2 z x q O d U J t d f J i r o j Z y R 31 n B / X E 3 Q 0 w q h 6 j c o 46 S M F d D M e j n u W U v a g 3 i R b S X L 6 M j P W y w l P W 0 b i J S M s l + N R m X Q j 3 v r q p 0 v O B 32 Z k k f i J x L y d g l 56 s Y e e N v c g 5 C F B M 27 J X Q L L t C g 4 P Q W 4 K Z 0 R p I + Q x + L e d p Y 1 R q z w 13 J 2 J c B j r C E q P L Q t k b 2 B e e w 6 e X r l 37 A K s C H l V H H C t v G M z f L b g N O t O t a H F 0 y 7 Z j + M D o A q q o R 3 X Q h + w 5 x G N t r 0 / e J Q a w P d L f A 3 q M h 5 J p q V T A + 1 p L a f s e b t 49 x + 6 h 4 K s P 3 e g 7 V 93 d / g d k I O 5 I 6 V 0 N B 2 j A l e k S P 2 a 7 C j U L 26 v s r 0 j a p g r 4 t f 1 Z 6 z P v S 6 W W n u + v v a z K I q t U / S W M r P + C r o N 1 A X j N S C 0 0 D e F q t x j d d J z S w 3 G S Y K w 6 p s r H + U J 5 V 7 e g + g j n K 5 I E l s O V / c e X T c w G I n K K j s 1 s j + 20 l f o P r L A q W E c q D h 7 c y 9 w h w u R o O K x u G H D H V x h O 8 q h c h S 2 V H x l U J 1 Z J F 8 x u P A s 0 B u i A 4 T 7 Y h 0 y W 8 M a y u 7 R 2 T r H z + W 0 Q r G y 6 R f V p o j K 2 D I H 4 d m C j t n J t K B X 7 h 27 U / 5 P l 7 x I 5 N 5 O U P n d d C 8 D S k n n x J U 21 F e b K y x / N s 7 m B m U K i J x m X w L s j c g j P I 5 R G 1 I e N N V k j 1 q W o q 1 Z G m W l r T 2 R 6 v C O N w a c W r Y c 3 W u //Zeub4OgtGwZ+TWHbc5O2FbIdN5EevLj9RF1eCcq7VnAI07OjOuiJIeNn3qDUHCfbhdUQwyDbH1ku1X97eR/tKIocMFwOMvi54basZ4eWg4AGQubMNqbHb3E7z3ngo78Nk0w0BuIRma/TXn/hQYgGRMCrIk14hGH2fsov8f9EhlmRLRJSO/TOoO0ZBJMHI9tV8vGoqiPduAMJCs99mi4m/1bzs4af7U5UStsaSLrqakCKBzkyoX80JHyYUlLLCkDnYleg+V84pzQFz+AzlWhtSR+Ss2gFPMsqElsui54sH3+n8eegKIf8spwT04eQSvYQNJO1u1A3XLkHccDZyPNbAfsBVBnyGrOu+Ui4soBx6Lb88Q5bLy4w7RREW/LbUZGZoypRsTYwvMsYIfbre1L8HhRnvcD3DaQ+tIWnCn564dsEeByFE1HomYHKCN+x2LcwQQbb0mNMU1MmxG/vYYbVEhajmCHy9h9FK1B1d44MDmpZoBWoFjMUMgCrniIKh7Ch8KU68PGq3lbM1NJi68I+tfRVyPfSKTkzodDWRY7N6QdN6cMxivVGQkyA6nxy/vWqSWK18LIsEZq8aCd6JcarinqlO/p70mPFLjiRxJ14ICsl6nxAltUswgRaMpa8g97xEKGZx2QiBnYHXquiMd2ENKsEZU+BAXdRt06xjQcg8DuNxJBCyYK5ur83DZ4ts31eRE35p7xIRyN8GbPbcFz3E62vWK04tTuSDssLnC/6cC4NKysE2nJnRa1aLOSD6eFCmhlvC66RmsxaJpED9aa3Y3RBZWwVP1+HAzPhHhiifKaz0PR4x8TekesV3oX6J9wAUgsm+PRedji982Yc/fqUikD3kjE45DfWOyZulalwESPDEWS7wjl5KB5zMTP61CzEWWpUKvwUcAqgV6UzxVhHcVzNwGvXnAsuS7lJRuZSwLaSZfuVErq6yePo9NWDDRuyMABw4fRBVI7VyJcB+hQe2hgSi5dtxN6XJndg9t1HUkowXZVnG7iPv5KnF4DDxBSOpkgwOtc5RD16oll5zh4CNQdDcv17xwLgXvaZ7YELdtV+OIdk2Wgrwn4eqKTZKfcTcZYZxejJ4SSX+jWrhHdMFF1Yq3pVbGGlDAcTeOoDDI1QyBR2qHaMswmdZMpSRa8oGhbKK4oRwkCTTlG141E2NVSRVG7k1sKHbEfrr9qKKMVpbo9Sr/kDJtvJHJlkLo4N+bR5bl5fOW37abdP3Pt8gL6zvxNRZC3Cq45bW/t/u7O3Nl2C+32xtzc3prbmxtzdwt9dnrsBamXBC3bwNgZWLswt/fn5s62W2v9zrbbuzPz+taY65v7ys1FsNNZBhVuw2eETyUoqwo8TIp0eF00ttdh10qGNOKsBWf43sjtkyml75noeSqTPyo9AZCECkiCbwWhBj03Eg82ua05mImD2+Q2Djvv2o2+FjFqZS74jcQ8L6pDb73k/YgWGUhrYwiPTovioSHlgX1SFWt1AGq14LIikgHqvMuIJkQNaJHmuqVL1CN2nBCV0mT8XtafbSOSXlTO8Dcd3QYRkWVziD/qGqC5OLsowPo5OCyIP1RoCtmnnmyOWKZYCtgoauc3iRTDCkhDoeb0JsZbzXQZ9qgf2tTmFNh53ngI1J24nsJzlZ1jFuBpIDwSGM/76J4dDbupHLbD7nR9UjEpidBjcORGItITgkYMbYuRGAFY22TotKCpSNMSiqZd5rtRYmO3twPxhaLmAANpz9H0jURqWhWUBrxSPmL3FBuqaSQINOUYMx/qAY16NQ
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff22-d304-4ff5-bc3e-40b1950d210f" ,
"value" : "AppBFig2_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A 9 U A A A K 6 C A Y A A A A 3 n 38 k A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 H 0 F g F z V 9 f 437 j v r b t l N s s l m 467 E C O 4 Q i h Y p L q W l l L a 0 p Q Y t t K W U 4 m 4 l u B M S 4 u 6 y 7 u 46 u + M + / 3 P u z C a b Z B O S / g q l / 74 v O T s z 7913 X c 53 z 733 y d 5 a V x K y u Q K Q I E G C B A k S J E i Q I E G C B A k S J J w c t E Y N b H B B 9 t w X h a H I N Q k S J E i Q I E G C B A k S J E i Q I E H C S U I d a 4 L s + Z V F E q m W I E G C B A k S J E i Q I E G C B A k S T h G q W C N k L 60 q l k i 1 B A k S J E i Q I E G C B A k S J E i Q c I q Q R R O p f n l 1 i U S q J U i Q I E G C B A k S J E i Q I E G C h F N E y G y A 7 J W v y v 5 t p F o p 80 E n t 0 I X 6 o Q y M I B g M A g 34 u B S J M M H E 4 J Q R F x K k C B B g g Q J E i R I k C B B w v 8 O f F 4 P 7 D Y b P G 43 g o F v / 6 B o m V w O t V o N k 9 k M l V o D m U w G v 98 H l 8 M B J 0 n A 74 + 4 / H a h o j g Z T C Z o t T r I F c Q X A 354 L L 3 o b q i D m / L r P w G 1 X o + Y 1 H S Y k l M o g p r I 1 e H h j y J S / d q a 8 l M m 1 f 5 g C O 0 O L 7 r d g F 2 t h 0 I j x 2 h D P S Z r S x H r a U F n V z t 6 O 7 o g D 5 D X m j h E p U 2 D Q z 8 D L l l i x A c J E i R I k C B B g g Q J E i R I + N 9 B b W U 5 o v V K R B n 1 U C m / f W N j I B i E 3 e F C R 58 d I 0 a N g V q j Q X t z E 0 I + J 2 K J G G o 1 q o j L b x c O l x t d F g d i E 1 N g j o l F X 20 l e v d t Q 4 J e D r N O G X H 17 c L h D a D H G Y A q f R T S Z s 6 P X B 0 e X p P + 1 E h 1 g E h y r 8 u P I i v Q Z k p F l B 5 I M n R g t r Y c k 9 V 74 G i t x P 6 y A F o 9 K a i 3 p G N W w W h o V S H E B w / A Z 54 B j 64 g 4 p M E C R I k S J A g Q Y I E C R I k / O 9 g 58 b 1 O G / Z X C S n p i A Y k k W u f n u Q I Q S f 24 E X X v 8 I 0 + c v h E 6 v R 3 n R Q e S m x W H a 1 A k I h O Q R l 98 u V L I A P v h 0 L Q x x y U h O S 0 f N x j V w 7 N u A e + 67 G X q v I + L q 24 V b q c V H n 6 x D e Y 8 P M 2 + 8 I 3 J 1 e H i I F M v e W F d x 0 q S 6 x e 7 H l l 4 Z + u K y k Z a g w 9 n q F Z i v 2 Q Z / T w U O l A R Q 0 Z 0 B a 9 o 8 + M a e A 5 l P i f q d 5 R i b 5 E B s / 1 b E p 0 + H P k E i 1 R I k S J A g Q Y I E C R I k S P j f w 7 Z 1 a 3 D 5 h a f D G B 0 L p + f b X / 6 t V s p h U I X w + D N v Y t b C x Y J U l x 7 c j 7 E j U j B 58 g R Y 7 N 6 I y 28 X y T E 6 r H j v C + h j E p G S k Y G q d a v g 2 r 8 R v / z N P X D V V U I 2 O P 8 w h L U O f u V 7 o c g P 4 e z o 30 e A p x X o J t 2 Q D U 5 q y O j 3 I c 9 I I t / V K R l 4 / 9 M N 2 N 9 i w 9 x b 7 w l f P A 6 c R i L V / 9 x Q N e j N C d F q 92 C z X Y t S Q w a W J v f i d v P f k O 3 Y i 20 H 27 B u k w J 22 S Q M 5 J 2 D + t S F i E p I Q U I c x c n h R 8 e W b c i P s 2 J c V g p i j D E R 3 y L g F I f 88 N g 70 b r j M a z d U I S K Z r q e O g l Z S 2 / A D U v z Y f q 3 r o w I w E + V J a R S Q a F W Q n 5 s T h + J U A C B / m Z U 7 / o C z 7 z x E R S i l K 7 D 9 x 48 C w W j f e h 4 a S d 6 X S Y k 37 A Y G Y b I M 4 N w V G H f S 4 V w J + U g 9 / y p S N Z F r h + D b j S t 2 I O O R h k S 7 z w L 2 c b I 5 U P o Q O 1 z O 9 A X j E X K 909 D u p 6 v c Z G F 4 H c P w N 29 H 289 X w 1 D 3 l Q s v m Q 6 U o Y J J + T v R f 22 J 7 B x z R Y U 145 D R s F l u P i + u c h W n 3 r m W q u e Q O M A V c j M O z A h S c 6 e k z R g 142 f Q X n z x c i Z k o k Y D d 231 q C o q R 5 f D I z A T 3 L 6 s P o X B 5 D 18 + X I z Y m B 4 Z R W c d g w U F K O k r 8 U I u b v N 2 G U C V B 945 N o n L 82 N K z 8 E T 78 p B L 1 S Z f g t A u X 49 w p a d C G H Q y D I A I e H 4 I + Q G 7 Q Q P F 1 d e v f B o 5 r E L 4 B D 6 C n c J W K o + q 1 h + 5 V Y P d 1 d 2 O l R g G n Q i 76 i 4 J l 38 f C 868 B F c e / g F a U P 7 w Z z h G j k X b h i e q 2 B A k S J E i Q I E G C h E F s X f s V l p + / F M a Y W D g 83 / 7 + Z S b V R h X w d y b V i 5 Z A b z C g Z P 8 + j G F S P W k 8 + h y k T 54 A X W 1 t K N 67 G 12 t T N h O D I V S h b T s E Z g 2 f w E 0 2 h M r i y k x e r z N p D o 2 C a m Z m a h c + y U c e 9 f j g V / d B V d t R c R V B E P 1 X F K D H b 4 A v q r t Q u W A T 2 x R Z q T o l Z i W b E K M V o V t z R b U 2 k h B j y D H p M K C z B i k R 504 T u r U D H z 4 + S Y c a H d h / m 0 / i l w d H j a D D r I V G 2 v C o Z 8 A f O D Y r l Y b d t r 8 m D 7 e h w c S 30 R 0 z 1 Z 8 t s O C r 7 a E E D X 6e0 g a u x g W p x f 7 O 0 M o j j 4 D c b F 6 j B 0 Z R E + t C 6 o 9 r 2 H B h G y M z B s T 8 Z E R Q i j o h q v h I 2 x 6 Y S 0 M Z 9 y B s T O m I o F J o 98 C l 6 M P X Z 5 c Z P 1 b t 2E34 u B P 1 s I 3 c y o y z 5 u E p O M z p D B c j a j c U I 592 / R Y + t A C J I q S K 0 e r I w t m k x X t r 2 x D j z M K q b c v Q 5 Y g u / 8 K O l H / + k 6018 u R / J P z k H M 0 O U c b q p 7 Y i t 5 g H N J u X o J M E U 6 Q x I 7 G l f f h M / 1 M x H / o w o j J U 5 D x v d l I P a Z + + N F f + C w + 7 B t J F X s O F k c 3 o 6 j 0 A D 7 v m I a f X z o G v H P i l P h f f x H W V v e h L j g S N 85 M h z z g R r B n A 1 b + 8 W U M L L g b c x d M x 4 h 4 N V y t e 9 H Y W I P W p P O x J P e Y m Y J T g I 3 i X 4 y D D x 1 A 3 A t 3 Y M y 3 Q q o H 0 Y S i B 9 b D n V + A j E u m I e W E 9 a U b z R / s Q e M e J 5 J / e S l G / l + S f E r g D r k e 2 y //Atp7LkHOtAxEH7Edhkl1NbZd9jmiH78JI0fHwfh/3prSjOIH18OZOxaZl80YdiJHggQJEiRIkCBBwpHYsnY1Lj1/CQzRTKr/M5ZqkyqEfzz7T8xetFSQ6uL9e5GXnYyJglSf2FJdUXgQHTWl+PUvT2y5ZfT0WnDHXQ/g+3f/CEZzdOTq8EiN0eGd91fCQKQ6LTMLFWtXwr57LX7+i9vhqimLuGL2KKN/Q6grfe1z+/DE3mbcfvfNGDt2FLRaDb5YuQ57N22FIuhH/MjRuPWWa4Tz+oZmvPbim5hh8GNCEpEKwpE8iH+F/dekZuHDL7eisNODBbf/WFw7Hvr1Wiguu/6Hv+GT304kfr8HDmsrRiv24KbUrxBj2YvPd1jx+0+zcTDxQlTIR2Bftw9F/V60eoywumNh86hg1AbROxCEu2YHclOikZScfNhf+BB0NmDv0y/DdOXvMG5SPuJ0kXsKHVTaWEQbOVF2dG+ug93XiZrqLnR3lMFL16BOgk7F/gQgc7Rgb4sHOp0fnop2OPoHYOtvRvO+nahrb0MgKg1mrRN929ehcOsBtIas6DfpIDOYEa8NwU9pa9i8EeV1lWgk8amjoTOYoA5a0NZbhzKbBRljxiJep4RMnYgooxoalR19e5vg8gShSKcC3bcNVU318EVlwETuFHIXrKUtsFv94t1lapkXvv4WNGzZJMJpqpNBTdd1Bi+sRa0UXxlMc8cgVkUNzNONpq2bUVFdBqssAHtxH0JKI6Km5SBazXkkJ9EievR5mDkiAbI97fBFx8E8PgNRnCeDeSykF02ffApjdB5G5o1DrFEGeYsLWNEE3XnjEK2g30e4/xpRBiHr6Ie+1wlTThq0ARt6dn2BwKLl8FdrEBdH8UwMwlrSBkt5CGnz8mGGFd0ba+GNjaZypdIra4W9qxud/Y0o3b8bbW0t8EelI0rHVlYKIzCA3opC1Bzch5b+bngcITh3dUN/wUwkaGVQBPrRVbQX1cUHUEN52TdggzomHTqFB672lehHBtQqNZRyN+w17bC2OxCKi4JGHkDI24vGriAMesDdvgs1pQdQWVGJfruLyiMV+iPyz4qudfUIJCYiOj8eyt5uWIqb4VT148COrVSGlXCpY6DTy+CtK0LN5m2obGlFf4wMNn0C0qieyP19aN+3C9Vlhaits8Lp1VH+qEGVFN1bauFQdaGs0AEF1XVvYxecnV3oGmhCCedLa7OoT+ZD+WJFbyXnC6W9rhO9vSpEJXhgWf8l9m4rRY/JTY3aBI3BCLOG6qpIgx9BjwXN71ZDd9ZUxMXroaEyl1G98lnrYWkvR588hdoH1SlnCw60uKHUBOCv7YS92wK7ox3Ne7ajurWJyojioqW4yClfNjTAHxeP6I
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff47-eacc-4b7e-9105-4161950d210f" ,
"value" : "AppBFig3_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B R U A A A L K C A Y A A A C s t 7 Y H A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 J 0 F Y J x F / v c / u 5 u 1 b D b u 0 n i a 1 N 1 d o K U K L U W K u 3 P c H X a H u + v h 7 m 2 h S o 26 u 1 v a S B t 3 l 836 v v N s t q V A g c L / j p N 3 P v B r s j P z j M / s 83 w z 84 x q 5 N j x H i Q S i U Q i k U g k E o l E I p F I J B K J 5 C x R v b 1438 + K i h 63 C 7 u t B Z 3 B j M N m Q a P V 43E5 v X 4 q t Q a X 0 45 W 54 / d 2 u w N o 1 K r v X 4 S i U Q i k U g k E o l E I p F I J B L J L + F 2 u b B Z 27 D b 7 e J 3 t 8 / 1 j 0 O l A o 2 f H 0 Z / k / e n S j i 43 W 4 c d p v I l x W X 0 + U L + c e i 8 d N g M B j R 6 n T t W p v I k 8 f W R k N 5 K T a L B T x //PpAP5EX/5BQTGHheDRar9uZRUWNijZ7KzUFuSSnxpJ/rJjohEjqaxvRGfXezLe12TEFB1BfXos5LhxzcCx6S70orAmPn78vIolEIpFIJBKJRCKRSCQSieSn1JSXoXHbMGg1+Gn++IVqHo8Hu9NFi81NaFQsOoOBpvo67C0N+Os0aP00vpB/LHanE4vdjcEcgjk4BGtNFfV7NqNtrcOAstjvjxcVnWiwaU34xaUS1rO/1031zuL9P8yJCtwGDS4/O+aGCrr268/2jRtI6dKN4oICdOZA7C4XDfUNBEbHkn/4IMEdO+MnCmQ8thI/UwYqc7IvMolEIpFIJBKJRCKRSCQSieSnHN6zk4G9MumYkYpK7edz/WPxOKx8OnsxcWlZBAaHUHw8l1B/DSOG9kOl0flC/bF4nHZWrttKq1NDXFIKFYf3UTD3E+5/7M+EalyKdPeHY/GoWb1+J2t25jD4jvu9bqp3lvxQVFRp1HiMGsyhRnrHhOJ0e7C73NjcwsRPq7I0VfnpdNGmmN1JZUMjYUY97t2z8Qvuhiakoy82iUQikUgkEolEIpFIJBKJ5Kcc2rWdMUN60yExkaY2h8/1j0OjVhETYuT1d78kLi2TwJBQivJyiQ42MGrEIGqabL6QZ8eJnGMU5ObQ2tLsc/khiWnppGV2wmgy+VzOTGSQgWUr1lNvdROfnEr5gT0Uzv2IV95+mrb8bGXfuC+k4DRVz6PyrhU8tTvaKz6Kf7wfxT8/FSNV7X4qj/jtpK9w8V1/upM2Ipp1O44wb+VOht39sNdZ9e7SAyeDevHo1Kj9/QgO0JEYqMchcuJURMVT1i4qKqaIiq02B5V1dXSNiaB11xzUQd3QhGb6YvsVHHU0NdZQ3BRJVlITB3ZAx64xonLb92a3Y6Eldxt7X3ydVT4XhT4X3kP/AQOJNDVTv2ctu9/9iI0+P4XBVz1Jn+6dCHXmsXPttyxeukG4hmEwXcaVTw1Fe/hPLPq2hKLy9vAnMYZE0/uq5xiRFoBWI2qvbh9L589j+86DXn9zbDp9L32I4cK/nUqOv/c2m3bvI9/nEhybxqgbn6NbVDMly+9m8foqKmLPZ9jYAWRV72HfuoMUTLydW3pG+65QqKbwiz206COInNiLCINw8thwNxxi3ZMvs6ullVYlWMfx9B8ziTGinn6ol5dx7PkXWJ9/glKfS2hqV7qNGUfU0ef5RlSOa8DtXDwuCe2yHOyB0USe14NwvS+wt8eUcuTxp1hXWi5K1U58t+EMv+hPZAS34S7fwIuvfEpLi0X4jGPojPEMGNWBkzXxA9ryOFHtL9rSD43dSmODkbSsCJ/nb6Gaoq8+ZUuNAe25FzMtI8znrlDK0We3gZiAYvolEXR6t/mPwY6zuYgD928i8K/TiE8wY/j3rJ6WSCQSiUQikUgkEonkP4pDO7czekgvEhI70PxvEBXVKhWxof78QxEV07N8omIO0UEGRnpFRasv5Nkx77NPOGdkf7I6pvpcvscj/nvh5fcZOWEKUXFxPtczExFo4LuVG6i3eU6Jiie+/oCX33yCtrxscJ0mKp6uFHrALWxLcS27SxtosbefixIr4usbF0JCkJGtxXXsEX4nxcD0sAD6J4SSKPx+DiWsLiKa9buOMn/NHoafFBU//O7QyXi82PUqNP5aYgOMxIb44xC5UYRFZT+31ScmelcrOhVR0U2LzU5pZRXTu2eQs/I97KZOaMOyfLH9DC47bZZWmsr3UVt1nCrzaDqbstlbkkinTglEhJrQ+al99dJMw4FDHHpuD0GvXE+aGfxqN/Ppm7WE9e7GiKmRODbtI+erE4Q8PpN04a+g9vND3ZbH3lkF1DvD6Xp1F0LcbbhbT1Bs7UpChBuNSjSpRxGtdlBZqiHqlnEkmlSoNOJa4ecqWsxHn1QQ0q0fQ8Z0IkznwFqzl4L1r3E05jXGD4zApC8n+8m1tCakEjO1D1FUULx3F++9q+Wmj84jVnOCQ/etxTmkP4nnxOJcs5vD33xH83kNRPZ8m/7JWvw0ih5cRs4rm2j0jyH2siHEaGppzNnC2pcq6fjIDBKjjOjVojaO52AVZfNPyyS4vag+Cth31wqcowYQPzJT5FU0rlrEq3bibDjGtiu+I/DZa0nLsFH26kaaQxKIvWQwsadef6m8ELWAXTcuQzV9NB0GpRCsVeJQo/a00npiPwserGfgP0YRG6RHay2kri0QtSGKiKD2GLxSuKuNhsYWWvPnU+jpRGCgPxp7G42uDmRlRmP213nb9fQ+/8uUk/v6RvKOr8IxJoGEbvfRPUGL2tulC9h75yoYP5QOSplPCaRnopKCT7ZTXWck+oaxJPzyHwX+iVixN+Sz/bKlBL94HSmpIZj+PSu6JRKJRCKRSCQSiUQi+Y9i//ZtjBrck/jERBrb7D7XPw6NSk1cqJE33vuKDhmdCAoNpSDnGBGKqDh8IFW/ICoqB8s4bDaczu/F0EVffs55YweRlZXmc2lHrVYTaA7g7w+9wOipFxKdkODzOTNRgUZWrNpAo81Dh9Q0yvbtJm/2+7z0+iNYcg7jOSkqnhRXTlP2XG4Pz2w5zjW3XEunThnodFpWr9nMmiXLCdVCgz6Qxx6523tITWNjM598PIvo5gqGdQj9qVZzmoMuIoYNe3NYuG4/o+571OumVokKPN3c4gola8ppN81tbbRYLDS3ttJkUX5vo9Vr1vbfhX9rmwW7zSoypkEncvTj+M5olkL2rPqED/7xLl9/voItnz7E28+8yfbFz/HFmj0cr2vDfVp4tUojfmrx0xnQ6YVFJJAVJipZY8flVML4/BU/n/kpwqDLTk1UMxUxNlRuLTpjCIbwXqTHazHo9Wi98YmfGh1+amHis1an974cVO2p5tiK5fQY35Nh5/YixqyENRMY3Zv0Ifdi/GANlc0OHIj0EWmJOLRK2gEhhERF0zewEadV5EutF51U5E2thNGIsvhhDu9OavdbsWz/hpJmUQbPafXmjc9Ga+lB8tYtIfHZG8nsEILZ2F6usKxuxKV3IuS0+vn+Wj80fifLJcqiVcrS7qYRfn5+4nfRkZU0RMa8guEZ4xDXfR+HTlzrwalu5Vj3RhweNVoRny6oI9HRMUQGn36tE1XdHma/9QgffLCKNV++w8I3nuWbd19l9YrPmLerFLsIpz4Z/qxNQ3jSOGKiR9B8YBXlFtFLvW0u7GRZFPM4sdeXU35gF8d8VtfiEPXroK24iJqK45TW5HEi/xgFTQ5xjah3Vwt1xw5w3Bu+gMrKNlyKoNzaQtPRMizWJmoO7yVP+JdW1WF1iuREWh5HPc0V36dzrLoFqxg47fmwY60uplS45x3LprZVeIh6O5VPadKkSZMmTZo0adKkSZMmTZp4TFYpD9I+TUxRsP5YU9L1bvw9Xc/y6iYndbqfXnPSykuK2bDsW7av+N6iwoPYvfcwn3+5kFdf/4gnnn6Ll//xOc+98I5XZ1MiPbuytv84PU/KlW6nC5fdjsvhaDe7z5y+z8LcLgdjEoP56p0PWfndWhoamhg7Zigzr7uC0KyuPPn4vWg0avKPF/LaS2+iKS8gxazDc/J6Ja6TpnxW3H1peJQynF5Xn6462l4egVtk2KoDtVFDpEFHaIAOh7hAeaei972Kp6x9C7TF4aLV2o
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff55-6e90-4b98-bd38-81a2950d210f" ,
"value" : "AppBFig4_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B R M A A A K T C A Y A A A C K K J 9 / A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s I A A A 7 C A R U o S o A A A P + l S U R B V H h e 7 J 0 F n B z H m f a f Y c a d W W b e 1 Y q Z b U u 2 Z K b Y 4 c R O H H D o c o m T L 7 k L X / j C i Z N L 4 p C d 2 I 5 R F l m y m G m l 1 T I z 4 z D T V 9 U z K 62 k l S z b k i w n 71 + / 0 s x 2 V 1 d X V 1e93 f X M W 1 W i / 9 t 8 O g a C I A i C I A i C I A i C I A i C u E a M D Q 5 A E g 1 A K Z N A K h E n t l 47 Y r E Y g u E I 3 I E o z C n p k C u V c N o m E H T b o Z Z L I J N K E j G v L c F w G N 5 g F E q d C T q j C f 6 x E d h O H Y L M M w E l w i z G t Z f x w p A g I N N A m l G A p L m L I f r 95 m o S E w m C I A i C I A i C I A i C I I h r R v 2 p E 1 g 6 r x Q l x Q U Q i a W J r d e W W M i P J / + 5 G R m F Z d A b T e j t a I V Z L c E N K x d B J J E n Y l 1 b Y u E g d u w 9 A k 9 Y g o z c f A z V n 0 b X i 3 / D V 7 / z B Z g l E Y g S 8 a 4 l 3 p g Y u / a d w O 4 T L V j + u a 9 C 9 P s t J C Y S B E E Q B E E Q B E E Q B E E Q 1466 y m N Y u 2 I + s n N y 4 P S F E l u v H R K x C G k m F X 79 h 6 e R U V g K v c m M n r Z W p B q V u O m G Z R h z B h I x L 4 / O l m Z 0 t b b A 43 Y l t p x L T m E R C k v L o d J o E l u m J 9 m g x K u v 7 Y P N H 0 V m X g E G a 0 6 h + 8 W / 4 B f / 9 w P 42 h u B a C Q R k z F F 0 Y u J I A i N s c Q 2 Q X R k / w l / s v 8 u F C F F 8 X 2 i G P s 2 u Z d t S R w / d Z P M m o q 9 x x v w 0 o 4 T W P W l b 0 L 0 h 601 k 9 E I g i A I g i A I g i A I g i A I 4 q p T d + I Y 1 q y Y h 6 y c b L j e B j F R L B I h 3 a z G b 7 i Y W F S W E B N b k G p Q 4 k Z B T P Q n Y l 4 e L z 31 N 9 x y 42 K U l R Q k t p w l x v 795 O d P 4 M b b 70 Z K R k Z i 6 / R Y 9 U p s 37 E f t k D s j J j Y + f y f 8 P P f f h e + t k Y g M k V M n K o Q x o A o C 4 d 7 x 3 G y 3 w 53 k A + J B t J Z e g s z T M g y q H C k d w K n 2 L 5 J I b A o S Y v F W W b k s H 0 X g 8 e V W 1 O x r 7 I J L + 8 + h d V c T P z z 9 j o S E w m C I A i C I A i C I A i C I I h r R v W x o 7 h p + V x k 5 u T A 4 Q s m t l 47 J C I x M s w q P P 7 H Z 5 B d X A 6 D 2 Y y u l m Z Y u Z i 4 e i l G L i E m R i N R h A I B h M N n R d C N T / 8 d t 928 D G V l h Y k t c c R i M f Q 6 L f 77 G z / B m n s e Q G p W V m L P 9 K T o V X h t 5344 A j F k F x R i 4 P R J t P 3 z C f z s 19 + C t 6 U e s U k x c Y r n 4 C S R a A w / P N y B j 3 z q o y g v L 4 Z c L s O u 3 Y e w e 8 s 2 m G W A X a H H d 771 J Y j Y s Q 6 H C 3 / 767 N I d Q 1 h V b b 5 H F 1 S Y M o G u T U N + 6 t a 8 M r e a t z 0 l W 9 D 9 J f X G k h M J A i C I A i C I A i C I A i C I K 4 Z 1 c e P 4 M Z l c 5 G R n f 22 D H P m n o k Z Z j V + 9 w Q X E 2 f E x c T W Z l h 1 c q x e v R S j l x j m 3 N / d h Y b K Y 5 D E p s / 3 + P g E X G 4 / N D o d I k E f v v P N / 8 T X v / k z 3 H T v A 0 j L y k 7 E m p 4 U v R K v 7 d o P Z 0 A U F x O r T 6 L 1 m d / j J z //BjxNNYhFo4mYCbjol1D2ouzLqSEXDvU5sOq2dVi+cgnMZiPq6ptx7HgVPvrwe4R4rW2dePpvz8IccGJxmh4ZWoWQBBcZp4qEQtJsgzwlDQer27HxQB3WfOU7ED25s4nERIIgCIIgCIIgCIIgCOKaUXX0MJYvnAlLWhpsrkvPTxjweeC2T8Dv9SS2XByJVAqNga+EnJTYMj0SiQh5KXr8+ckXkVdWAaM5CZ0tTTCqJFiydCEGxi9+rvaGGjj62vDlxz6Z2HIuW1/dg72Hq5CZm4cOFvdrX/00/uf7v8GSdXfDmnbpYc4ZFi327z8CX1SCnIIi9J+uRONTj+N73/4sJo7uQzQcH77MhT/OpKg3qSmK2H+tdh9OuoDMRcuwet0a5OZkCnGCwSAqT9Zi69+fQWHMiQqTHCaF9JxEzhcJeXrq3EKc6J7AtpOduPm/vgvR33c3nx+PIAiCIAiCIAiCIAiCIK4ap44cxrxZxdAYzBixXVok7Gtrgtg3gVkzzh1CPB0TNidO1XdgzqpbElumRyoVozzHin++sAWFFbMEMbGjuQlqWQyzZs9E56AtEfNC+tubEZ7oxUcfehA7dx9KbI0za2Yp2tq7cfToKcycWQKlQoEli+fgRz/5A0qXroHRmpKIOT0F6WZUVlYhLFYgt7AIfVWVqPvzz/Hfn3oX+ra+iGjoYkPCE+oiYhiWaNEot0I/eyEW37gKJcX5wh6/P4B9B46h+rUdyHP2ICdkh/oC78qz6UxiLJ+Deo8UezscuOW/vwfR03tbSUwkCIIgCIIgCIIgCIIgrhknDx8UxEStMQkjNm9i6/S0VVfCqo7i/e+9O7Hl4nAh7/d/fh6r731/Ysv0cDGxLNuCf76wGUUVc2BMSkJ7UyPU0ihmz5mFziF7IuaF9Lc1ITDajQfedRu+/6PfoWLJKkhlMnTUncbNqxcgGAxh3/5jyMpKFeLzocLj7jCK5i6GxmAUtl2MgjQTTlSeQkSsRG5RMfqqTqDmiZ/ha595EIO7tiAauviQcL4uc4dYi1qxGWWrb8D8xfNhtZrR1d2P5uYOrLtlpRCvvqEV+7Zsh3G4AyVRO8yxS89ZqS+ZgVpWHHvb7Vj/9e9D9Oz+dhITCYIgCIIgCIIgCIIgiGvGycMHMH92KfRJKRhz+hJbp6fp5FFoY27ce/fNiS0XhwtnTz+/DTe/9yOJLdMjlYhRnGHE0/98BcWCmGhBe1MD1DJg7vw56BlxJWJeSE9zPVx9Lbj3nlvwvz/9I3QmM0QiMbwuJ26/dRVCwTAq6zsxY9GKxBGAXKmCXKWCWCxJbJme3BQ9jh09IXgm5hWVoPfUcdQ88XN8/T8/gJH9r50Z5szHHws+hFNUvQjb8o9QCtbedxeKSwqgVCpwuroRJ/YegMLrBLIK8KEP3CvEHRu3YceWXbB2VWOOxM22nCcPxiYHTgPawlJUjwaxp2UMt37jhxA9f6iTxESCIAiCIAiCIAiCIAjimnHiwAEsmlcOU0o6bO5Lz5k43NuFjvpq2IYHElsujkKtQUZBCUrnLU5smR6JWIT8VB2e+sdLKJ45FyZLEtoaGqCRAwsWL8DA+MW9JTsb6zDSVoMH71+HQPBcT0GZVIqTVfXoGHRhyS13JLZePpkWDQ4fPIqwSI68khL0njyO00/8DN/66scwdmQPYuHEas4CUyU9EaKxGE74lWiJquFHXLQ0i4Iol/iQKo3gdECBtphG2M5JF/kxW+ZDpiwhUE6FJ52YmFGTV4hT/S7srh/E7d/6EUQvHekmMZEgCIIgCIIgCIIgCIK4Zhw/uB+L51XAkp4Ju+fSw2yvBhKxGDlWNf761AsonTkHJosFrVxMVIiwZMkiDNov7i3pGB9DR2MtBrs7E1vOxZBkRV7pDKTnxucqfCOkm1Q4cOCwICbmF5eg++RxVP3xZ/je/3we43wBlkj4zKyGXPA7I+qd2XiWyU2XFP6m7Dzri8i/i9j3+F9avgBL1xh2VHXjru/8GKJXjvVdMk2CIAiCIAiCIAiCIAiCuJIcP3QAcyoKkZWTi5AwpPbaws+olkTw3ItbUTprLkxJFrQ2NUApjmDx4vnwR8XxiNcYpTiKQ4eOIyZTIb+oBD1VJ3DyT7/EV776KCRj/UA0KsQThL+pip5QhHzDZFmev/Mif0/dfObYc4nqjDhc04bD9f244xs/gGjjif5zDiMIgiAIgiAIgiAIgiCIq0l3eztiIS/USjlkMlli67UjFovB5/PBHYgiK68Aao0Go0NDcE6MQKOUQqFQJmJeW/x+P7z+MAzWFFiSU2Dr6ULj1pehj7hh1CohSgw9vpb4AiE4QiIockpRcfs9EG0+OUBiIkEQBEEQBEEQBEEQBHHNCIVCcDkc8Pt9iEXfHmlKIpHAaDZDrlBALBYjEo7A63HD7XIhmvAAvNbwfGj1ekHc5PmLsHLyjI9iuLWFfQ8KIui1RiKVQmuxwpKTB7lWB9HWU4MkJhIEQRAEQRAEQRAEQRAE8bqItp0eJjGRIAiCIAiCIAiCIAiCIIjXRbS9eoTERIIgCIIgCIIgCIIgCIIgXpe3Z2kagiAIgi
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff62-0500-4258-b798-4a18950d210f" ,
"value" : "AppBFig5_Screenshot.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - Traffic" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B K E A A A F M C A I A A A H r Q A g d A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s M A A A 7 D A c d v q G Q A A P + l S U R B V H h e 7 J 2 H X x N J + 8 D 9 G 2 K 58 + r 7 u / f u j S K G U B X B i l i D 2 B U V + y l 69 l 5 R s b c 7 y 9 n r q e h Z U U F R Q E E 6 S J c a q v R e A 4 S a 3 z M 7 m 83 u J g R Q q k 4 + 38 / y 7 P P M z M 5 O 3 d l h Z n s o P v s n j Y u m p c 74 f c 7 V O z f m b f L r U Q u / 6 o / o q O k n k U h o q e k f p M J M q + a d a f 8 x F 6 p K v X f a J w / L t V V p t N D 0 D 67 e k k j W 1 h T R A v W L P T 8 f j u A 3 o x o r a v + e 97 m 3 o P 6 T / P E E j g m F c n z a H r 8 e l T J Z 2 P l F Q b 4 v y 2 Q y k H n 45 M u i / r Y F 4 Y 1 f I F v P B l L B x 8 //krOPZOp6yfxznn6BAd6veW6aRbLgLzjCr7IobKNbjkSySbLmWWVZEkSM7UwduHpKmWza/gBw6R3g67BAEuT3ZqpkGs9ZZUVOWZqLLBtFjLkp7Lci072yRPpuj5qXz0ay8sGZeZJKWUV2Bd/UVvR48uAuofvSo7Y0Tp2o42N6Tr8CwgZn/xUvg18vNaxJux28e7hFv0GgLKUocl+G3dAUBcARHMiTLlyTxoA8eKBxTtAFEDKL4wRCEQiMCQC/kX4PscxQnXqvNuM2CALhTEoThvV9bK5AHLAcmBuXXYKEbwYaQshYCeHjS7SYaBzhdoaOP0PMX+PgyNwLg5w6fjdQzy2bowd+FE6GpAYBkuuKfyAIW81FtZmOT9KRVXP+EboLmvPP5jHkcxQI5yfpwZEpLzMGiuFYScl5T2Yz9e//RCwHmY7OGUieoG+cH3wWqsXNPbZ9DeYgB0oTFDfktzAE+wJKSuMW6Ivizk2uLY2E017z7sw0EoVfn19VGttz4CLGmUaSCgLB+8+rHvH0WrB76c/TtAdlftsEuhbUTaFT8aFXPwnHl8WiBka9as47ivRMUr+Yr1+b4+SXG9drymk43eQXWVoUBRpsrS2lmzFS/7o3PaTFCo0IprnA0VxX5Hz/UG+hKDKrEk7976+SFldFUA4MdEyxG8Bbmg3HH/pPok4b4pUOsLUlLLwV3mvsFReHsfhUZ280XBFfVIsJ4+z+MrJY8ZPQaIeliFFqwdX50t2tYyFYnr7NcY1K/nFVsP+j9dK8FJccpBEIR7EdMMQXNjKy21N7RmZzO5OvAZrOPyFKCzj2MZsLR4kulTRFMsbBguvxoDfSmYCdhT5e5HJtN2PFDtin2oEQTmxdFJ9BexGI1s08FdRnyCzQN2XCp0gjHAT55+tyvoX5JxBZSovrIFievs2BS0D+SYtrIf+wxt6tAN/RkCGGt46vZVyy+eB/fMNIPe8HDjHFsqAihVN6wz+bxwvEku8pj+Dr1lJj7BISv8n8I7QT4hPJPE0rSH/L07Qg/4rKIcOvLER5ftBaLM0MvJiKKvvtVeY9le0nEJ+R+fNqfyQXZHkVIA04YKzN8q3khN2zQof16xiNy8Hx0mK5a3BiUybmFID6J7B2bGH9gxa+zwB9CFZN38ZArKD+7bcSMfXv5BxDnH9RxYpfNodJixuleUnYxIDr30jUPKD618vqXx0k19+C9jM3Dnwx9Q8g9a9702T+eZ6bCselzwpsXUogwxNS3j7dZWHeDz2SQLECwt02MfUPO8AyRmCwBY5KB6pes2n4btz+RE9D7LKmhcfBCZZPy1tY//4+tR36P2lBAU/f5kAq9Z3/SF+ox9S/qHf74DjTrRJ6sg0j+bEFJRyp+ieKiXmD6x88DGI9en7JjTO/lU/q35dDk/n349DZcDwwSQ+OTIZLdMVwjKHk948Ws/s/wOJRCRLSva+l0w4YU0sQjN54fb4BlvsufjP9hDeOg3YTBkq68fn0FtY/d+fzhmZDE9T0bQ7u/4ZD7clL2fi+Bmk8tgd4343PL3lfpPjWYGnIcw2PoFD/ZuiLntnDQ7IsGlL1auYPQmtvrzvXU+TR6ZG9dWffWkzq35dCk/nn5eMExxaO37GDPv0k1Cl6Ou2/MwKO2IHN+MGUXhvgBkLwvGTLaOYMRXUdQoajy9Pr1Pi9IaJI5YWhG43fH2Ypnj69JC1SvXxQp43G72J6YN7C8Ts4wN2sNC9h0kuZVy7d8WIYX02B3GT4zDWiXQqERmP3uQ9zLAR96ONFcGTG7+p0o/E7NImC/ppfwTCQ8XsXpddcL56m1bRw/E4NkJWnLRi/YwcH55vhU0BgvBOO4AAG4FDoYADOmJpAJi0qTchWDWbd/7L2TK+HkOMzMhllU8QWK87GN/CU2nmZx9e0B8H356tG4nO9qJE4bfp1a4Sj3SBm/P6HH/1G4jszpv2sgXZFYILeSnp+yECa3LgfV/h4Pf0HBH/qJQmpf90bzfnnekxCDXK7zfg9JgO6mZbWPxyrI35FbGV7EB4dCfWPGYlD/WN3uqZXs9Hdpb+7lIZO/zMQDbdQhROKVkiMkOnjmwupKLa3I2TYY7jbPmlhOfaOIfWve9OjfMd4derl1bJbd0CQZzXCsSq2Buvr6hqwAFTcjVR8PIZlxgHFRDjK7JGsdDBNUeijtGqmpjCf7QZ7rzh7RhXy7gnlDnuqHGgHfM49gaO8QMFRNgEEC0e4Ihxr/5lbl5pDm3bOw0JdpZyJOTpl3XWrqICUvDdLnonSECPbNb7c3rpil3X12ekVD2Mp5QTaam9VcfECCGBS1CWU79uO9Y1Bm5Dp+L6q8NKKqx6K+kTZu1yIWMVOZO1RvHEUobOolYaW77LgadinzdIjUxGgzjixSFrpBcIwXZG7yxo0iKZOw13mZSq8Eig3RjomglmnsPsn9iPelCEHadXomEgpZ5iIsANbibGHx17KLx2+OuAGLhFwezKjmT9cD45waTiCd4+jIzIV/gmNKi9svD3sAtOd94xDjpsFLhSY62J64AxP3+ZIFQEQq+B058xaJ4/qgLfygCgq/vimAHaaBFwfB8cHMiQLhq1m9IDjQjEWPP4cnfjejtEDmvNvxJb9fcwkIEC32cfcGo7WutQlGz0ZN0vuPwS9sc4o6tRXV4+fdha7j4EDBrZfdZCDiisLjOlABEKDCUfOjXj6GvSxr6fBMb3iAeNYneToDXBsYf7BrUGAMycO5unbHMg/Wq51wgJcF98UrWeliZlQ1MtkHAzSQRZYbM2sfwVCeENAz1mnLqwywW4WDhJlVj/KrPdIL7p8p9APEl9z/hHaCf9/JvE0n4nm/IMC0ktVRt48WGF463dDkI9PFWfKbtwo8Qf5wYbBUDSwG+zg2GJViRaYLIMjOPCKf5yp8Fz95jVj0kifAfpsN9h7psIPQk6vcKb19S5B9bQDHq2qfxAsHNMpuc8AMRYo3j2rQkKw40Qm5nCK7lrlphVA/fve7vz0eb/z9JholylYCFa7qf/tccyseYhlwQh0a1BToe/4mHHgv7tubxoFt+mJm2JS/7o3mvOvp9maTIUPCHZvXi3y8oBKkFF88dX+YcP6oYYYHk+AeP9FTP2D/k8pBGRW//ukEgkLRugrHaBSjP02Db939L5gCUe4NFupkbfxD1tZ/3w8I29ENPCUbc+LeLoOMf0frjT4pgxHLqPSBDVmgC96fvGnn1+EonH96UoGaXhzHnqUQ3qTZVBrJTqq2yT1r3ujOf9m/X1lqjHqzI5OQTnPVALrgagnSKXk6FfTmfrHrSWodwmuQTJT/wRjFiqtzROtHCTExB7jXLr88p0y2sSjdfWv3jm94CyW14zQ2+v/wujy04A7UzMrbztTLQfcYFLGRccib5BT5N7+/9CjGgOd0WB6H3pAf9nuLb4vfzK08b1mBZUmA3pTKs5gSm7wiQnEnXfAR0XATxtuYpkHmHrrWv0mhLvzhG5yd6JPstwHIobjA9VOGkz3mpZ3nZEJefFlQoYK/ZZKYVL/Oh1tw6pm0Zx/B2Yau7ttAaGF43ewLn10BwRqAE436Mz4HUw/6lh25Ph9yIVHRgMNGCsPiJVf1nN8R+2K9vF7n36jqTTxww/Avwn1Xp9FY+5W0WT9w2NMOLZk/G7+70vsHg3Aax5O8UbO2ON3j3
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff77-cd5c-4435-ba7a-401a950d210f" ,
"value" : "AppBFig6_Traffic-a.png"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - Traffic" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A w 4 A A A E A C A I A A A H i s o b V A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s M A A A 7 D A c d v q G Q A A P + l S U R B V H h e 7 L 0 H f B V V 9 g c + g S S P K q E K C A I K l l 2 F X S v K W l B R 7 L u 6 P 1 x d x Y J 1 L Y v r q q s L T k J C g E B C C S 2 E G n o X F q Q T W k I g C S W Q R n p 7 e W 3 o E J L 8 P ////9wy8+6Z994QEBX0ns/3k8ybO/fec889c+bOzJ3vVf4/KQ0QYqZopVv+/4XVa65Y5fp6TQMUvNSSbTgqParSCzZURWGod+UbSXM/nDEuhOzM+vwhkuTMZUkxA8YmfZY0452x5GfFurwvB9L95fBX7Ze0Km63UVrJqFdZlhNuzVMNtfC6Mj/uTwrU6yopck94cpiqNIPtc3QPQXXa5p122DjpIT8PDrCxJv0UQszEa/0RYIr+GHgb/yPAmvRTCDFT1KMTWTX5ZahWgCvzoGmPiDph+/w67hcMEb2+FH9eNpiWv7gQM5WXuBf9Z0W9VhqlKNM7hKh9Z4mKgi3A2+EUODP3QfjpmfnmBa0UNspK3OzEIWjSur5y95LmCsui3judbHjIYVt221Wle/FrbVgSgNalTQm5iaQ+fEO9fVd9yYIftldVlXvyBtrU5j2gQNCkeMTLdcWbmZa/uBAzqd0+Zw3A3uS4QDeIFWztYWNCC24FA8uiNrFSfvXCzTSzaXBNzrq189OYy5zIyqp359fo5nAu/xqMlb6j8Fw5CcP1mrvGpZ0rrxgfFMZK+dXLpYVwfjZhsIJ+3ULMNLX5reUfdobYlFemnfFoNDZ5DCtcOJYJSbChNnlaDFtq61ccw3qB4VhBv265NG+6KFihvz4hZqqxu2bDWI62E65rNTn7ZjdS6ovnZxXgs6xinb5dCgMlVXnQkV0JPyELuRr2nZUUTEr7VcqvtmFXVqSZGiTSTA0SYiaIL1t78NiU9OU8Ptq074D7rLMeLTL4Thah6JCqIrknPzJOaZf03Zby4feujP2hGu5a+86KCfodhK3yKi28wxB2jF/EPj0GRmGwUbP9o/jvUsnO6rRKu6b2GArbtRmRdZoHktgxkAR/J36xK7fATX4KYA34eYSb6VoEa8DPI8RMteBELZTclJxxjRulf/gYeFPx622ZKmq7wdHPLqLe5DTdxEMS+UuTYGNKVMaq1gp0/nmaVPWv7saRAOKD1C9YkjPy9rrcWVBv9EtrEsFrShZnF2ullVpq76Dozn3gMKhr9uwCw3MBs1o0cyz6CnKlbjsW+9Z0o65ZozMgCQ5wV+dDLlCDHF+dtmu/AzbUDkNO74iDJDb0MxD55Hy6QZ7DRPQeDU3OuDsUttn92ek5/WgqUQPq4mZiuyQCgZvpWJGn6I128HtCl79WQYxgsYmOkuY//825DZ/Xe4qZy0DnE0dzZrgcGuSK7vSGe/xDsB+sHn7feNL5lRtOuDW166fQjfVaGSRB/4Tfn/h9O4XlGtEv4diLzdkjOlbgvj7EL0i9v4sqeqU17AQ1oMBt8w4zH6ywEzUgF6sLChxxyzCjLhiy5T/XNGXII+ObKJu3HwgP7UoK1CrgSKhr+apSqrwG5UNdKXc0gm2GOgdxNwDUVbP9Y1KgruHBAcQ9AeDvkCS9qUHgZnIfyp/TTHFvnjT2ri5VGXujFRvrRuioqEcnqkoHCEDOQxlT308Mv2VYbSU4QgUEhfkJ2YtaK67MzIo1M86Vl49s3LP0PbgxJOWO6J+4onMj2Ok6esiemQkbFZ90gVzQbxCAYoPaQS5IWjNtG+SqLT1Sr7mgLshYXK6Vzf8GCtyatF1t+0Lxu5CL+B0UGB/cIqL9YE9mamVR+dK2TVhFgNh3N8ItAUnKObx60g+VC1Say33Oo8X9Y1tSG9KuCEXZdlOw2vQBo11jXl0L/g6KkWcenmKoyzX6XlYXtAuSKpKGgoZQIOTyetOMQVFqMxJ04TKsLfmKFQc/y0vcu1bnkEdOirL4trD9b5HHLAygx8zBcTRLs/mhSuW4V+vLdiX3UtRuQ/duKZr78dyIDr1ZxvrSpXWlO1guMNOeDYU0l5LQIRhybe7GLvx7C8gZV6Y27gAFTgprlP5Ov/rqQywXFLg6bifLFddUOblmGGyzutxwttKhA6uLbOu51CbPJLw2FtrFDjjy4YNGu4oLXGALpiH8hLpWhFE1aLsgySgNcnEzVZS410xKUVuSx4YTWtCa9Gf1gLnvTw9vdyfsdI74/bmUyaymY2Wa2uWTOe9NU1veWFe0iufykIgAgAIh14hO96m29rAfctH93msN5IL9DGQPVd1R6amhSVDgpLCgg+8/TCxIkwAzXh6uNusCx4MabA8D2H1Z1CZWEfw8OvSpejt/MA1qJL4ey5KgwHrNUe+GOFWRV6pN/GYv1BX74TaWq2zUIEN5NXQA7DRQMPxFbqbIR6aE2/qeKSqK+2xH+o7CqCenF73Xtd6df9LtXHadsrqrUhb/qjs7C4qYHhzCzHTaTp60QJaq9bO1rEyW68zqt2AnnI9QIOQ6+ObN9o1JEDshF9Wg1HjOB7k8OQfXdVKiBiaqTQdeoCfCmZLK+pIVrMAty9LV9n8hB5Mkosa2x9tUr46GsxV2wplCzn1PsebSsvdnjw8Kcy7/GvZrWVmq7d5jf+9Qr3kgGIMaS7sokATKQ4HZBZ6T815g0X3yVzuhLtgo2LkHco0K6kaVd7Nzn8QEip0r0tRWz3AzQYKEBbiZ1Nav0N/V8BfuTuo9JHYw6EnkRgGujqn9W8FGXdaEPRkOtc2rJ6ZC2CMjNHKydP8XbJxf//e1P3DvBUSEBEPYJmPIYBtLEguEroMCU/s0ri9bnVXgUW3d818OYwUSNSAVkjQ7uOfU5reSRzf0ngmSRv11pXv+COYXY95YX5c7jSkP/T9lZCbx99JluSXaTEUBDZkDklPeU0iSnAfdTlL4hbTv4IaMaTh3fDJJYmq0eRWSYKgBx0ASFCi9qUHgZopQ7qjLnbp58g+wa8K/d9fbsxfY+DBMtT0JYayO9jB4E/wlVtcq2HZ1KrlxhQPgL7gMy5VTRMLq6XmPuiJvzxtoY94E+yHKpB4kY1QtDm5HILQ5IInlhaRZ03Nr7K6Kj7swlzmRQEaSi5tBD68CvwA1PDG9yZFcDffGW7qyn44DheBooAkAkqAuoqE71+MiasABhpJGXaBGuHLPqcQHQMMRtsdgJ9eQjkLhL7g5NBmS0p7pAEnSm/wDbGISYiZm9dlTssHeNTn7R7R//tzGf4DLOB1arNI+3tb00PD/g87PyXdP6jooIagFdMjaTZVq0+d2fnFnfcGChS1sZ78fvHR1GUmiuaBA8iSE+gUML3n1nnLyPqL5C2sX8oEY309Aco0fshaSTiXHuzL20tDgoZ7rgb6FuqBAqAvc88DmXPWuSeQlqKZtT62GyDXm9R9YgYCox+OTewYzDeGAmL4fqkrjWOX6CZ/vGhlKb2j1EYbHSRxtpGKDXGXvdazXqth+KJCZRhTpTX7ATCMKMdOR1Rkn1sLFgpizulo7lXi/ZxwPBOwgKcRMUi4qClxuRj6/aHVbb6RYsawQTtdwRYlv3Rg2jP0AVemlXtcTNiCpZNSrtRkweCH7S4rckBTe4sbag+NimzUtHP7n+jK4iSPvqSB11ttTZzZpB0Vt3n5g7yt3wQ0g3OWVV5GkuR/OIEm2zgldWop1FRbQeRy0rqzPHwq/Lybn0WCWxJ7zrNvCQ0lkNxpx6GMf3qafQJAVrk4wW0PwFnf6BW/TTyBKwocQlcz1MVQveM2050diZhB5kOqLla3hvhTtCX94Id0o4Wr+0qIs+l3bvK+fZn0FwzM+yYj6P7kG+3RjWvLBcU2UvUPug2O8E5qUFhFhPclpoiinPdrkb1NWdeQWiRm8YbyiXNhJ3prMCGoBdcG1/PzGN1esJQ93MsltKhn78XlVrmMsV0S/+bOHTJ79yQyu5i8tJDYxzUR8fz0f19C/fNqFo9LD/H9zLxgcby4bNYiX8RsQYqaI0D8W/I08C2ePEQBFX9x8PHs/eTFXtfVCWjjbGf3cPFdp+Y
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5937ff89-0154-437e-860e-4b06950d210f" ,
"value" : "AppBFig6_Traffic-b.png"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851791" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "59380950-8978-4ec7-9394-4736950d210f" ,
"value" : "hurtmehard.net"
} ,
{
"category" : "Payload delivery" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware - Xchecked via VT: f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851800" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59382558-df44-42e8-a60e-440902de0b81" ,
"value" : "a85c021282ca5f8b6c0f18d3cdc819c44cfbc5ed"
} ,
{
"category" : "Payload delivery" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware - Xchecked via VT: f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851800" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59382558-a914-453e-9e28-42aa02de0b81" ,
"value" : "0b14f1e403909435e2a98ddefffd744f"
} ,
{
"category" : "External analysis" ,
"comment" : "PseudoDarkleech Campaign: Cerber ransomware - Xchecked via VT: f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851800" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59382558-29e0-4a87-938e-417402de0b81" ,
"value" : "https://www.virustotal.com/file/f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef/analysis/1492378270/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - - Xchecked via VT: 1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851801" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59382559-ad5c-4181-b334-4c3102de0b81" ,
"value" : "06841d0af2d945807c4373ad610c996278d51515"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - - Xchecked via VT: 1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851801" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59382559-97b4-4f89-bb1b-4fbe02de0b81" ,
"value" : "f83692698014c9144c4dbecacca28777"
} ,
{
"category" : "External analysis" ,
"comment" : "EITEST Campaign: Cryptoshield ransomware - - Xchecked via VT: 1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1496851801" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59382559-7650-44b3-9f13-4ae602de0b81" ,
"value" : "https://www.virustotal.com/file/1ceaccf925911b4da750321be0be31e0a8fe8220f75170725e74d3db7e828bcd/analysis/1493984950/"
}
]
}
}