From 3cf0ac1e0311ed16d74fc4faaabd79e6b6ea94dc Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Wed, 28 Aug 2019 01:45:56 +0200
Subject: [PATCH] Create Readme.md

---
 .../Bitter/27-08-19/decrypt/Readme.md                  | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 offshore APT organization/Bitter/27-08-19/decrypt/Readme.md

diff --git a/offshore APT organization/Bitter/27-08-19/decrypt/Readme.md b/offshore APT organization/Bitter/27-08-19/decrypt/Readme.md
new file mode 100644
index 0000000..87cc30d
--- /dev/null
+++ b/offshore APT organization/Bitter/27-08-19/decrypt/Readme.md	
@@ -0,0 +1,10 @@
+## Tool for decoding the encoded strings of ArtraDownloader
+##### This tool decoding the encoded strings of the three variants of ArtraDownloader used by the APT Bitter group (August 2019)
+##### The following syntax is the next :
+```sh
+> decrypt.ps1 "[Encoded string]" [Num Variant]
+```
+##### This will be give you the following result :
+![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/offshore%20APT%20organization/Bitter/27-08-19/decrypt/Result.png)
+##### URL Tool : https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/offshore%20APT%20organization/Bitter/27-08-19/decrypt/decrypt.ps1
+##### Ref Analysis:  https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/