{ "Event": { "analysis": "2", "date": "2016-04-04", "extends_uuid": "", "info": "OSINT - Meet Remaiten \u00e2\u20ac\u201c a Linux bot on steroids targeting routers and potentially other IoT devices", "publish_timestamp": "1459783346", "published": true, "threat_level_id": "3", "timestamp": "1459783333", "uuid": "570283b7-2800-483e-ba3e-1743950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459782750", "to_ids": false, "type": "link", "uuid": "5702845e-0e10-4673-a937-1748950d210f", "value": "http://www.welivesecurity.com/2016/03/30/meet-remaiten-a-linux-bot-on-steroids-targeting-routers-and-potentially-other-iot-devices/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782797", "to_ids": true, "type": "sha1", "uuid": "5702848d-c0c8-4936-80a6-b489950d210f", "value": "2ff0b69bc5aaca82edb6a364ee9f6ad3c5fdd71c" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782797", "to_ids": true, "type": "sha1", "uuid": "5702848d-5a38-4a09-ad6d-b489950d210f", "value": "bd8256d469aa42c6c57e8e6f91ef5b4782bd2cb7" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782797", "to_ids": true, "type": "sha1", "uuid": "5702848d-2dd0-4eb7-b240-b489950d210f", "value": "3b233834ee962adb111a002bb64e594175e7c1e2" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782798", "to_ids": true, "type": "sha1", "uuid": "5702848e-48b4-4840-8683-b489950d210f", "value": "52210b49c47c6ad6fe34c70d6faf49e2763c0d9d" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782798", "to_ids": true, "type": "sha1", "uuid": "5702848e-7b54-4f7f-97d0-b489950d210f", "value": "11807e5aa5dc1c14f8d509ea410eeb778896830d" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1", "deleted": false, "disable_correlation": false, "timestamp": "1459782834", "to_ids": true, "type": "sha1", "uuid": "570284b2-1400-43ec-b8d2-1741950d210f", "value": "e097c882eda2bd508dd9a3be72efce6fd2971f11" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1", "deleted": false, "disable_correlation": false, "timestamp": "1459782835", "to_ids": true, "type": "sha1", "uuid": "570284b3-7eac-43dd-badd-1741950d210f", "value": "d4d70d0022e06b391b31195c030ac9bc6e716cce" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1", "deleted": false, "disable_correlation": false, "timestamp": "1459782835", "to_ids": true, "type": "sha1", "uuid": "570284b3-b288-4b33-8e2c-1741950d210f", "value": "2e901502263d50c1ab65e7516bb8534c28d41265" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1", "deleted": false, "disable_correlation": false, "timestamp": "1459782835", "to_ids": true, "type": "sha1", "uuid": "570284b3-6fa8-4c57-9481-1741950d210f", "value": "b9d8b993943872a19a1d4838570d7dcc9f374c20" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1", "deleted": false, "disable_correlation": false, "timestamp": "1459782836", "to_ids": true, "type": "sha1", "uuid": "570284b4-5080-4b3d-a9fd-1741950d210f", "value": "977efab8a7cce22530c3bdeca860a342e232eeb3" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782880", "to_ids": true, "type": "sha1", "uuid": "570284e0-f3f0-42b4-ba36-1740950d210f", "value": "0e5b982c8d55b78582da733d31e8b652c9da9f6e" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782880", "to_ids": true, "type": "sha1", "uuid": "570284e0-8bfc-446d-b9a6-1740950d210f", "value": "4e2dfcd4a3e14b05b268b4a6df76479984932675" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782880", "to_ids": true, "type": "sha1", "uuid": "570284e0-2cc4-4499-831d-1740950d210f", "value": "9f5f24bda7af3ed95c72c9b77d5a9c5807ca1be9" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782881", "to_ids": true, "type": "sha1", "uuid": "570284e1-a754-4c4f-90d8-1740950d210f", "value": "35b00e2243157171be6a7d7bc9b32f98805dcd35" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782881", "to_ids": true, "type": "sha1", "uuid": "570284e1-623c-4339-89d2-1740950d210f", "value": "537f8847d786923a9401889e6ee23675d96f2692" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782881", "to_ids": true, "type": "sha1", "uuid": "570284e1-fb4c-4057-ad1e-1740950d210f", "value": "eefa249de2f7f08bcf4629d3e2055b06f1d74ae3" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782882", "to_ids": true, "type": "sha1", "uuid": "570284e2-1048-42ac-b812-1740950d210f", "value": "f3c4a7e8785355894482bce4f791d92e1c1da5b2" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782882", "to_ids": true, "type": "sha1", "uuid": "570284e2-d020-46d7-bd7f-1740950d210f", "value": "46cd369bce4f6a41d8863c46dd778c1b1c4f8df0" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782882", "to_ids": true, "type": "sha1", "uuid": "570284e2-c12c-4f71-bf7a-1740950d210f", "value": "efd3a698dda376333c2dd84714f92f25539d4589" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782883", "to_ids": true, "type": "sha1", "uuid": "570284e3-36b0-4e34-a084-1740950d210f", "value": "3dd804feef00bd8dbfb3a48e75120328e1cb041a" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782883", "to_ids": true, "type": "sha1", "uuid": "570284e3-89b4-4da6-8596-1740950d210f", "value": "f8354d8cc946e8b137f9013fc3d44720f321dc48" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782883", "to_ids": true, "type": "sha1", "uuid": "570284e3-4fb0-4f4e-a580-1740950d210f", "value": "b912a07528e1afabbaa01d99bcbb66498dee0406" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782884", "to_ids": true, "type": "sha1", "uuid": "570284e4-bcbc-41ef-84c4-1740950d210f", "value": "359dd2f9646eb3fad979f4a658bc2ff74488c457" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782884", "to_ids": true, "type": "sha1", "uuid": "570284e4-642c-4141-ba6f-1740950d210f", "value": "898e2d91d64ebb26cc049d78bdeeda87f2bc4f1a" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782885", "to_ids": true, "type": "sha1", "uuid": "570284e5-1134-4815-9b7f-1740950d210f", "value": "17d3c799e7f1c77be5d7b3d03eaa630a2f261449" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782885", "to_ids": true, "type": "sha1", "uuid": "570284e5-33c8-4374-b1d9-1740950d210f", "value": "17dcfdcc39b21ad64864a386070cc633e9965c3d" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782885", "to_ids": true, "type": "sha1", "uuid": "570284e5-5cb0-4fc9-8273-1740950d210f", "value": "d1c6511a84ca27e2c08b89a683db9878e83c8637" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782886", "to_ids": true, "type": "sha1", "uuid": "570284e6-abd0-41e2-8181-1740950d210f", "value": "024136cbc562cff6f3ce31d213fc9fe7a78510f9" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782886", "to_ids": true, "type": "sha1", "uuid": "570284e6-8eb8-412c-8386-1740950d210f", "value": "a2432461d56c7beec98e4a15ddf91a1ea6d41c1b" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782886", "to_ids": true, "type": "sha1", "uuid": "570284e6-3c60-4585-b92c-1740950d210f", "value": "9f795334a7201b2c6c0ad9ffeb2103ed464f0c5f" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782887", "to_ids": true, "type": "sha1", "uuid": "570284e7-9adc-4e22-95d2-1740950d210f", "value": "e375ecd544368b77f686fb3f3a000844782a647b" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459782887", "to_ids": true, "type": "sha1", "uuid": "570284e7-0558-426c-bfac-1740950d210f", "value": "0ca049baf56a6c4d01c6d183ef1acfa65d2be1e3" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782921", "to_ids": true, "type": "sha1", "uuid": "57028509-4924-44ea-87c5-b489950d210f", "value": "25a7cf2969ce154aa90891e844a6af84fc89d396" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782921", "to_ids": true, "type": "sha1", "uuid": "57028509-39cc-4ebe-afa9-b489950d210f", "value": "1fe1872cf18cd0101f0870ca58f68d6686010326" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782922", "to_ids": true, "type": "sha1", "uuid": "5702850a-843c-451d-8c80-b489950d210f", "value": "1cc2b57978ba2e611403ba11bf9129fb810fae5c" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0", "deleted": false, "disable_correlation": false, "timestamp": "1459782922", "to_ids": true, "type": "sha1", "uuid": "5702850a-a280-4c00-804e-b489950d210f", "value": "c552edd72495514765f6a8f26aee8a6da2a57992" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "deleted": false, "disable_correlation": false, "timestamp": "1459782956", "to_ids": true, "type": "sha1", "uuid": "5702852c-e040-483c-96f8-4f0c950d210f", "value": "e875f54b7bd967c4f9ae59d85ed60991561b097b" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "deleted": false, "disable_correlation": false, "timestamp": "1459782957", "to_ids": true, "type": "sha1", "uuid": "5702852d-ad3c-4246-85db-4534950d210f", "value": "ebf2bc43b6b5a4b8933f4ed8ed4a4beaceaecff5" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "deleted": false, "disable_correlation": false, "timestamp": "1459782957", "to_ids": true, "type": "sha1", "uuid": "5702852d-7c20-455f-9999-4dba950d210f", "value": "11a13d2eeb71573178d7686930340c51c8f3ce26" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "deleted": false, "disable_correlation": false, "timestamp": "1459782957", "to_ids": true, "type": "sha1", "uuid": "5702852d-27b8-427c-9b45-4bc4950d210f", "value": "8d26cd7d34d84745a897d474aa2ac9b8d1943d68" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459783006", "to_ids": true, "type": "sha1", "uuid": "5702855e-7c18-4028-80d6-1741950d210f", "value": "e80aba63ba30a2048ba780c35eae65e8b95627f7" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459783006", "to_ids": true, "type": "sha1", "uuid": "5702855e-7b50-4b87-acfe-1741950d210f", "value": "e280b220c2ea2668d1a2ad82bdc64922e8b9ec86" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459783006", "to_ids": true, "type": "sha1", "uuid": "5702855e-76f0-49e5-a4be-1741950d210f", "value": "8decb1f0e94497ef31f13c6e07ff2a021cf0972f" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2", "deleted": false, "disable_correlation": false, "timestamp": "1459783007", "to_ids": true, "type": "sha1", "uuid": "5702855f-41d0-4492-b2a8-1741950d210f", "value": "17006c899fbce3f86ddfb93539033c363816ad19" }, { "category": "Network activity", "comment": "On port 443 Bot", "deleted": false, "disable_correlation": false, "timestamp": "1459783050", "to_ids": true, "type": "ip-dst", "uuid": "5702858a-6768-4ea1-91b2-b486950d210f", "value": "185.130.104.131" }, { "category": "Network activity", "comment": "On port 53 Bot", "deleted": false, "disable_correlation": false, "timestamp": "1459783051", "to_ids": true, "type": "ip-dst", "uuid": "5702858b-0ccc-457a-8e91-b486950d210f", "value": "185.130.5.201" }, { "category": "Network activity", "comment": "On port 23 Bot", "deleted": false, "disable_correlation": false, "timestamp": "1459783051", "to_ids": true, "type": "ip-dst", "uuid": "5702858b-fd44-442b-90b6-b486950d210f", "value": "185.130.5.202" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 17006c899fbce3f86ddfb93539033c363816ad19", "deleted": false, "disable_correlation": false, "timestamp": "1459783239", "to_ids": true, "type": "sha256", "uuid": "57028647-1cdc-46ec-91d6-b48702de0b81", "value": "867743a1ce6beae03a46e18f702fa15a90f48ebd98852e63c12b50951f9da01d" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 17006c899fbce3f86ddfb93539033c363816ad19", "deleted": false, "disable_correlation": false, "timestamp": "1459783240", "to_ids": true, "type": "md5", "uuid": "57028648-b834-4df3-acc2-b48702de0b81", "value": "ae253930e3ac5c8bf8b102af595006c5" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783240", "to_ids": false, "type": "link", "uuid": "57028648-5474-473f-a305-b48702de0b81", "value": "https://www.virustotal.com/file/867743a1ce6beae03a46e18f702fa15a90f48ebd98852e63c12b50951f9da01d/analysis/1459416923/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 8decb1f0e94497ef31f13c6e07ff2a021cf0972f", "deleted": false, "disable_correlation": false, "timestamp": "1459783240", "to_ids": true, "type": "sha256", "uuid": "57028648-640c-4177-a983-b48702de0b81", "value": "e0fd0f908fbceffeabdab5a04b7f836ceb4fcc748d45d87dac5842b3d1d27427" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 8decb1f0e94497ef31f13c6e07ff2a021cf0972f", "deleted": false, "disable_correlation": false, "timestamp": "1459783240", "to_ids": true, "type": "md5", "uuid": "57028648-ebd4-4d64-9683-b48702de0b81", "value": "55932f8c4bde6197b76e1b86a90a1c36" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783241", "to_ids": false, "type": "link", "uuid": "57028649-ddf4-4d30-a768-b48702de0b81", "value": "https://www.virustotal.com/file/e0fd0f908fbceffeabdab5a04b7f836ceb4fcc748d45d87dac5842b3d1d27427/analysis/1459416784/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e280b220c2ea2668d1a2ad82bdc64922e8b9ec86", "deleted": false, "disable_correlation": false, "timestamp": "1459783241", "to_ids": true, "type": "sha256", "uuid": "57028649-3af4-4cb1-9235-b48702de0b81", "value": "ca9ed08666df18c0a3ef0a283b2b702767901f45a14289649effd1f9f387a878" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e280b220c2ea2668d1a2ad82bdc64922e8b9ec86", "deleted": false, "disable_correlation": false, "timestamp": "1459783241", "to_ids": true, "type": "md5", "uuid": "57028649-f3a8-4671-b58e-b48702de0b81", "value": "b85aa007eb943c4ebd4967c07bfb6f89" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783242", "to_ids": false, "type": "link", "uuid": "5702864a-3464-4f58-9479-b48702de0b81", "value": "https://www.virustotal.com/file/ca9ed08666df18c0a3ef0a283b2b702767901f45a14289649effd1f9f387a878/analysis/1459416950/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e80aba63ba30a2048ba780c35eae65e8b95627f7", "deleted": false, "disable_correlation": false, "timestamp": "1459783242", "to_ids": true, "type": "sha256", "uuid": "5702864a-9ab8-47e7-830a-b48702de0b81", "value": "26a906fe5924a1f09ff75498aa7820b6fcc9dc35cd0a7159d25513994a8c35c7" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e80aba63ba30a2048ba780c35eae65e8b95627f7", "deleted": false, "disable_correlation": false, "timestamp": "1459783242", "to_ids": true, "type": "md5", "uuid": "5702864a-30e4-423b-8335-b48702de0b81", "value": "2910ed17e5b971f6878d8442eac49c4d" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783242", "to_ids": false, "type": "link", "uuid": "5702864b-b06c-444d-9871-b48702de0b81", "value": "https://www.virustotal.com/file/26a906fe5924a1f09ff75498aa7820b6fcc9dc35cd0a7159d25513994a8c35c7/analysis/1459416729/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 8d26cd7d34d84745a897d474aa2ac9b8d1943d68", "deleted": false, "disable_correlation": false, "timestamp": "1459783243", "to_ids": true, "type": "sha256", "uuid": "5702864b-8f9c-4e9b-abf5-b48702de0b81", "value": "67b4d952736f71aacd5f7d804710346255ec105c059ea091c7f192bd7e908739" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 8d26cd7d34d84745a897d474aa2ac9b8d1943d68", "deleted": false, "disable_correlation": false, "timestamp": "1459783243", "to_ids": true, "type": "md5", "uuid": "5702864b-85a0-465e-8676-b48702de0b81", "value": "5dc1cf66fe7c969d00508210ffccd201" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783244", "to_ids": false, "type": "link", "uuid": "5702864c-75a0-45f6-810e-b48702de0b81", "value": "https://www.virustotal.com/file/67b4d952736f71aacd5f7d804710346255ec105c059ea091c7f192bd7e908739/analysis/1459416796/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 11a13d2eeb71573178d7686930340c51c8f3ce26", "deleted": false, "disable_correlation": false, "timestamp": "1459783244", "to_ids": true, "type": "sha256", "uuid": "5702864c-f140-4f7e-b239-b48702de0b81", "value": "9b943302e00a515d6b73857cd3889b36347cf192a7e1721cda2c671dc4495575" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 11a13d2eeb71573178d7686930340c51c8f3ce26", "deleted": false, "disable_correlation": false, "timestamp": "1459783244", "to_ids": true, "type": "md5", "uuid": "5702864c-37c8-4b74-a8ae-b48702de0b81", "value": "d8acfdc7b3c0b029b4f7f03f1ec2e8bd" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783245", "to_ids": false, "type": "link", "uuid": "5702864d-c560-446f-bf6d-b48702de0b81", "value": "https://www.virustotal.com/file/9b943302e00a515d6b73857cd3889b36347cf192a7e1721cda2c671dc4495575/analysis/1459416962/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: ebf2bc43b6b5a4b8933f4ed8ed4a4beaceaecff5", "deleted": false, "disable_correlation": false, "timestamp": "1459783245", "to_ids": true, "type": "sha256", "uuid": "5702864d-afe4-407c-aeb1-b48702de0b81", "value": "e1315229265ccf3f97d8fdab1280004bd956155ca5ec578537d2e3e3329edbf8" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: ebf2bc43b6b5a4b8933f4ed8ed4a4beaceaecff5", "deleted": false, "disable_correlation": false, "timestamp": "1459783245", "to_ids": true, "type": "md5", "uuid": "5702864d-52cc-4ae9-bbd5-b48702de0b81", "value": "7c759afe8cffcecb0f532ce3454b3ee0" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783246", "to_ids": false, "type": "link", "uuid": "5702864e-d8a0-4f18-87d7-b48702de0b81", "value": "https://www.virustotal.com/file/e1315229265ccf3f97d8fdab1280004bd956155ca5ec578537d2e3e3329edbf8/analysis/1459416869/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: e875f54b7bd967c4f9ae59d85ed60991561b097b", "deleted": false, "disable_correlation": false, "timestamp": "1459783246", "to_ids": true, "type": "sha256", "uuid": "5702864e-503c-4195-a39e-b48702de0b81", "value": "e2fafea9a70176efcd49936376d12e4ade94bfda1914f4cee159bc9c81357719" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: e875f54b7bd967c4f9ae59d85ed60991561b097b", "deleted": false, "disable_correlation": false, "timestamp": "1459783246", "to_ids": true, "type": "md5", "uuid": "5702864e-9668-4dfd-80a1-b48702de0b81", "value": "93959aa61eac9fae1dd88dbbaca8be91" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783247", "to_ids": false, "type": "link", "uuid": "5702864f-4a88-4be2-87d2-b48702de0b81", "value": "https://www.virustotal.com/file/e2fafea9a70176efcd49936376d12e4ade94bfda1914f4cee159bc9c81357719/analysis/1459416892/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: c552edd72495514765f6a8f26aee8a6da2a57992", "deleted": false, "disable_correlation": false, "timestamp": "1459783247", "to_ids": true, "type": "sha256", "uuid": "5702864f-c5b4-4bf5-ba2c-b48702de0b81", "value": "4faef5d04b203d57d169fbbcf4a148576242877399298a97fe6bb7de38b70561" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: c552edd72495514765f6a8f26aee8a6da2a57992", "deleted": false, "disable_correlation": false, "timestamp": "1459783247", "to_ids": true, "type": "md5", "uuid": "5702864f-3d0c-4a45-8111-b48702de0b81", "value": "94455cec19984b0781faf09947324a69" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783247", "to_ids": false, "type": "link", "uuid": "5702864f-6eac-44a2-83ce-b48702de0b81", "value": "https://www.virustotal.com/file/4faef5d04b203d57d169fbbcf4a148576242877399298a97fe6bb7de38b70561/analysis/1459416909/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1cc2b57978ba2e611403ba11bf9129fb810fae5c", "deleted": false, "disable_correlation": false, "timestamp": "1459783248", "to_ids": true, "type": "sha256", "uuid": "57028650-be28-40df-bf4f-b48702de0b81", "value": "502c8d063d1f09ba27215260ddec4c2d24513c882627ca96e155c170e8f3a417" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1cc2b57978ba2e611403ba11bf9129fb810fae5c", "deleted": false, "disable_correlation": false, "timestamp": "1459783248", "to_ids": true, "type": "md5", "uuid": "57028650-8efc-459b-aaf7-b48702de0b81", "value": "8a1ed47710e4e81febf4bc89ce39f310" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783248", "to_ids": false, "type": "link", "uuid": "57028650-9438-4246-831f-b48702de0b81", "value": "https://www.virustotal.com/file/502c8d063d1f09ba27215260ddec4c2d24513c882627ca96e155c170e8f3a417/analysis/1459416879/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1fe1872cf18cd0101f0870ca58f68d6686010326", "deleted": false, "disable_correlation": false, "timestamp": "1459783249", "to_ids": true, "type": "sha256", "uuid": "57028651-8464-40c8-9da9-b48702de0b81", "value": "92f1dd4bc1d83c7190ce28db00e0d845633e4a573441eb57db4de8c1567a949b" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1fe1872cf18cd0101f0870ca58f68d6686010326", "deleted": false, "disable_correlation": false, "timestamp": "1459783249", "to_ids": true, "type": "md5", "uuid": "57028651-4698-436b-b358-b48702de0b81", "value": "b12a940c6435b4f23806d3df1b4b6496" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783249", "to_ids": false, "type": "link", "uuid": "57028651-6b5c-4ab0-ade3-b48702de0b81", "value": "https://www.virustotal.com/file/92f1dd4bc1d83c7190ce28db00e0d845633e4a573441eb57db4de8c1567a949b/analysis/1459416934/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 25a7cf2969ce154aa90891e844a6af84fc89d396", "deleted": false, "disable_correlation": false, "timestamp": "1459783250", "to_ids": true, "type": "sha256", "uuid": "57028652-cefc-4868-bf96-b48702de0b81", "value": "dee4c7af05af1257fdcbdb2dc7252ff0ca5fea8e41ece409b3d70685b1daa7ec" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 25a7cf2969ce154aa90891e844a6af84fc89d396", "deleted": false, "disable_correlation": false, "timestamp": "1459783250", "to_ids": true, "type": "md5", "uuid": "57028652-7bc8-4533-937b-b48702de0b81", "value": "2ed2f8037e347680a0061efbd99fba87" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783250", "to_ids": false, "type": "link", "uuid": "57028652-1db8-450c-b25f-b48702de0b81", "value": "https://www.virustotal.com/file/dee4c7af05af1257fdcbdb2dc7252ff0ca5fea8e41ece409b3d70685b1daa7ec/analysis/1459507819/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0ca049baf56a6c4d01c6d183ef1acfa65d2be1e3", "deleted": false, "disable_correlation": false, "timestamp": "1459783251", "to_ids": true, "type": "sha256", "uuid": "57028653-db84-4f6a-9403-b48702de0b81", "value": "4628e55d6f28f8e17d2b9a24ccf93915437fc14f771ab3cc9855fc4a5f8409a9" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0ca049baf56a6c4d01c6d183ef1acfa65d2be1e3", "deleted": false, "disable_correlation": false, "timestamp": "1459783251", "to_ids": true, "type": "md5", "uuid": "57028653-d88c-4552-a0a6-b48702de0b81", "value": "4457ff3424279a8ade18f49064c69212" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783251", "to_ids": false, "type": "link", "uuid": "57028653-76e0-48ef-962d-b48702de0b81", "value": "https://www.virustotal.com/file/4628e55d6f28f8e17d2b9a24ccf93915437fc14f771ab3cc9855fc4a5f8409a9/analysis/1459507689/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: e375ecd544368b77f686fb3f3a000844782a647b", "deleted": false, "disable_correlation": false, "timestamp": "1459783252", "to_ids": true, "type": "sha256", "uuid": "57028654-f9a8-4d65-854e-b48702de0b81", "value": "ba18729bd457f4ef759af9a2ee5aa1b47c9a2abb4ec89a622f2a150a99f724e2" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: e375ecd544368b77f686fb3f3a000844782a647b", "deleted": false, "disable_correlation": false, "timestamp": "1459783252", "to_ids": true, "type": "md5", "uuid": "57028654-3cb4-4907-bd74-b48702de0b81", "value": "c00fb220b8cbea22d139e7b3773fc847" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783252", "to_ids": false, "type": "link", "uuid": "57028654-3f08-4d77-9959-b48702de0b81", "value": "https://www.virustotal.com/file/ba18729bd457f4ef759af9a2ee5aa1b47c9a2abb4ec89a622f2a150a99f724e2/analysis/1459354195/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f795334a7201b2c6c0ad9ffeb2103ed464f0c5f", "deleted": false, "disable_correlation": false, "timestamp": "1459783253", "to_ids": true, "type": "sha256", "uuid": "57028655-e324-450e-8947-b48702de0b81", "value": "1a51ed256d4e826a6e667e2f1a6e114ca54bc70c69c37b55cd88c60d59b3ac79" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f795334a7201b2c6c0ad9ffeb2103ed464f0c5f", "deleted": false, "disable_correlation": false, "timestamp": "1459783253", "to_ids": true, "type": "md5", "uuid": "57028655-218c-481c-8ade-b48702de0b81", "value": "b867c9d983a604ca897b1a77bba4e2a8" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783253", "to_ids": false, "type": "link", "uuid": "57028655-6df4-4fd8-a3a2-b48702de0b81", "value": "https://www.virustotal.com/file/1a51ed256d4e826a6e667e2f1a6e114ca54bc70c69c37b55cd88c60d59b3ac79/analysis/1459353986/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: a2432461d56c7beec98e4a15ddf91a1ea6d41c1b", "deleted": false, "disable_correlation": false, "timestamp": "1459783253", "to_ids": true, "type": "sha256", "uuid": "57028655-d6b4-496c-abb8-b48702de0b81", "value": "c7ec7a6d54251932151eff72ad8b7bc9629f6026e6f771d4f5b585a23e2c4689" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: a2432461d56c7beec98e4a15ddf91a1ea6d41c1b", "deleted": false, "disable_correlation": false, "timestamp": "1459783254", "to_ids": true, "type": "md5", "uuid": "57028656-66f0-4521-a468-b48702de0b81", "value": "c2a3a452203ef0bcaf487eed56187f49" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783254", "to_ids": false, "type": "link", "uuid": "57028656-ca40-4e6c-80f9-b48702de0b81", "value": "https://www.virustotal.com/file/c7ec7a6d54251932151eff72ad8b7bc9629f6026e6f771d4f5b585a23e2c4689/analysis/1459354007/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 024136cbc562cff6f3ce31d213fc9fe7a78510f9", "deleted": false, "disable_correlation": false, "timestamp": "1459783254", "to_ids": true, "type": "sha256", "uuid": "57028656-19c4-4d54-8cf7-b48702de0b81", "value": "bb14a61f1f35d52c02288beb3bd54cf20619c4b4c0af2f8b767bc6ec3316e19e" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 024136cbc562cff6f3ce31d213fc9fe7a78510f9", "deleted": false, "disable_correlation": false, "timestamp": "1459783255", "to_ids": true, "type": "md5", "uuid": "57028657-50a0-42e5-be50-b48702de0b81", "value": "8a9f0be060986c8b37fbaa843b4bec6c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783255", "to_ids": false, "type": "link", "uuid": "57028657-1608-4f73-b7fd-b48702de0b81", "value": "https://www.virustotal.com/file/bb14a61f1f35d52c02288beb3bd54cf20619c4b4c0af2f8b767bc6ec3316e19e/analysis/1459353441/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: d1c6511a84ca27e2c08b89a683db9878e83c8637", "deleted": false, "disable_correlation": false, "timestamp": "1459783255", "to_ids": true, "type": "sha256", "uuid": "57028657-f270-4aec-9af6-b48702de0b81", "value": "6c089aef682e9c751b02feb971a307da0c1d8267c60810641d2b03e2e7fe9e68" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: d1c6511a84ca27e2c08b89a683db9878e83c8637", "deleted": false, "disable_correlation": false, "timestamp": "1459783256", "to_ids": true, "type": "md5", "uuid": "57028658-d330-41b1-b694-b48702de0b81", "value": "78ba33646b827c1c91cced01e3fe221b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783256", "to_ids": false, "type": "link", "uuid": "57028658-71d8-41f9-b5ee-b48702de0b81", "value": "https://www.virustotal.com/file/6c089aef682e9c751b02feb971a307da0c1d8267c60810641d2b03e2e7fe9e68/analysis/1459354111/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17dcfdcc39b21ad64864a386070cc633e9965c3d", "deleted": false, "disable_correlation": false, "timestamp": "1459783256", "to_ids": true, "type": "sha256", "uuid": "57028658-cc78-465f-be6f-b48702de0b81", "value": "6c02a2bb7000e4cdc3a0bb24a2a4f7af9e0e14ada698034c7aebabb518a1c471" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17dcfdcc39b21ad64864a386070cc633e9965c3d", "deleted": false, "disable_correlation": false, "timestamp": "1459783256", "to_ids": true, "type": "md5", "uuid": "57028658-2a2c-4b3d-ae86-b48702de0b81", "value": "3b4c243b2db7de648d16dfcf00c4032e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783257", "to_ids": false, "type": "link", "uuid": "57028659-b9bc-4c1f-845e-b48702de0b81", "value": "https://www.virustotal.com/file/6c02a2bb7000e4cdc3a0bb24a2a4f7af9e0e14ada698034c7aebabb518a1c471/analysis/1459353587/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17d3c799e7f1c77be5d7b3d03eaa630a2f261449", "deleted": false, "disable_correlation": false, "timestamp": "1459783257", "to_ids": true, "type": "sha256", "uuid": "57028659-9db0-4e75-b0c9-b48702de0b81", "value": "6a8b8b659b8a12a868cfbdc0c5ce2133c36ed38880e5d2ddda323ecd3367de75" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17d3c799e7f1c77be5d7b3d03eaa630a2f261449", "deleted": false, "disable_correlation": false, "timestamp": "1459783257", "to_ids": true, "type": "md5", "uuid": "57028659-7248-4e38-b61a-b48702de0b81", "value": "2c1535f4809241e542605b4468d2dd6f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783258", "to_ids": false, "type": "link", "uuid": "5702865a-4560-42ce-af7e-b48702de0b81", "value": "https://www.virustotal.com/file/6a8b8b659b8a12a868cfbdc0c5ce2133c36ed38880e5d2ddda323ecd3367de75/analysis/1459353566/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 898e2d91d64ebb26cc049d78bdeeda87f2bc4f1a", "deleted": false, "disable_correlation": false, "timestamp": "1459783258", "to_ids": true, "type": "sha256", "uuid": "5702865a-ade4-4291-94ec-b48702de0b81", "value": "65571a2b49b052f0a548b9d87844a1461c7519743710adc0714b0444f538a226" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 898e2d91d64ebb26cc049d78bdeeda87f2bc4f1a", "deleted": false, "disable_correlation": false, "timestamp": "1459783259", "to_ids": true, "type": "md5", "uuid": "5702865b-2ac4-4014-9075-b48702de0b81", "value": "8ca2130bc74830d76240785eedd0822a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783259", "to_ids": false, "type": "link", "uuid": "5702865b-3610-497e-b25d-b48702de0b81", "value": "https://www.virustotal.com/file/65571a2b49b052f0a548b9d87844a1461c7519743710adc0714b0444f538a226/analysis/1459353882/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 359dd2f9646eb3fad979f4a658bc2ff74488c457", "deleted": false, "disable_correlation": false, "timestamp": "1459783259", "to_ids": true, "type": "sha256", "uuid": "5702865b-2864-4f33-b13f-b48702de0b81", "value": "228cc92991ef88001e1f68c078a1d007ad751be50d6a2794d38ab6050bfedbbf" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 359dd2f9646eb3fad979f4a658bc2ff74488c457", "deleted": false, "disable_correlation": false, "timestamp": "1459783259", "to_ids": true, "type": "md5", "uuid": "5702865b-c168-4982-b0ef-b48702de0b81", "value": "971fd6b6cca43ddd29ceebf62c2b344a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783260", "to_ids": false, "type": "link", "uuid": "5702865c-a750-4743-9bfd-b48702de0b81", "value": "https://www.virustotal.com/file/228cc92991ef88001e1f68c078a1d007ad751be50d6a2794d38ab6050bfedbbf/analysis/1459353713/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: b912a07528e1afabbaa01d99bcbb66498dee0406", "deleted": false, "disable_correlation": false, "timestamp": "1459783260", "to_ids": true, "type": "sha256", "uuid": "5702865c-c004-4e1e-adc8-b48702de0b81", "value": "019ab885370dd6f39ce6ade26db7af5c340e9a84b1872abf9934bbc8a0c10570" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: b912a07528e1afabbaa01d99bcbb66498dee0406", "deleted": false, "disable_correlation": false, "timestamp": "1459783260", "to_ids": true, "type": "md5", "uuid": "5702865c-953c-499d-a573-b48702de0b81", "value": "a037adaf7380ded9058da28c798ab28f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783261", "to_ids": false, "type": "link", "uuid": "5702865d-f790-4cd3-95e2-b48702de0b81", "value": "https://www.virustotal.com/file/019ab885370dd6f39ce6ade26db7af5c340e9a84b1872abf9934bbc8a0c10570/analysis/1459354028/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f8354d8cc946e8b137f9013fc3d44720f321dc48", "deleted": false, "disable_correlation": false, "timestamp": "1459783261", "to_ids": true, "type": "sha256", "uuid": "5702865d-7a60-4434-ba77-b48702de0b81", "value": "2166b52cc183f2604f597aa0e215cfe253a8949fd7ca9447af48cf711c996c59" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f8354d8cc946e8b137f9013fc3d44720f321dc48", "deleted": false, "disable_correlation": false, "timestamp": "1459783261", "to_ids": true, "type": "md5", "uuid": "5702865d-5968-4ec1-9640-b48702de0b81", "value": "c1b8ca1656d2552ee36bac3561c4a61b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783262", "to_ids": false, "type": "link", "uuid": "5702865e-9fbc-4bcc-962c-b48702de0b81", "value": "https://www.virustotal.com/file/2166b52cc183f2604f597aa0e215cfe253a8949fd7ca9447af48cf711c996c59/analysis/1459598727/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 3dd804feef00bd8dbfb3a48e75120328e1cb041a", "deleted": false, "disable_correlation": false, "timestamp": "1459783262", "to_ids": true, "type": "sha256", "uuid": "5702865e-dd30-486b-bb01-b48702de0b81", "value": "4137cef5f5d2fc066b4413ef93d0bc7bc9df7f6383f86c16dd0cead009806b30" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 3dd804feef00bd8dbfb3a48e75120328e1cb041a", "deleted": false, "disable_correlation": false, "timestamp": "1459783262", "to_ids": true, "type": "md5", "uuid": "5702865e-ff10-4456-8f7d-b48702de0b81", "value": "1235f16b924b6201002617d793007153" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783262", "to_ids": false, "type": "link", "uuid": "5702865e-1458-43cc-b8b0-b48702de0b81", "value": "https://www.virustotal.com/file/4137cef5f5d2fc066b4413ef93d0bc7bc9df7f6383f86c16dd0cead009806b30/analysis/1459353776/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: efd3a698dda376333c2dd84714f92f25539d4589", "deleted": false, "disable_correlation": false, "timestamp": "1459783263", "to_ids": true, "type": "sha256", "uuid": "5702865f-38ec-4295-a004-b48702de0b81", "value": "4d7be194ec156b328b8a967a4dd6502c1c5327022959d15c6ad8f16776bcb9da" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: efd3a698dda376333c2dd84714f92f25539d4589", "deleted": false, "disable_correlation": false, "timestamp": "1459783263", "to_ids": true, "type": "md5", "uuid": "5702865f-062c-40ec-9589-b48702de0b81", "value": "5a312ea592173a0ed15c16cf556ed801" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783263", "to_ids": false, "type": "link", "uuid": "5702865f-f2e4-4d3e-843d-b48702de0b81", "value": "https://www.virustotal.com/file/4d7be194ec156b328b8a967a4dd6502c1c5327022959d15c6ad8f16776bcb9da/analysis/1459354299/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 46cd369bce4f6a41d8863c46dd778c1b1c4f8df0", "deleted": false, "disable_correlation": false, "timestamp": "1459783264", "to_ids": true, "type": "sha256", "uuid": "57028660-e8f4-4b5c-9bf3-b48702de0b81", "value": "c1d929cd9fbdd97aea134eba3aa5bbd1abd22ec6a4ac256ba7469e36d22eb320" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 46cd369bce4f6a41d8863c46dd778c1b1c4f8df0", "deleted": false, "disable_correlation": false, "timestamp": "1459783264", "to_ids": true, "type": "md5", "uuid": "57028660-6a6c-4ba6-83e9-b48702de0b81", "value": "b464304f88edb48c4cb326cd92cf0230" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783264", "to_ids": false, "type": "link", "uuid": "57028660-8ce0-4e12-b8ae-b48702de0b81", "value": "https://www.virustotal.com/file/c1d929cd9fbdd97aea134eba3aa5bbd1abd22ec6a4ac256ba7469e36d22eb320/analysis/1459353797/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f3c4a7e8785355894482bce4f791d92e1c1da5b2", "deleted": false, "disable_correlation": false, "timestamp": "1459783265", "to_ids": true, "type": "sha256", "uuid": "57028661-c110-4a5f-8de8-b48702de0b81", "value": "b00a8927d03beffdaf12fad39401f42412ebb18cd0e0d5d35fffa739404a1cb0" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f3c4a7e8785355894482bce4f791d92e1c1da5b2", "deleted": false, "disable_correlation": false, "timestamp": "1459783265", "to_ids": true, "type": "md5", "uuid": "57028661-d358-41b0-974b-b48702de0b81", "value": "83b1cf2c87d1cdc4c0c0a76c10b9c5b9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783265", "to_ids": false, "type": "link", "uuid": "57028661-6808-4a46-ae5a-b48702de0b81", "value": "https://www.virustotal.com/file/b00a8927d03beffdaf12fad39401f42412ebb18cd0e0d5d35fffa739404a1cb0/analysis/1459410086/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: eefa249de2f7f08bcf4629d3e2055b06f1d74ae3", "deleted": false, "disable_correlation": false, "timestamp": "1459783266", "to_ids": true, "type": "sha256", "uuid": "57028662-9adc-4aa7-a125-b48702de0b81", "value": "20b567e8b77634d0767df922d8c2b25534fb04144ef41c8a1b3c4271206c6e29" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: eefa249de2f7f08bcf4629d3e2055b06f1d74ae3", "deleted": false, "disable_correlation": false, "timestamp": "1459783266", "to_ids": true, "type": "md5", "uuid": "57028662-bc94-4e09-b8d4-b48702de0b81", "value": "91d4b4bf964541c20ad9a61fd456a117" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783266", "to_ids": false, "type": "link", "uuid": "57028662-ca6c-4814-80e5-b48702de0b81", "value": "https://www.virustotal.com/file/20b567e8b77634d0767df922d8c2b25534fb04144ef41c8a1b3c4271206c6e29/analysis/1459681258/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 537f8847d786923a9401889e6ee23675d96f2692", "deleted": false, "disable_correlation": false, "timestamp": "1459783267", "to_ids": true, "type": "sha256", "uuid": "57028663-b130-45f9-a593-b48702de0b81", "value": "b0c14bd63741ed4fbf656f43c58b8e493c6488187211826ebab08316c18a343f" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 537f8847d786923a9401889e6ee23675d96f2692", "deleted": false, "disable_correlation": false, "timestamp": "1459783267", "to_ids": true, "type": "md5", "uuid": "57028663-4624-4f74-94b9-b48702de0b81", "value": "e754914854334d43b09964abc5f5e6cf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783267", "to_ids": false, "type": "link", "uuid": "57028663-86c8-4481-8fe4-b48702de0b81", "value": "https://www.virustotal.com/file/b0c14bd63741ed4fbf656f43c58b8e493c6488187211826ebab08316c18a343f/analysis/1459353860/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 35b00e2243157171be6a7d7bc9b32f98805dcd35", "deleted": false, "disable_correlation": false, "timestamp": "1459783267", "to_ids": true, "type": "sha256", "uuid": "57028663-918c-42ca-9c84-b48702de0b81", "value": "e68747b8a627f52b9133b5247430d3d858de753dddc0181cbf4fd3f0c7f6a8a0" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 35b00e2243157171be6a7d7bc9b32f98805dcd35", "deleted": false, "disable_correlation": false, "timestamp": "1459783268", "to_ids": true, "type": "md5", "uuid": "57028664-74c0-4f22-975e-b48702de0b81", "value": "b374ae58ef5d62beea5a4147fa7aff2a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783268", "to_ids": false, "type": "link", "uuid": "57028664-4ca0-427d-bb3a-b48702de0b81", "value": "https://www.virustotal.com/file/e68747b8a627f52b9133b5247430d3d858de753dddc0181cbf4fd3f0c7f6a8a0/analysis/1459353733/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f5f24bda7af3ed95c72c9b77d5a9c5807ca1be9", "deleted": false, "disable_correlation": false, "timestamp": "1459783268", "to_ids": true, "type": "sha256", "uuid": "57028664-ad50-4a79-8065-b48702de0b81", "value": "171236a6feb87edbd23a15e7911fb34dd6193aeab2354846157665bf2d990523" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f5f24bda7af3ed95c72c9b77d5a9c5807ca1be9", "deleted": false, "disable_correlation": false, "timestamp": "1459783269", "to_ids": true, "type": "md5", "uuid": "57028665-b318-48c6-b993-b48702de0b81", "value": "7f18b134719f4fc8d5ea8006c3262709" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783269", "to_ids": false, "type": "link", "uuid": "57028665-1d08-42e7-b55b-b48702de0b81", "value": "https://www.virustotal.com/file/171236a6feb87edbd23a15e7911fb34dd6193aeab2354846157665bf2d990523/analysis/1459676770/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 4e2dfcd4a3e14b05b268b4a6df76479984932675", "deleted": false, "disable_correlation": false, "timestamp": "1459783269", "to_ids": true, "type": "sha256", "uuid": "57028665-2764-4691-9607-b48702de0b81", "value": "968ebd29b3ffc064c083c87fee9b6cadcf71a6485fb63bb9ec4ca01188f62a7e" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 4e2dfcd4a3e14b05b268b4a6df76479984932675", "deleted": false, "disable_correlation": false, "timestamp": "1459783270", "to_ids": true, "type": "md5", "uuid": "57028666-5968-4b79-a842-b48702de0b81", "value": "10248d64db4ef4e5ea59bb0b0a2dff9f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783270", "to_ids": false, "type": "link", "uuid": "57028666-e748-4d06-8202-b48702de0b81", "value": "https://www.virustotal.com/file/968ebd29b3ffc064c083c87fee9b6cadcf71a6485fb63bb9ec4ca01188f62a7e/analysis/1459353819/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0e5b982c8d55b78582da733d31e8b652c9da9f6e", "deleted": false, "disable_correlation": false, "timestamp": "1459783270", "to_ids": true, "type": "sha256", "uuid": "57028666-ca8c-4669-841d-b48702de0b81", "value": "1ab6804203d543d006d1acb9c7eb4c23874b16077142db8bf046bc5a5db879b3" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0e5b982c8d55b78582da733d31e8b652c9da9f6e", "deleted": false, "disable_correlation": false, "timestamp": "1459783270", "to_ids": true, "type": "md5", "uuid": "57028666-7bdc-4ecd-8917-b48702de0b81", "value": "0f8fef517b504f4a9a5f4dcee5ea2276" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783271", "to_ids": false, "type": "link", "uuid": "57028667-25cc-4364-b279-b48702de0b81", "value": "https://www.virustotal.com/file/1ab6804203d543d006d1acb9c7eb4c23874b16077142db8bf046bc5a5db879b3/analysis/1459677915/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 977efab8a7cce22530c3bdeca860a342e232eeb3", "deleted": false, "disable_correlation": false, "timestamp": "1459783271", "to_ids": true, "type": "sha256", "uuid": "57028667-3000-431e-86ca-b48702de0b81", "value": "c94253ce4e9fa99d6511ef9eeb621016eed3bf4211dd2785ba751d17661e08ec" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 977efab8a7cce22530c3bdeca860a342e232eeb3", "deleted": false, "disable_correlation": false, "timestamp": "1459783271", "to_ids": true, "type": "md5", "uuid": "57028667-213c-4905-9f38-b48702de0b81", "value": "f5d415bc6230ac6834f76700fc65183e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783272", "to_ids": false, "type": "link", "uuid": "57028668-dfac-4e6a-8b1c-b48702de0b81", "value": "https://www.virustotal.com/file/c94253ce4e9fa99d6511ef9eeb621016eed3bf4211dd2785ba751d17661e08ec/analysis/1459353945/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: b9d8b993943872a19a1d4838570d7dcc9f374c20", "deleted": false, "disable_correlation": false, "timestamp": "1459783272", "to_ids": true, "type": "sha256", "uuid": "57028668-df20-4bdf-a819-b48702de0b81", "value": "5a374c131b3e682e56c29605b1344d3369cd3a33239fe48765501fa2e62cbd89" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: b9d8b993943872a19a1d4838570d7dcc9f374c20", "deleted": false, "disable_correlation": false, "timestamp": "1459783272", "to_ids": true, "type": "md5", "uuid": "57028668-c3f4-499b-a789-b48702de0b81", "value": "8cc02b906eb6a5e3021f7ca2f9883f3c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783273", "to_ids": false, "type": "link", "uuid": "57028669-58b8-47bd-95d9-b48702de0b81", "value": "https://www.virustotal.com/file/5a374c131b3e682e56c29605b1344d3369cd3a33239fe48765501fa2e62cbd89/analysis/1459600873/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 2e901502263d50c1ab65e7516bb8534c28d41265", "deleted": false, "disable_correlation": false, "timestamp": "1459783273", "to_ids": true, "type": "sha256", "uuid": "57028669-2e0c-441d-b712-b48702de0b81", "value": "cad9ab404b300f5622575144601a5847f63040c027b1e219eaf611a6ecca6545" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 2e901502263d50c1ab65e7516bb8534c28d41265", "deleted": false, "disable_correlation": false, "timestamp": "1459783273", "to_ids": true, "type": "md5", "uuid": "57028669-846c-42f8-ab54-b48702de0b81", "value": "b952973e2c224ac773223949718fc74e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783274", "to_ids": false, "type": "link", "uuid": "5702866a-e0d8-41ed-8441-b48702de0b81", "value": "https://www.virustotal.com/file/cad9ab404b300f5622575144601a5847f63040c027b1e219eaf611a6ecca6545/analysis/1459353670/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: d4d70d0022e06b391b31195c030ac9bc6e716cce", "deleted": false, "disable_correlation": false, "timestamp": "1459783274", "to_ids": true, "type": "sha256", "uuid": "5702866a-5dd4-4fcf-8026-b48702de0b81", "value": "9270b918d1b7181bce7abb85e53b31ebff13b7c8b4ea61f399112bcbaac180d7" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: d4d70d0022e06b391b31195c030ac9bc6e716cce", "deleted": false, "disable_correlation": false, "timestamp": "1459783274", "to_ids": true, "type": "md5", "uuid": "5702866a-ad2c-4857-b4e9-b48702de0b81", "value": "6ed1b7d3cc3ae25e33cb1513770bf522" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783274", "to_ids": false, "type": "link", "uuid": "5702866a-d184-4e90-b248-b48702de0b81", "value": "https://www.virustotal.com/file/9270b918d1b7181bce7abb85e53b31ebff13b7c8b4ea61f399112bcbaac180d7/analysis/1459354132/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: e097c882eda2bd508dd9a3be72efce6fd2971f11", "deleted": false, "disable_correlation": false, "timestamp": "1459783275", "to_ids": true, "type": "sha256", "uuid": "5702866b-0acc-46fa-93b3-b48702de0b81", "value": "f88b87d082ea002b094209117e6580e9269b6f4c918f0227c6e2db95418fd798" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: e097c882eda2bd508dd9a3be72efce6fd2971f11", "deleted": false, "disable_correlation": false, "timestamp": "1459783275", "to_ids": true, "type": "md5", "uuid": "5702866b-9b5c-4d91-a7f8-b48702de0b81", "value": "9de636f9bd90fd721f8c9042e9e87438" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783275", "to_ids": false, "type": "link", "uuid": "5702866b-34d8-48c6-928a-b48702de0b81", "value": "https://www.virustotal.com/file/f88b87d082ea002b094209117e6580e9269b6f4c918f0227c6e2db95418fd798/analysis/1459354153/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 11807e5aa5dc1c14f8d509ea410eeb778896830d", "deleted": false, "disable_correlation": false, "timestamp": "1459783276", "to_ids": true, "type": "sha256", "uuid": "5702866c-6dd0-413c-bf8d-b48702de0b81", "value": "c47ec77ac308edf168db331117b09f50bef93d4affebe04849702bf4428255d6" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 11807e5aa5dc1c14f8d509ea410eeb778896830d", "deleted": false, "disable_correlation": false, "timestamp": "1459783276", "to_ids": true, "type": "md5", "uuid": "5702866c-9604-4763-af99-b48702de0b81", "value": "c1c9505ec350378284783e7cbd425135" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783276", "to_ids": false, "type": "link", "uuid": "5702866c-0af0-4937-a598-b48702de0b81", "value": "https://www.virustotal.com/file/c47ec77ac308edf168db331117b09f50bef93d4affebe04849702bf4428255d6/analysis/1459353503/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 52210b49c47c6ad6fe34c70d6faf49e2763c0d9d", "deleted": false, "disable_correlation": false, "timestamp": "1459783277", "to_ids": true, "type": "sha256", "uuid": "5702866d-d0e8-455c-826d-b48702de0b81", "value": "840f70c83b0d8368733fb147856e676d3cbe39e9f6e40a83cdb246b263bca06b" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 52210b49c47c6ad6fe34c70d6faf49e2763c0d9d", "deleted": false, "disable_correlation": false, "timestamp": "1459783277", "to_ids": true, "type": "md5", "uuid": "5702866d-dca8-4b8d-acd8-b48702de0b81", "value": "921d7a598c6a823f79ca0a1517136c47" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783277", "to_ids": false, "type": "link", "uuid": "5702866d-a444-45b7-bb60-b48702de0b81", "value": "https://www.virustotal.com/file/840f70c83b0d8368733fb147856e676d3cbe39e9f6e40a83cdb246b263bca06b/analysis/1459353839/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 3b233834ee962adb111a002bb64e594175e7c1e2", "deleted": false, "disable_correlation": false, "timestamp": "1459783277", "to_ids": true, "type": "sha256", "uuid": "5702866d-cd98-4a09-b1a9-b48702de0b81", "value": "cba57768d3b2500d38809d0638d5d87ba3ec5fdda09d966e3fab60a0d82d1340" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 3b233834ee962adb111a002bb64e594175e7c1e2", "deleted": false, "disable_correlation": false, "timestamp": "1459783278", "to_ids": true, "type": "md5", "uuid": "5702866e-d4ac-4346-970b-b48702de0b81", "value": "389aff86439c3c98953b17b585888d09" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783278", "to_ids": false, "type": "link", "uuid": "5702866e-0798-4a61-9e9d-b48702de0b81", "value": "https://www.virustotal.com/file/cba57768d3b2500d38809d0638d5d87ba3ec5fdda09d966e3fab60a0d82d1340/analysis/1459568562/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: bd8256d469aa42c6c57e8e6f91ef5b4782bd2cb7", "deleted": false, "disable_correlation": false, "timestamp": "1459783278", "to_ids": true, "type": "sha256", "uuid": "5702866e-1e8c-4686-84fc-b48702de0b81", "value": "90d1f5eba528445e7663d8746365a7e9e403370cc847f39e339f9d077d0a0b10" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: bd8256d469aa42c6c57e8e6f91ef5b4782bd2cb7", "deleted": false, "disable_correlation": false, "timestamp": "1459783279", "to_ids": true, "type": "md5", "uuid": "5702866f-827c-4a20-9e86-b48702de0b81", "value": "86b5db0a37904d602d920b65d9aab88a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783279", "to_ids": false, "type": "link", "uuid": "5702866f-bf9c-44ed-bd09-b48702de0b81", "value": "https://www.virustotal.com/file/90d1f5eba528445e7663d8746365a7e9e403370cc847f39e339f9d077d0a0b10/analysis/1459354070/" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 2ff0b69bc5aaca82edb6a364ee9f6ad3c5fdd71c", "deleted": false, "disable_correlation": false, "timestamp": "1459783279", "to_ids": true, "type": "sha256", "uuid": "5702866f-562c-4b2c-abe7-b48702de0b81", "value": "b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196" }, { "category": "Payload delivery", "comment": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 2ff0b69bc5aaca82edb6a364ee9f6ad3c5fdd71c", "deleted": false, "disable_correlation": false, "timestamp": "1459783280", "to_ids": true, "type": "md5", "uuid": "57028670-013c-4fc9-b632-b48702de0b81", "value": "0488dffdf64dc11b920b81b334d6b2de" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783280", "to_ids": false, "type": "link", "uuid": "57028670-3cf4-4bba-b591-b48702de0b81", "value": "https://www.virustotal.com/file/b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196/analysis/1459353692/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459783333", "to_ids": false, "type": "comment", "uuid": "570286a5-a4cc-4a9a-8f6d-1748950d210f", "value": "ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. Recently, we discovered a bot that combines the capabilities of Tsunami (also known as Kaiten) and Gafgyt. It also provides some improvements as well as a couple of new features. We call this new threat Linux/Remaiten. So far, we have seen three versions of Linux/Remaiten that identify themselves as versions 2.0, 2.1 and 2.2. Based on artifacts found in the code, the authors call this new malware \u00e2\u20ac\u0153KTN-Remastered\u00e2\u20ac\u009d or \u00e2\u20ac\u0153KTN-RM\u00e2\u20ac\u009d.\r\n\r\nIn this blog we will describe the unique spreading mechanism of Linux/Remaiten, its different features, and the differences between the versions found in the wild.\r\nImproved spreading mechanism\r\n\r\nA prominent feature of Linux/Gafgyt is telnet scanning. When instructed to perform telnet scanning, it tries to connect to random IP addresses reachable from the Internet on port 23. If the connection succeeds, it will try to guess the login credentials from an embedded list of username/password combinations. If it successfully logs in, it issues a shell command to download bot executables for multiple architectures and tries to run them. This is a simple albeit noisy way of infecting new victims, as it is likely one of the binaries will execute on the running architecture.\r\n\r\nLinux/Remaiten improves upon this spreading mechanism by carrying downloader executables for CPU architectures that are commonly used in embedded Linux devices such as ARM and MIPS. After logging on via the telnet prompt of the victim device, it tries to determine the new victim device\u00e2\u20ac\u2122s platform and transfer only the appropriate downloader. This downloader\u00e2\u20ac\u2122s job is to request the architecture-appropriate Linux/Remaiten bot binary from the bot\u00e2\u20ac\u2122s C&C server. This binary is then executed on the new victim device, creating another bot for the malicious operators to use." } ] } }