{ "type": "bundle", "id": "bundle--570283b7-2800-483e-ba3e-1743950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:22:13.000Z", "modified": "2016-04-04T15:22:13.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--570283b7-2800-483e-ba3e-1743950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:22:13.000Z", "modified": "2016-04-04T15:22:13.000Z", "name": "OSINT - Meet Remaiten \u00e2\u20ac\u201c a Linux bot on steroids targeting routers and potentially other IoT devices", "published": "2016-04-04T15:22:26Z", "object_refs": [ "observed-data--5702845e-0e10-4673-a937-1748950d210f", "url--5702845e-0e10-4673-a937-1748950d210f", "indicator--5702848d-c0c8-4936-80a6-b489950d210f", "indicator--5702848d-5a38-4a09-ad6d-b489950d210f", "indicator--5702848d-2dd0-4eb7-b240-b489950d210f", "indicator--5702848e-48b4-4840-8683-b489950d210f", "indicator--5702848e-7b54-4f7f-97d0-b489950d210f", "indicator--570284b2-1400-43ec-b8d2-1741950d210f", "indicator--570284b3-7eac-43dd-badd-1741950d210f", "indicator--570284b3-b288-4b33-8e2c-1741950d210f", "indicator--570284b3-6fa8-4c57-9481-1741950d210f", "indicator--570284b4-5080-4b3d-a9fd-1741950d210f", "indicator--570284e0-f3f0-42b4-ba36-1740950d210f", "indicator--570284e0-8bfc-446d-b9a6-1740950d210f", "indicator--570284e0-2cc4-4499-831d-1740950d210f", "indicator--570284e1-a754-4c4f-90d8-1740950d210f", "indicator--570284e1-623c-4339-89d2-1740950d210f", "indicator--570284e1-fb4c-4057-ad1e-1740950d210f", "indicator--570284e2-1048-42ac-b812-1740950d210f", "indicator--570284e2-d020-46d7-bd7f-1740950d210f", "indicator--570284e2-c12c-4f71-bf7a-1740950d210f", "indicator--570284e3-36b0-4e34-a084-1740950d210f", "indicator--570284e3-89b4-4da6-8596-1740950d210f", "indicator--570284e3-4fb0-4f4e-a580-1740950d210f", "indicator--570284e4-bcbc-41ef-84c4-1740950d210f", "indicator--570284e4-642c-4141-ba6f-1740950d210f", "indicator--570284e5-1134-4815-9b7f-1740950d210f", "indicator--570284e5-33c8-4374-b1d9-1740950d210f", "indicator--570284e5-5cb0-4fc9-8273-1740950d210f", "indicator--570284e6-abd0-41e2-8181-1740950d210f", "indicator--570284e6-8eb8-412c-8386-1740950d210f", "indicator--570284e6-3c60-4585-b92c-1740950d210f", "indicator--570284e7-9adc-4e22-95d2-1740950d210f", "indicator--570284e7-0558-426c-bfac-1740950d210f", "indicator--57028509-4924-44ea-87c5-b489950d210f", "indicator--57028509-39cc-4ebe-afa9-b489950d210f", "indicator--5702850a-843c-451d-8c80-b489950d210f", "indicator--5702850a-a280-4c00-804e-b489950d210f", "indicator--5702852c-e040-483c-96f8-4f0c950d210f", "indicator--5702852d-ad3c-4246-85db-4534950d210f", "indicator--5702852d-7c20-455f-9999-4dba950d210f", "indicator--5702852d-27b8-427c-9b45-4bc4950d210f", "indicator--5702855e-7c18-4028-80d6-1741950d210f", "indicator--5702855e-7b50-4b87-acfe-1741950d210f", "indicator--5702855e-76f0-49e5-a4be-1741950d210f", "indicator--5702855f-41d0-4492-b2a8-1741950d210f", "indicator--5702858a-6768-4ea1-91b2-b486950d210f", "indicator--5702858b-0ccc-457a-8e91-b486950d210f", "indicator--5702858b-fd44-442b-90b6-b486950d210f", "indicator--57028647-1cdc-46ec-91d6-b48702de0b81", "indicator--57028648-b834-4df3-acc2-b48702de0b81", "observed-data--57028648-5474-473f-a305-b48702de0b81", "url--57028648-5474-473f-a305-b48702de0b81", "indicator--57028648-640c-4177-a983-b48702de0b81", "indicator--57028648-ebd4-4d64-9683-b48702de0b81", "observed-data--57028649-ddf4-4d30-a768-b48702de0b81", "url--57028649-ddf4-4d30-a768-b48702de0b81", "indicator--57028649-3af4-4cb1-9235-b48702de0b81", "indicator--57028649-f3a8-4671-b58e-b48702de0b81", "observed-data--5702864a-3464-4f58-9479-b48702de0b81", "url--5702864a-3464-4f58-9479-b48702de0b81", "indicator--5702864a-9ab8-47e7-830a-b48702de0b81", "indicator--5702864a-30e4-423b-8335-b48702de0b81", "observed-data--5702864b-b06c-444d-9871-b48702de0b81", "url--5702864b-b06c-444d-9871-b48702de0b81", "indicator--5702864b-8f9c-4e9b-abf5-b48702de0b81", "indicator--5702864b-85a0-465e-8676-b48702de0b81", "observed-data--5702864c-75a0-45f6-810e-b48702de0b81", "url--5702864c-75a0-45f6-810e-b48702de0b81", "indicator--5702864c-f140-4f7e-b239-b48702de0b81", "indicator--5702864c-37c8-4b74-a8ae-b48702de0b81", "observed-data--5702864d-c560-446f-bf6d-b48702de0b81", "url--5702864d-c560-446f-bf6d-b48702de0b81", "indicator--5702864d-afe4-407c-aeb1-b48702de0b81", "indicator--5702864d-52cc-4ae9-bbd5-b48702de0b81", "observed-data--5702864e-d8a0-4f18-87d7-b48702de0b81", "url--5702864e-d8a0-4f18-87d7-b48702de0b81", "indicator--5702864e-503c-4195-a39e-b48702de0b81", "indicator--5702864e-9668-4dfd-80a1-b48702de0b81", "observed-data--5702864f-4a88-4be2-87d2-b48702de0b81", "url--5702864f-4a88-4be2-87d2-b48702de0b81", "indicator--5702864f-c5b4-4bf5-ba2c-b48702de0b81", "indicator--5702864f-3d0c-4a45-8111-b48702de0b81", "observed-data--5702864f-6eac-44a2-83ce-b48702de0b81", "url--5702864f-6eac-44a2-83ce-b48702de0b81", "indicator--57028650-be28-40df-bf4f-b48702de0b81", "indicator--57028650-8efc-459b-aaf7-b48702de0b81", "observed-data--57028650-9438-4246-831f-b48702de0b81", "url--57028650-9438-4246-831f-b48702de0b81", "indicator--57028651-8464-40c8-9da9-b48702de0b81", "indicator--57028651-4698-436b-b358-b48702de0b81", "observed-data--57028651-6b5c-4ab0-ade3-b48702de0b81", "url--57028651-6b5c-4ab0-ade3-b48702de0b81", "indicator--57028652-cefc-4868-bf96-b48702de0b81", "indicator--57028652-7bc8-4533-937b-b48702de0b81", "observed-data--57028652-1db8-450c-b25f-b48702de0b81", "url--57028652-1db8-450c-b25f-b48702de0b81", "indicator--57028653-db84-4f6a-9403-b48702de0b81", "indicator--57028653-d88c-4552-a0a6-b48702de0b81", "observed-data--57028653-76e0-48ef-962d-b48702de0b81", "url--57028653-76e0-48ef-962d-b48702de0b81", "indicator--57028654-f9a8-4d65-854e-b48702de0b81", "indicator--57028654-3cb4-4907-bd74-b48702de0b81", "observed-data--57028654-3f08-4d77-9959-b48702de0b81", "url--57028654-3f08-4d77-9959-b48702de0b81", "indicator--57028655-e324-450e-8947-b48702de0b81", "indicator--57028655-218c-481c-8ade-b48702de0b81", "observed-data--57028655-6df4-4fd8-a3a2-b48702de0b81", "url--57028655-6df4-4fd8-a3a2-b48702de0b81", "indicator--57028655-d6b4-496c-abb8-b48702de0b81", "indicator--57028656-66f0-4521-a468-b48702de0b81", "observed-data--57028656-ca40-4e6c-80f9-b48702de0b81", "url--57028656-ca40-4e6c-80f9-b48702de0b81", "indicator--57028656-19c4-4d54-8cf7-b48702de0b81", "indicator--57028657-50a0-42e5-be50-b48702de0b81", "observed-data--57028657-1608-4f73-b7fd-b48702de0b81", "url--57028657-1608-4f73-b7fd-b48702de0b81", "indicator--57028657-f270-4aec-9af6-b48702de0b81", "indicator--57028658-d330-41b1-b694-b48702de0b81", "observed-data--57028658-71d8-41f9-b5ee-b48702de0b81", "url--57028658-71d8-41f9-b5ee-b48702de0b81", "indicator--57028658-cc78-465f-be6f-b48702de0b81", "indicator--57028658-2a2c-4b3d-ae86-b48702de0b81", "observed-data--57028659-b9bc-4c1f-845e-b48702de0b81", "url--57028659-b9bc-4c1f-845e-b48702de0b81", "indicator--57028659-9db0-4e75-b0c9-b48702de0b81", "indicator--57028659-7248-4e38-b61a-b48702de0b81", "observed-data--5702865a-4560-42ce-af7e-b48702de0b81", "url--5702865a-4560-42ce-af7e-b48702de0b81", "indicator--5702865a-ade4-4291-94ec-b48702de0b81", "indicator--5702865b-2ac4-4014-9075-b48702de0b81", "observed-data--5702865b-3610-497e-b25d-b48702de0b81", "url--5702865b-3610-497e-b25d-b48702de0b81", "indicator--5702865b-2864-4f33-b13f-b48702de0b81", "indicator--5702865b-c168-4982-b0ef-b48702de0b81", "observed-data--5702865c-a750-4743-9bfd-b48702de0b81", "url--5702865c-a750-4743-9bfd-b48702de0b81", "indicator--5702865c-c004-4e1e-adc8-b48702de0b81", "indicator--5702865c-953c-499d-a573-b48702de0b81", "observed-data--5702865d-f790-4cd3-95e2-b48702de0b81", "url--5702865d-f790-4cd3-95e2-b48702de0b81", "indicator--5702865d-7a60-4434-ba77-b48702de0b81", "indicator--5702865d-5968-4ec1-9640-b48702de0b81", "observed-data--5702865e-9fbc-4bcc-962c-b48702de0b81", "url--5702865e-9fbc-4bcc-962c-b48702de0b81", "indicator--5702865e-dd30-486b-bb01-b48702de0b81", "indicator--5702865e-ff10-4456-8f7d-b48702de0b81", "observed-data--5702865e-1458-43cc-b8b0-b48702de0b81", "url--5702865e-1458-43cc-b8b0-b48702de0b81", "indicator--5702865f-38ec-4295-a004-b48702de0b81", "indicator--5702865f-062c-40ec-9589-b48702de0b81", "observed-data--5702865f-f2e4-4d3e-843d-b48702de0b81", "url--5702865f-f2e4-4d3e-843d-b48702de0b81", "indicator--57028660-e8f4-4b5c-9bf3-b48702de0b81", "indicator--57028660-6a6c-4ba6-83e9-b48702de0b81", "observed-data--57028660-8ce0-4e12-b8ae-b48702de0b81", "url--57028660-8ce0-4e12-b8ae-b48702de0b81", "indicator--57028661-c110-4a5f-8de8-b48702de0b81", "indicator--57028661-d358-41b0-974b-b48702de0b81", "observed-data--57028661-6808-4a46-ae5a-b48702de0b81", "url--57028661-6808-4a46-ae5a-b48702de0b81", "indicator--57028662-9adc-4aa7-a125-b48702de0b81", "indicator--57028662-bc94-4e09-b8d4-b48702de0b81", "observed-data--57028662-ca6c-4814-80e5-b48702de0b81", "url--57028662-ca6c-4814-80e5-b48702de0b81", "indicator--57028663-b130-45f9-a593-b48702de0b81", "indicator--57028663-4624-4f74-94b9-b48702de0b81", "observed-data--57028663-86c8-4481-8fe4-b48702de0b81", "url--57028663-86c8-4481-8fe4-b48702de0b81", "indicator--57028663-918c-42ca-9c84-b48702de0b81", "indicator--57028664-74c0-4f22-975e-b48702de0b81", "observed-data--57028664-4ca0-427d-bb3a-b48702de0b81", "url--57028664-4ca0-427d-bb3a-b48702de0b81", "indicator--57028664-ad50-4a79-8065-b48702de0b81", "indicator--57028665-b318-48c6-b993-b48702de0b81", "observed-data--57028665-1d08-42e7-b55b-b48702de0b81", "url--57028665-1d08-42e7-b55b-b48702de0b81", "indicator--57028665-2764-4691-9607-b48702de0b81", "indicator--57028666-5968-4b79-a842-b48702de0b81", "observed-data--57028666-e748-4d06-8202-b48702de0b81", "url--57028666-e748-4d06-8202-b48702de0b81", "indicator--57028666-ca8c-4669-841d-b48702de0b81", "indicator--57028666-7bdc-4ecd-8917-b48702de0b81", "observed-data--57028667-25cc-4364-b279-b48702de0b81", "url--57028667-25cc-4364-b279-b48702de0b81", "indicator--57028667-3000-431e-86ca-b48702de0b81", "indicator--57028667-213c-4905-9f38-b48702de0b81", "observed-data--57028668-dfac-4e6a-8b1c-b48702de0b81", "url--57028668-dfac-4e6a-8b1c-b48702de0b81", "indicator--57028668-df20-4bdf-a819-b48702de0b81", "indicator--57028668-c3f4-499b-a789-b48702de0b81", "observed-data--57028669-58b8-47bd-95d9-b48702de0b81", "url--57028669-58b8-47bd-95d9-b48702de0b81", "indicator--57028669-2e0c-441d-b712-b48702de0b81", "indicator--57028669-846c-42f8-ab54-b48702de0b81", "observed-data--5702866a-e0d8-41ed-8441-b48702de0b81", "url--5702866a-e0d8-41ed-8441-b48702de0b81", "indicator--5702866a-5dd4-4fcf-8026-b48702de0b81", "indicator--5702866a-ad2c-4857-b4e9-b48702de0b81", "observed-data--5702866a-d184-4e90-b248-b48702de0b81", "url--5702866a-d184-4e90-b248-b48702de0b81", "indicator--5702866b-0acc-46fa-93b3-b48702de0b81", "indicator--5702866b-9b5c-4d91-a7f8-b48702de0b81", "observed-data--5702866b-34d8-48c6-928a-b48702de0b81", "url--5702866b-34d8-48c6-928a-b48702de0b81", "indicator--5702866c-6dd0-413c-bf8d-b48702de0b81", "indicator--5702866c-9604-4763-af99-b48702de0b81", "observed-data--5702866c-0af0-4937-a598-b48702de0b81", "url--5702866c-0af0-4937-a598-b48702de0b81", "indicator--5702866d-d0e8-455c-826d-b48702de0b81", "indicator--5702866d-dca8-4b8d-acd8-b48702de0b81", "observed-data--5702866d-a444-45b7-bb60-b48702de0b81", "url--5702866d-a444-45b7-bb60-b48702de0b81", "indicator--5702866d-cd98-4a09-b1a9-b48702de0b81", "indicator--5702866e-d4ac-4346-970b-b48702de0b81", "observed-data--5702866e-0798-4a61-9e9d-b48702de0b81", "url--5702866e-0798-4a61-9e9d-b48702de0b81", "indicator--5702866e-1e8c-4686-84fc-b48702de0b81", "indicator--5702866f-827c-4a20-9e86-b48702de0b81", "observed-data--5702866f-bf9c-44ed-bd09-b48702de0b81", "url--5702866f-bf9c-44ed-bd09-b48702de0b81", "indicator--5702866f-562c-4b2c-abe7-b48702de0b81", "indicator--57028670-013c-4fc9-b632-b48702de0b81", "observed-data--57028670-3cf4-4bba-b591-b48702de0b81", "url--57028670-3cf4-4bba-b591-b48702de0b81", "x-misp-attribute--570286a5-a4cc-4a9a-8f6d-1748950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702845e-0e10-4673-a937-1748950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:12:30.000Z", "modified": "2016-04-04T15:12:30.000Z", "first_observed": "2016-04-04T15:12:30Z", "last_observed": "2016-04-04T15:12:30Z", "number_observed": 1, "object_refs": [ "url--5702845e-0e10-4673-a937-1748950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702845e-0e10-4673-a937-1748950d210f", "value": "http://www.welivesecurity.com/2016/03/30/meet-remaiten-a-linux-bot-on-steroids-targeting-routers-and-potentially-other-iot-devices/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702848d-c0c8-4936-80a6-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:17.000Z", "modified": "2016-04-04T15:13:17.000Z", "description": "Linux/Remaiten.A - Version 2.0", "pattern": "[file:hashes.SHA1 = '2ff0b69bc5aaca82edb6a364ee9f6ad3c5fdd71c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702848d-5a38-4a09-ad6d-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:17.000Z", "modified": "2016-04-04T15:13:17.000Z", "description": "Linux/Remaiten.A - Version 2.0", "pattern": "[file:hashes.SHA1 = 'bd8256d469aa42c6c57e8e6f91ef5b4782bd2cb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702848d-2dd0-4eb7-b240-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:17.000Z", "modified": "2016-04-04T15:13:17.000Z", "description": "Linux/Remaiten.A - Version 2.0", "pattern": "[file:hashes.SHA1 = '3b233834ee962adb111a002bb64e594175e7c1e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702848e-48b4-4840-8683-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:18.000Z", "modified": "2016-04-04T15:13:18.000Z", "description": "Linux/Remaiten.A - Version 2.0", "pattern": "[file:hashes.SHA1 = '52210b49c47c6ad6fe34c70d6faf49e2763c0d9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702848e-7b54-4f7f-97d0-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:18.000Z", "modified": "2016-04-04T15:13:18.000Z", "description": "Linux/Remaiten.A - Version 2.0", "pattern": "[file:hashes.SHA1 = '11807e5aa5dc1c14f8d509ea410eeb778896830d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284b2-1400-43ec-b8d2-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:54.000Z", "modified": "2016-04-04T15:13:54.000Z", "description": "Linux/Remaiten.B - Version 2.1", "pattern": "[file:hashes.SHA1 = 'e097c882eda2bd508dd9a3be72efce6fd2971f11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284b3-7eac-43dd-badd-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:55.000Z", "modified": "2016-04-04T15:13:55.000Z", "description": "Linux/Remaiten.B - Version 2.1", "pattern": "[file:hashes.SHA1 = 'd4d70d0022e06b391b31195c030ac9bc6e716cce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284b3-b288-4b33-8e2c-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:55.000Z", "modified": "2016-04-04T15:13:55.000Z", "description": "Linux/Remaiten.B - Version 2.1", "pattern": "[file:hashes.SHA1 = '2e901502263d50c1ab65e7516bb8534c28d41265']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284b3-6fa8-4c57-9481-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:55.000Z", "modified": "2016-04-04T15:13:55.000Z", "description": "Linux/Remaiten.B - Version 2.1", "pattern": "[file:hashes.SHA1 = 'b9d8b993943872a19a1d4838570d7dcc9f374c20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284b4-5080-4b3d-a9fd-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:13:56.000Z", "modified": "2016-04-04T15:13:56.000Z", "description": "Linux/Remaiten.B - Version 2.1", "pattern": "[file:hashes.SHA1 = '977efab8a7cce22530c3bdeca860a342e232eeb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e0-f3f0-42b4-ba36-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:40.000Z", "modified": "2016-04-04T15:14:40.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '0e5b982c8d55b78582da733d31e8b652c9da9f6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e0-8bfc-446d-b9a6-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:40.000Z", "modified": "2016-04-04T15:14:40.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '4e2dfcd4a3e14b05b268b4a6df76479984932675']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e0-2cc4-4499-831d-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:40.000Z", "modified": "2016-04-04T15:14:40.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '9f5f24bda7af3ed95c72c9b77d5a9c5807ca1be9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e1-a754-4c4f-90d8-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:41.000Z", "modified": "2016-04-04T15:14:41.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '35b00e2243157171be6a7d7bc9b32f98805dcd35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e1-623c-4339-89d2-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:41.000Z", "modified": "2016-04-04T15:14:41.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '537f8847d786923a9401889e6ee23675d96f2692']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e1-fb4c-4057-ad1e-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:41.000Z", "modified": "2016-04-04T15:14:41.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'eefa249de2f7f08bcf4629d3e2055b06f1d74ae3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e2-1048-42ac-b812-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:42.000Z", "modified": "2016-04-04T15:14:42.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'f3c4a7e8785355894482bce4f791d92e1c1da5b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e2-d020-46d7-bd7f-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:42.000Z", "modified": "2016-04-04T15:14:42.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '46cd369bce4f6a41d8863c46dd778c1b1c4f8df0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e2-c12c-4f71-bf7a-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:42.000Z", "modified": "2016-04-04T15:14:42.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'efd3a698dda376333c2dd84714f92f25539d4589']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e3-36b0-4e34-a084-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:43.000Z", "modified": "2016-04-04T15:14:43.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '3dd804feef00bd8dbfb3a48e75120328e1cb041a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e3-89b4-4da6-8596-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:43.000Z", "modified": "2016-04-04T15:14:43.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'f8354d8cc946e8b137f9013fc3d44720f321dc48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e3-4fb0-4f4e-a580-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:43.000Z", "modified": "2016-04-04T15:14:43.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'b912a07528e1afabbaa01d99bcbb66498dee0406']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e4-bcbc-41ef-84c4-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:44.000Z", "modified": "2016-04-04T15:14:44.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '359dd2f9646eb3fad979f4a658bc2ff74488c457']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e4-642c-4141-ba6f-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:44.000Z", "modified": "2016-04-04T15:14:44.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '898e2d91d64ebb26cc049d78bdeeda87f2bc4f1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e5-1134-4815-9b7f-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:45.000Z", "modified": "2016-04-04T15:14:45.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '17d3c799e7f1c77be5d7b3d03eaa630a2f261449']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e5-33c8-4374-b1d9-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:45.000Z", "modified": "2016-04-04T15:14:45.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '17dcfdcc39b21ad64864a386070cc633e9965c3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e5-5cb0-4fc9-8273-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:45.000Z", "modified": "2016-04-04T15:14:45.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'd1c6511a84ca27e2c08b89a683db9878e83c8637']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e6-abd0-41e2-8181-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:46.000Z", "modified": "2016-04-04T15:14:46.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '024136cbc562cff6f3ce31d213fc9fe7a78510f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e6-8eb8-412c-8386-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:46.000Z", "modified": "2016-04-04T15:14:46.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'a2432461d56c7beec98e4a15ddf91a1ea6d41c1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e6-3c60-4585-b92c-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:46.000Z", "modified": "2016-04-04T15:14:46.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '9f795334a7201b2c6c0ad9ffeb2103ed464f0c5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e7-9adc-4e22-95d2-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:47.000Z", "modified": "2016-04-04T15:14:47.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = 'e375ecd544368b77f686fb3f3a000844782a647b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570284e7-0558-426c-bfac-1740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:14:47.000Z", "modified": "2016-04-04T15:14:47.000Z", "description": "Linux/Remaiten.C - version 2.2", "pattern": "[file:hashes.SHA1 = '0ca049baf56a6c4d01c6d183ef1acfa65d2be1e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:14:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028509-4924-44ea-87c5-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:21.000Z", "modified": "2016-04-04T15:15:21.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0", "pattern": "[file:hashes.SHA1 = '25a7cf2969ce154aa90891e844a6af84fc89d396']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028509-39cc-4ebe-afa9-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:21.000Z", "modified": "2016-04-04T15:15:21.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0", "pattern": "[file:hashes.SHA1 = '1fe1872cf18cd0101f0870ca58f68d6686010326']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702850a-843c-451d-8c80-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:22.000Z", "modified": "2016-04-04T15:15:22.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0", "pattern": "[file:hashes.SHA1 = '1cc2b57978ba2e611403ba11bf9129fb810fae5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702850a-a280-4c00-804e-b489950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:22.000Z", "modified": "2016-04-04T15:15:22.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0", "pattern": "[file:hashes.SHA1 = 'c552edd72495514765f6a8f26aee8a6da2a57992']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702852c-e040-483c-96f8-4f0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:56.000Z", "modified": "2016-04-04T15:15:56.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "pattern": "[file:hashes.SHA1 = 'e875f54b7bd967c4f9ae59d85ed60991561b097b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702852d-ad3c-4246-85db-4534950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:57.000Z", "modified": "2016-04-04T15:15:57.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "pattern": "[file:hashes.SHA1 = 'ebf2bc43b6b5a4b8933f4ed8ed4a4beaceaecff5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702852d-7c20-455f-9999-4dba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:57.000Z", "modified": "2016-04-04T15:15:57.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "pattern": "[file:hashes.SHA1 = '11a13d2eeb71573178d7686930340c51c8f3ce26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702852d-27b8-427c-9b45-4bc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:15:57.000Z", "modified": "2016-04-04T15:15:57.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples", "pattern": "[file:hashes.SHA1 = '8d26cd7d34d84745a897d474aa2ac9b8d1943d68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702855e-7c18-4028-80d6-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:16:46.000Z", "modified": "2016-04-04T15:16:46.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2", "pattern": "[file:hashes.SHA1 = 'e80aba63ba30a2048ba780c35eae65e8b95627f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:16:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702855e-7b50-4b87-acfe-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:16:46.000Z", "modified": "2016-04-04T15:16:46.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2", "pattern": "[file:hashes.SHA1 = 'e280b220c2ea2668d1a2ad82bdc64922e8b9ec86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:16:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702855e-76f0-49e5-a4be-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:16:46.000Z", "modified": "2016-04-04T15:16:46.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2", "pattern": "[file:hashes.SHA1 = '8decb1f0e94497ef31f13c6e07ff2a021cf0972f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:16:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702855f-41d0-4492-b2a8-1741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:16:47.000Z", "modified": "2016-04-04T15:16:47.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2", "pattern": "[file:hashes.SHA1 = '17006c899fbce3f86ddfb93539033c363816ad19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:16:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702858a-6768-4ea1-91b2-b486950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:17:30.000Z", "modified": "2016-04-04T15:17:30.000Z", "description": "On port 443 Bot", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.104.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702858b-0ccc-457a-8e91-b486950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:17:31.000Z", "modified": "2016-04-04T15:17:31.000Z", "description": "On port 53 Bot", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.5.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702858b-fd44-442b-90b6-b486950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:17:31.000Z", "modified": "2016-04-04T15:17:31.000Z", "description": "On port 23 Bot", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.5.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028647-1cdc-46ec-91d6-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:39.000Z", "modified": "2016-04-04T15:20:39.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 17006c899fbce3f86ddfb93539033c363816ad19", "pattern": "[file:hashes.SHA256 = '867743a1ce6beae03a46e18f702fa15a90f48ebd98852e63c12b50951f9da01d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028648-b834-4df3-acc2-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:40.000Z", "modified": "2016-04-04T15:20:40.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 17006c899fbce3f86ddfb93539033c363816ad19", "pattern": "[file:hashes.MD5 = 'ae253930e3ac5c8bf8b102af595006c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028648-5474-473f-a305-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:40.000Z", "modified": "2016-04-04T15:20:40.000Z", "first_observed": "2016-04-04T15:20:40Z", "last_observed": "2016-04-04T15:20:40Z", "number_observed": 1, "object_refs": [ "url--57028648-5474-473f-a305-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028648-5474-473f-a305-b48702de0b81", "value": "https://www.virustotal.com/file/867743a1ce6beae03a46e18f702fa15a90f48ebd98852e63c12b50951f9da01d/analysis/1459416923/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028648-640c-4177-a983-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:40.000Z", "modified": "2016-04-04T15:20:40.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 8decb1f0e94497ef31f13c6e07ff2a021cf0972f", "pattern": "[file:hashes.SHA256 = 'e0fd0f908fbceffeabdab5a04b7f836ceb4fcc748d45d87dac5842b3d1d27427']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028648-ebd4-4d64-9683-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:40.000Z", "modified": "2016-04-04T15:20:40.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: 8decb1f0e94497ef31f13c6e07ff2a021cf0972f", "pattern": "[file:hashes.MD5 = '55932f8c4bde6197b76e1b86a90a1c36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028649-ddf4-4d30-a768-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:41.000Z", "modified": "2016-04-04T15:20:41.000Z", "first_observed": "2016-04-04T15:20:41Z", "last_observed": "2016-04-04T15:20:41Z", "number_observed": 1, "object_refs": [ "url--57028649-ddf4-4d30-a768-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028649-ddf4-4d30-a768-b48702de0b81", "value": "https://www.virustotal.com/file/e0fd0f908fbceffeabdab5a04b7f836ceb4fcc748d45d87dac5842b3d1d27427/analysis/1459416784/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028649-3af4-4cb1-9235-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:41.000Z", "modified": "2016-04-04T15:20:41.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e280b220c2ea2668d1a2ad82bdc64922e8b9ec86", "pattern": "[file:hashes.SHA256 = 'ca9ed08666df18c0a3ef0a283b2b702767901f45a14289649effd1f9f387a878']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028649-f3a8-4671-b58e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:41.000Z", "modified": "2016-04-04T15:20:41.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e280b220c2ea2668d1a2ad82bdc64922e8b9ec86", "pattern": "[file:hashes.MD5 = 'b85aa007eb943c4ebd4967c07bfb6f89']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864a-3464-4f58-9479-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:42.000Z", "modified": "2016-04-04T15:20:42.000Z", "first_observed": "2016-04-04T15:20:42Z", "last_observed": "2016-04-04T15:20:42Z", "number_observed": 1, "object_refs": [ "url--5702864a-3464-4f58-9479-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864a-3464-4f58-9479-b48702de0b81", "value": "https://www.virustotal.com/file/ca9ed08666df18c0a3ef0a283b2b702767901f45a14289649effd1f9f387a878/analysis/1459416950/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864a-9ab8-47e7-830a-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:42.000Z", "modified": "2016-04-04T15:20:42.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e80aba63ba30a2048ba780c35eae65e8b95627f7", "pattern": "[file:hashes.SHA256 = '26a906fe5924a1f09ff75498aa7820b6fcc9dc35cd0a7159d25513994a8c35c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864a-30e4-423b-8335-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:42.000Z", "modified": "2016-04-04T15:20:42.000Z", "description": "Linux/Remaiten.A - Downloader samples - Version 2.2 - Xchecked via VT: e80aba63ba30a2048ba780c35eae65e8b95627f7", "pattern": "[file:hashes.MD5 = '2910ed17e5b971f6878d8442eac49c4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864b-b06c-444d-9871-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:42.000Z", "modified": "2016-04-04T15:20:42.000Z", "first_observed": "2016-04-04T15:20:42Z", "last_observed": "2016-04-04T15:20:42Z", "number_observed": 1, "object_refs": [ "url--5702864b-b06c-444d-9871-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864b-b06c-444d-9871-b48702de0b81", "value": "https://www.virustotal.com/file/26a906fe5924a1f09ff75498aa7820b6fcc9dc35cd0a7159d25513994a8c35c7/analysis/1459416729/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864b-8f9c-4e9b-abf5-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:43.000Z", "modified": "2016-04-04T15:20:43.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 8d26cd7d34d84745a897d474aa2ac9b8d1943d68", "pattern": "[file:hashes.SHA256 = '67b4d952736f71aacd5f7d804710346255ec105c059ea091c7f192bd7e908739']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864b-85a0-465e-8676-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:43.000Z", "modified": "2016-04-04T15:20:43.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 8d26cd7d34d84745a897d474aa2ac9b8d1943d68", "pattern": "[file:hashes.MD5 = '5dc1cf66fe7c969d00508210ffccd201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864c-75a0-45f6-810e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:44.000Z", "modified": "2016-04-04T15:20:44.000Z", "first_observed": "2016-04-04T15:20:44Z", "last_observed": "2016-04-04T15:20:44Z", "number_observed": 1, "object_refs": [ "url--5702864c-75a0-45f6-810e-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864c-75a0-45f6-810e-b48702de0b81", "value": "https://www.virustotal.com/file/67b4d952736f71aacd5f7d804710346255ec105c059ea091c7f192bd7e908739/analysis/1459416796/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864c-f140-4f7e-b239-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:44.000Z", "modified": "2016-04-04T15:20:44.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 11a13d2eeb71573178d7686930340c51c8f3ce26", "pattern": "[file:hashes.SHA256 = '9b943302e00a515d6b73857cd3889b36347cf192a7e1721cda2c671dc4495575']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864c-37c8-4b74-a8ae-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:44.000Z", "modified": "2016-04-04T15:20:44.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: 11a13d2eeb71573178d7686930340c51c8f3ce26", "pattern": "[file:hashes.MD5 = 'd8acfdc7b3c0b029b4f7f03f1ec2e8bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864d-c560-446f-bf6d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:45.000Z", "modified": "2016-04-04T15:20:45.000Z", "first_observed": "2016-04-04T15:20:45Z", "last_observed": "2016-04-04T15:20:45Z", "number_observed": 1, "object_refs": [ "url--5702864d-c560-446f-bf6d-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864d-c560-446f-bf6d-b48702de0b81", "value": "https://www.virustotal.com/file/9b943302e00a515d6b73857cd3889b36347cf192a7e1721cda2c671dc4495575/analysis/1459416962/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864d-afe4-407c-aeb1-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:45.000Z", "modified": "2016-04-04T15:20:45.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: ebf2bc43b6b5a4b8933f4ed8ed4a4beaceaecff5", "pattern": "[file:hashes.SHA256 = 'e1315229265ccf3f97d8fdab1280004bd956155ca5ec578537d2e3e3329edbf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864d-52cc-4ae9-bbd5-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:45.000Z", "modified": "2016-04-04T15:20:45.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: ebf2bc43b6b5a4b8933f4ed8ed4a4beaceaecff5", "pattern": "[file:hashes.MD5 = '7c759afe8cffcecb0f532ce3454b3ee0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864e-d8a0-4f18-87d7-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:46.000Z", "modified": "2016-04-04T15:20:46.000Z", "first_observed": "2016-04-04T15:20:46Z", "last_observed": "2016-04-04T15:20:46Z", "number_observed": 1, "object_refs": [ "url--5702864e-d8a0-4f18-87d7-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864e-d8a0-4f18-87d7-b48702de0b81", "value": "https://www.virustotal.com/file/e1315229265ccf3f97d8fdab1280004bd956155ca5ec578537d2e3e3329edbf8/analysis/1459416869/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864e-503c-4195-a39e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:46.000Z", "modified": "2016-04-04T15:20:46.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: e875f54b7bd967c4f9ae59d85ed60991561b097b", "pattern": "[file:hashes.SHA256 = 'e2fafea9a70176efcd49936376d12e4ade94bfda1914f4cee159bc9c81357719']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864e-9668-4dfd-80a1-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:46.000Z", "modified": "2016-04-04T15:20:46.000Z", "description": "Linux/Remaiten.A - Version 2.1 - Downloader samples - Xchecked via VT: e875f54b7bd967c4f9ae59d85ed60991561b097b", "pattern": "[file:hashes.MD5 = '93959aa61eac9fae1dd88dbbaca8be91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864f-4a88-4be2-87d2-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:47.000Z", "modified": "2016-04-04T15:20:47.000Z", "first_observed": "2016-04-04T15:20:47Z", "last_observed": "2016-04-04T15:20:47Z", "number_observed": 1, "object_refs": [ "url--5702864f-4a88-4be2-87d2-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864f-4a88-4be2-87d2-b48702de0b81", "value": "https://www.virustotal.com/file/e2fafea9a70176efcd49936376d12e4ade94bfda1914f4cee159bc9c81357719/analysis/1459416892/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864f-c5b4-4bf5-ba2c-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:47.000Z", "modified": "2016-04-04T15:20:47.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: c552edd72495514765f6a8f26aee8a6da2a57992", "pattern": "[file:hashes.SHA256 = '4faef5d04b203d57d169fbbcf4a148576242877399298a97fe6bb7de38b70561']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702864f-3d0c-4a45-8111-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:47.000Z", "modified": "2016-04-04T15:20:47.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: c552edd72495514765f6a8f26aee8a6da2a57992", "pattern": "[file:hashes.MD5 = '94455cec19984b0781faf09947324a69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702864f-6eac-44a2-83ce-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:47.000Z", "modified": "2016-04-04T15:20:47.000Z", "first_observed": "2016-04-04T15:20:47Z", "last_observed": "2016-04-04T15:20:47Z", "number_observed": 1, "object_refs": [ "url--5702864f-6eac-44a2-83ce-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702864f-6eac-44a2-83ce-b48702de0b81", "value": "https://www.virustotal.com/file/4faef5d04b203d57d169fbbcf4a148576242877399298a97fe6bb7de38b70561/analysis/1459416909/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028650-be28-40df-bf4f-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:48.000Z", "modified": "2016-04-04T15:20:48.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1cc2b57978ba2e611403ba11bf9129fb810fae5c", "pattern": "[file:hashes.SHA256 = '502c8d063d1f09ba27215260ddec4c2d24513c882627ca96e155c170e8f3a417']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028650-8efc-459b-aaf7-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:48.000Z", "modified": "2016-04-04T15:20:48.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1cc2b57978ba2e611403ba11bf9129fb810fae5c", "pattern": "[file:hashes.MD5 = '8a1ed47710e4e81febf4bc89ce39f310']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028650-9438-4246-831f-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:48.000Z", "modified": "2016-04-04T15:20:48.000Z", "first_observed": "2016-04-04T15:20:48Z", "last_observed": "2016-04-04T15:20:48Z", "number_observed": 1, "object_refs": [ "url--57028650-9438-4246-831f-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028650-9438-4246-831f-b48702de0b81", "value": "https://www.virustotal.com/file/502c8d063d1f09ba27215260ddec4c2d24513c882627ca96e155c170e8f3a417/analysis/1459416879/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028651-8464-40c8-9da9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:49.000Z", "modified": "2016-04-04T15:20:49.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1fe1872cf18cd0101f0870ca58f68d6686010326", "pattern": "[file:hashes.SHA256 = '92f1dd4bc1d83c7190ce28db00e0d845633e4a573441eb57db4de8c1567a949b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028651-4698-436b-b358-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:49.000Z", "modified": "2016-04-04T15:20:49.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 1fe1872cf18cd0101f0870ca58f68d6686010326", "pattern": "[file:hashes.MD5 = 'b12a940c6435b4f23806d3df1b4b6496']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028651-6b5c-4ab0-ade3-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:49.000Z", "modified": "2016-04-04T15:20:49.000Z", "first_observed": "2016-04-04T15:20:49Z", "last_observed": "2016-04-04T15:20:49Z", "number_observed": 1, "object_refs": [ "url--57028651-6b5c-4ab0-ade3-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028651-6b5c-4ab0-ade3-b48702de0b81", "value": "https://www.virustotal.com/file/92f1dd4bc1d83c7190ce28db00e0d845633e4a573441eb57db4de8c1567a949b/analysis/1459416934/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028652-cefc-4868-bf96-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:50.000Z", "modified": "2016-04-04T15:20:50.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 25a7cf2969ce154aa90891e844a6af84fc89d396", "pattern": "[file:hashes.SHA256 = 'dee4c7af05af1257fdcbdb2dc7252ff0ca5fea8e41ece409b3d70685b1daa7ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028652-7bc8-4533-937b-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:50.000Z", "modified": "2016-04-04T15:20:50.000Z", "description": "Linux/Remaiten.A - Downloader samples Version 2.0 - Xchecked via VT: 25a7cf2969ce154aa90891e844a6af84fc89d396", "pattern": "[file:hashes.MD5 = '2ed2f8037e347680a0061efbd99fba87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028652-1db8-450c-b25f-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:50.000Z", "modified": "2016-04-04T15:20:50.000Z", "first_observed": "2016-04-04T15:20:50Z", "last_observed": "2016-04-04T15:20:50Z", "number_observed": 1, "object_refs": [ "url--57028652-1db8-450c-b25f-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028652-1db8-450c-b25f-b48702de0b81", "value": "https://www.virustotal.com/file/dee4c7af05af1257fdcbdb2dc7252ff0ca5fea8e41ece409b3d70685b1daa7ec/analysis/1459507819/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028653-db84-4f6a-9403-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:51.000Z", "modified": "2016-04-04T15:20:51.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0ca049baf56a6c4d01c6d183ef1acfa65d2be1e3", "pattern": "[file:hashes.SHA256 = '4628e55d6f28f8e17d2b9a24ccf93915437fc14f771ab3cc9855fc4a5f8409a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028653-d88c-4552-a0a6-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:51.000Z", "modified": "2016-04-04T15:20:51.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0ca049baf56a6c4d01c6d183ef1acfa65d2be1e3", "pattern": "[file:hashes.MD5 = '4457ff3424279a8ade18f49064c69212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028653-76e0-48ef-962d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:51.000Z", "modified": "2016-04-04T15:20:51.000Z", "first_observed": "2016-04-04T15:20:51Z", "last_observed": "2016-04-04T15:20:51Z", "number_observed": 1, "object_refs": [ "url--57028653-76e0-48ef-962d-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028653-76e0-48ef-962d-b48702de0b81", "value": "https://www.virustotal.com/file/4628e55d6f28f8e17d2b9a24ccf93915437fc14f771ab3cc9855fc4a5f8409a9/analysis/1459507689/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028654-f9a8-4d65-854e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:52.000Z", "modified": "2016-04-04T15:20:52.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: e375ecd544368b77f686fb3f3a000844782a647b", "pattern": "[file:hashes.SHA256 = 'ba18729bd457f4ef759af9a2ee5aa1b47c9a2abb4ec89a622f2a150a99f724e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028654-3cb4-4907-bd74-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:52.000Z", "modified": "2016-04-04T15:20:52.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: e375ecd544368b77f686fb3f3a000844782a647b", "pattern": "[file:hashes.MD5 = 'c00fb220b8cbea22d139e7b3773fc847']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028654-3f08-4d77-9959-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:52.000Z", "modified": "2016-04-04T15:20:52.000Z", "first_observed": "2016-04-04T15:20:52Z", "last_observed": "2016-04-04T15:20:52Z", "number_observed": 1, "object_refs": [ "url--57028654-3f08-4d77-9959-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028654-3f08-4d77-9959-b48702de0b81", "value": "https://www.virustotal.com/file/ba18729bd457f4ef759af9a2ee5aa1b47c9a2abb4ec89a622f2a150a99f724e2/analysis/1459354195/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028655-e324-450e-8947-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:53.000Z", "modified": "2016-04-04T15:20:53.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f795334a7201b2c6c0ad9ffeb2103ed464f0c5f", "pattern": "[file:hashes.SHA256 = '1a51ed256d4e826a6e667e2f1a6e114ca54bc70c69c37b55cd88c60d59b3ac79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028655-218c-481c-8ade-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:53.000Z", "modified": "2016-04-04T15:20:53.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f795334a7201b2c6c0ad9ffeb2103ed464f0c5f", "pattern": "[file:hashes.MD5 = 'b867c9d983a604ca897b1a77bba4e2a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028655-6df4-4fd8-a3a2-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:53.000Z", "modified": "2016-04-04T15:20:53.000Z", "first_observed": "2016-04-04T15:20:53Z", "last_observed": "2016-04-04T15:20:53Z", "number_observed": 1, "object_refs": [ "url--57028655-6df4-4fd8-a3a2-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028655-6df4-4fd8-a3a2-b48702de0b81", "value": "https://www.virustotal.com/file/1a51ed256d4e826a6e667e2f1a6e114ca54bc70c69c37b55cd88c60d59b3ac79/analysis/1459353986/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028655-d6b4-496c-abb8-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:53.000Z", "modified": "2016-04-04T15:20:53.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: a2432461d56c7beec98e4a15ddf91a1ea6d41c1b", "pattern": "[file:hashes.SHA256 = 'c7ec7a6d54251932151eff72ad8b7bc9629f6026e6f771d4f5b585a23e2c4689']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028656-66f0-4521-a468-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:54.000Z", "modified": "2016-04-04T15:20:54.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: a2432461d56c7beec98e4a15ddf91a1ea6d41c1b", "pattern": "[file:hashes.MD5 = 'c2a3a452203ef0bcaf487eed56187f49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028656-ca40-4e6c-80f9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:54.000Z", "modified": "2016-04-04T15:20:54.000Z", "first_observed": "2016-04-04T15:20:54Z", "last_observed": "2016-04-04T15:20:54Z", "number_observed": 1, "object_refs": [ "url--57028656-ca40-4e6c-80f9-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028656-ca40-4e6c-80f9-b48702de0b81", "value": "https://www.virustotal.com/file/c7ec7a6d54251932151eff72ad8b7bc9629f6026e6f771d4f5b585a23e2c4689/analysis/1459354007/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028656-19c4-4d54-8cf7-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:54.000Z", "modified": "2016-04-04T15:20:54.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 024136cbc562cff6f3ce31d213fc9fe7a78510f9", "pattern": "[file:hashes.SHA256 = 'bb14a61f1f35d52c02288beb3bd54cf20619c4b4c0af2f8b767bc6ec3316e19e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028657-50a0-42e5-be50-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:55.000Z", "modified": "2016-04-04T15:20:55.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 024136cbc562cff6f3ce31d213fc9fe7a78510f9", "pattern": "[file:hashes.MD5 = '8a9f0be060986c8b37fbaa843b4bec6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028657-1608-4f73-b7fd-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:55.000Z", "modified": "2016-04-04T15:20:55.000Z", "first_observed": "2016-04-04T15:20:55Z", "last_observed": "2016-04-04T15:20:55Z", "number_observed": 1, "object_refs": [ "url--57028657-1608-4f73-b7fd-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028657-1608-4f73-b7fd-b48702de0b81", "value": "https://www.virustotal.com/file/bb14a61f1f35d52c02288beb3bd54cf20619c4b4c0af2f8b767bc6ec3316e19e/analysis/1459353441/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028657-f270-4aec-9af6-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:55.000Z", "modified": "2016-04-04T15:20:55.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: d1c6511a84ca27e2c08b89a683db9878e83c8637", "pattern": "[file:hashes.SHA256 = '6c089aef682e9c751b02feb971a307da0c1d8267c60810641d2b03e2e7fe9e68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028658-d330-41b1-b694-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:56.000Z", "modified": "2016-04-04T15:20:56.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: d1c6511a84ca27e2c08b89a683db9878e83c8637", "pattern": "[file:hashes.MD5 = '78ba33646b827c1c91cced01e3fe221b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028658-71d8-41f9-b5ee-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:56.000Z", "modified": "2016-04-04T15:20:56.000Z", "first_observed": "2016-04-04T15:20:56Z", "last_observed": "2016-04-04T15:20:56Z", "number_observed": 1, "object_refs": [ "url--57028658-71d8-41f9-b5ee-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028658-71d8-41f9-b5ee-b48702de0b81", "value": "https://www.virustotal.com/file/6c089aef682e9c751b02feb971a307da0c1d8267c60810641d2b03e2e7fe9e68/analysis/1459354111/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028658-cc78-465f-be6f-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:56.000Z", "modified": "2016-04-04T15:20:56.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17dcfdcc39b21ad64864a386070cc633e9965c3d", "pattern": "[file:hashes.SHA256 = '6c02a2bb7000e4cdc3a0bb24a2a4f7af9e0e14ada698034c7aebabb518a1c471']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028658-2a2c-4b3d-ae86-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:56.000Z", "modified": "2016-04-04T15:20:56.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17dcfdcc39b21ad64864a386070cc633e9965c3d", "pattern": "[file:hashes.MD5 = '3b4c243b2db7de648d16dfcf00c4032e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028659-b9bc-4c1f-845e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:57.000Z", "modified": "2016-04-04T15:20:57.000Z", "first_observed": "2016-04-04T15:20:57Z", "last_observed": "2016-04-04T15:20:57Z", "number_observed": 1, "object_refs": [ "url--57028659-b9bc-4c1f-845e-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028659-b9bc-4c1f-845e-b48702de0b81", "value": "https://www.virustotal.com/file/6c02a2bb7000e4cdc3a0bb24a2a4f7af9e0e14ada698034c7aebabb518a1c471/analysis/1459353587/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028659-9db0-4e75-b0c9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:57.000Z", "modified": "2016-04-04T15:20:57.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17d3c799e7f1c77be5d7b3d03eaa630a2f261449", "pattern": "[file:hashes.SHA256 = '6a8b8b659b8a12a868cfbdc0c5ce2133c36ed38880e5d2ddda323ecd3367de75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028659-7248-4e38-b61a-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:57.000Z", "modified": "2016-04-04T15:20:57.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 17d3c799e7f1c77be5d7b3d03eaa630a2f261449", "pattern": "[file:hashes.MD5 = '2c1535f4809241e542605b4468d2dd6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865a-4560-42ce-af7e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:58.000Z", "modified": "2016-04-04T15:20:58.000Z", "first_observed": "2016-04-04T15:20:58Z", "last_observed": "2016-04-04T15:20:58Z", "number_observed": 1, "object_refs": [ "url--5702865a-4560-42ce-af7e-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865a-4560-42ce-af7e-b48702de0b81", "value": "https://www.virustotal.com/file/6a8b8b659b8a12a868cfbdc0c5ce2133c36ed38880e5d2ddda323ecd3367de75/analysis/1459353566/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865a-ade4-4291-94ec-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:58.000Z", "modified": "2016-04-04T15:20:58.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 898e2d91d64ebb26cc049d78bdeeda87f2bc4f1a", "pattern": "[file:hashes.SHA256 = '65571a2b49b052f0a548b9d87844a1461c7519743710adc0714b0444f538a226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865b-2ac4-4014-9075-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:59.000Z", "modified": "2016-04-04T15:20:59.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 898e2d91d64ebb26cc049d78bdeeda87f2bc4f1a", "pattern": "[file:hashes.MD5 = '8ca2130bc74830d76240785eedd0822a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865b-3610-497e-b25d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:59.000Z", "modified": "2016-04-04T15:20:59.000Z", "first_observed": "2016-04-04T15:20:59Z", "last_observed": "2016-04-04T15:20:59Z", "number_observed": 1, "object_refs": [ "url--5702865b-3610-497e-b25d-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865b-3610-497e-b25d-b48702de0b81", "value": "https://www.virustotal.com/file/65571a2b49b052f0a548b9d87844a1461c7519743710adc0714b0444f538a226/analysis/1459353882/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865b-2864-4f33-b13f-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:59.000Z", "modified": "2016-04-04T15:20:59.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 359dd2f9646eb3fad979f4a658bc2ff74488c457", "pattern": "[file:hashes.SHA256 = '228cc92991ef88001e1f68c078a1d007ad751be50d6a2794d38ab6050bfedbbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865b-c168-4982-b0ef-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:20:59.000Z", "modified": "2016-04-04T15:20:59.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 359dd2f9646eb3fad979f4a658bc2ff74488c457", "pattern": "[file:hashes.MD5 = '971fd6b6cca43ddd29ceebf62c2b344a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:20:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865c-a750-4743-9bfd-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:00.000Z", "modified": "2016-04-04T15:21:00.000Z", "first_observed": "2016-04-04T15:21:00Z", "last_observed": "2016-04-04T15:21:00Z", "number_observed": 1, "object_refs": [ "url--5702865c-a750-4743-9bfd-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865c-a750-4743-9bfd-b48702de0b81", "value": "https://www.virustotal.com/file/228cc92991ef88001e1f68c078a1d007ad751be50d6a2794d38ab6050bfedbbf/analysis/1459353713/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865c-c004-4e1e-adc8-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:00.000Z", "modified": "2016-04-04T15:21:00.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: b912a07528e1afabbaa01d99bcbb66498dee0406", "pattern": "[file:hashes.SHA256 = '019ab885370dd6f39ce6ade26db7af5c340e9a84b1872abf9934bbc8a0c10570']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865c-953c-499d-a573-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:00.000Z", "modified": "2016-04-04T15:21:00.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: b912a07528e1afabbaa01d99bcbb66498dee0406", "pattern": "[file:hashes.MD5 = 'a037adaf7380ded9058da28c798ab28f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865d-f790-4cd3-95e2-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:01.000Z", "modified": "2016-04-04T15:21:01.000Z", "first_observed": "2016-04-04T15:21:01Z", "last_observed": "2016-04-04T15:21:01Z", "number_observed": 1, "object_refs": [ "url--5702865d-f790-4cd3-95e2-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865d-f790-4cd3-95e2-b48702de0b81", "value": "https://www.virustotal.com/file/019ab885370dd6f39ce6ade26db7af5c340e9a84b1872abf9934bbc8a0c10570/analysis/1459354028/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865d-7a60-4434-ba77-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:01.000Z", "modified": "2016-04-04T15:21:01.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f8354d8cc946e8b137f9013fc3d44720f321dc48", "pattern": "[file:hashes.SHA256 = '2166b52cc183f2604f597aa0e215cfe253a8949fd7ca9447af48cf711c996c59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865d-5968-4ec1-9640-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:01.000Z", "modified": "2016-04-04T15:21:01.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f8354d8cc946e8b137f9013fc3d44720f321dc48", "pattern": "[file:hashes.MD5 = 'c1b8ca1656d2552ee36bac3561c4a61b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865e-9fbc-4bcc-962c-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:02.000Z", "modified": "2016-04-04T15:21:02.000Z", "first_observed": "2016-04-04T15:21:02Z", "last_observed": "2016-04-04T15:21:02Z", "number_observed": 1, "object_refs": [ "url--5702865e-9fbc-4bcc-962c-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865e-9fbc-4bcc-962c-b48702de0b81", "value": "https://www.virustotal.com/file/2166b52cc183f2604f597aa0e215cfe253a8949fd7ca9447af48cf711c996c59/analysis/1459598727/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865e-dd30-486b-bb01-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:02.000Z", "modified": "2016-04-04T15:21:02.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 3dd804feef00bd8dbfb3a48e75120328e1cb041a", "pattern": "[file:hashes.SHA256 = '4137cef5f5d2fc066b4413ef93d0bc7bc9df7f6383f86c16dd0cead009806b30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865e-ff10-4456-8f7d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:02.000Z", "modified": "2016-04-04T15:21:02.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 3dd804feef00bd8dbfb3a48e75120328e1cb041a", "pattern": "[file:hashes.MD5 = '1235f16b924b6201002617d793007153']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865e-1458-43cc-b8b0-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:02.000Z", "modified": "2016-04-04T15:21:02.000Z", "first_observed": "2016-04-04T15:21:02Z", "last_observed": "2016-04-04T15:21:02Z", "number_observed": 1, "object_refs": [ "url--5702865e-1458-43cc-b8b0-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865e-1458-43cc-b8b0-b48702de0b81", "value": "https://www.virustotal.com/file/4137cef5f5d2fc066b4413ef93d0bc7bc9df7f6383f86c16dd0cead009806b30/analysis/1459353776/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865f-38ec-4295-a004-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:03.000Z", "modified": "2016-04-04T15:21:03.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: efd3a698dda376333c2dd84714f92f25539d4589", "pattern": "[file:hashes.SHA256 = '4d7be194ec156b328b8a967a4dd6502c1c5327022959d15c6ad8f16776bcb9da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702865f-062c-40ec-9589-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:03.000Z", "modified": "2016-04-04T15:21:03.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: efd3a698dda376333c2dd84714f92f25539d4589", "pattern": "[file:hashes.MD5 = '5a312ea592173a0ed15c16cf556ed801']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702865f-f2e4-4d3e-843d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:03.000Z", "modified": "2016-04-04T15:21:03.000Z", "first_observed": "2016-04-04T15:21:03Z", "last_observed": "2016-04-04T15:21:03Z", "number_observed": 1, "object_refs": [ "url--5702865f-f2e4-4d3e-843d-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702865f-f2e4-4d3e-843d-b48702de0b81", "value": "https://www.virustotal.com/file/4d7be194ec156b328b8a967a4dd6502c1c5327022959d15c6ad8f16776bcb9da/analysis/1459354299/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028660-e8f4-4b5c-9bf3-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:04.000Z", "modified": "2016-04-04T15:21:04.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 46cd369bce4f6a41d8863c46dd778c1b1c4f8df0", "pattern": "[file:hashes.SHA256 = 'c1d929cd9fbdd97aea134eba3aa5bbd1abd22ec6a4ac256ba7469e36d22eb320']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028660-6a6c-4ba6-83e9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:04.000Z", "modified": "2016-04-04T15:21:04.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 46cd369bce4f6a41d8863c46dd778c1b1c4f8df0", "pattern": "[file:hashes.MD5 = 'b464304f88edb48c4cb326cd92cf0230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028660-8ce0-4e12-b8ae-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:04.000Z", "modified": "2016-04-04T15:21:04.000Z", "first_observed": "2016-04-04T15:21:04Z", "last_observed": "2016-04-04T15:21:04Z", "number_observed": 1, "object_refs": [ "url--57028660-8ce0-4e12-b8ae-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028660-8ce0-4e12-b8ae-b48702de0b81", "value": "https://www.virustotal.com/file/c1d929cd9fbdd97aea134eba3aa5bbd1abd22ec6a4ac256ba7469e36d22eb320/analysis/1459353797/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028661-c110-4a5f-8de8-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:05.000Z", "modified": "2016-04-04T15:21:05.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f3c4a7e8785355894482bce4f791d92e1c1da5b2", "pattern": "[file:hashes.SHA256 = 'b00a8927d03beffdaf12fad39401f42412ebb18cd0e0d5d35fffa739404a1cb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028661-d358-41b0-974b-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:05.000Z", "modified": "2016-04-04T15:21:05.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: f3c4a7e8785355894482bce4f791d92e1c1da5b2", "pattern": "[file:hashes.MD5 = '83b1cf2c87d1cdc4c0c0a76c10b9c5b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028661-6808-4a46-ae5a-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:05.000Z", "modified": "2016-04-04T15:21:05.000Z", "first_observed": "2016-04-04T15:21:05Z", "last_observed": "2016-04-04T15:21:05Z", "number_observed": 1, "object_refs": [ "url--57028661-6808-4a46-ae5a-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028661-6808-4a46-ae5a-b48702de0b81", "value": "https://www.virustotal.com/file/b00a8927d03beffdaf12fad39401f42412ebb18cd0e0d5d35fffa739404a1cb0/analysis/1459410086/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028662-9adc-4aa7-a125-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:06.000Z", "modified": "2016-04-04T15:21:06.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: eefa249de2f7f08bcf4629d3e2055b06f1d74ae3", "pattern": "[file:hashes.SHA256 = '20b567e8b77634d0767df922d8c2b25534fb04144ef41c8a1b3c4271206c6e29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028662-bc94-4e09-b8d4-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:06.000Z", "modified": "2016-04-04T15:21:06.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: eefa249de2f7f08bcf4629d3e2055b06f1d74ae3", "pattern": "[file:hashes.MD5 = '91d4b4bf964541c20ad9a61fd456a117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028662-ca6c-4814-80e5-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:06.000Z", "modified": "2016-04-04T15:21:06.000Z", "first_observed": "2016-04-04T15:21:06Z", "last_observed": "2016-04-04T15:21:06Z", "number_observed": 1, "object_refs": [ "url--57028662-ca6c-4814-80e5-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028662-ca6c-4814-80e5-b48702de0b81", "value": "https://www.virustotal.com/file/20b567e8b77634d0767df922d8c2b25534fb04144ef41c8a1b3c4271206c6e29/analysis/1459681258/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028663-b130-45f9-a593-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:07.000Z", "modified": "2016-04-04T15:21:07.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 537f8847d786923a9401889e6ee23675d96f2692", "pattern": "[file:hashes.SHA256 = 'b0c14bd63741ed4fbf656f43c58b8e493c6488187211826ebab08316c18a343f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028663-4624-4f74-94b9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:07.000Z", "modified": "2016-04-04T15:21:07.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 537f8847d786923a9401889e6ee23675d96f2692", "pattern": "[file:hashes.MD5 = 'e754914854334d43b09964abc5f5e6cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028663-86c8-4481-8fe4-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:07.000Z", "modified": "2016-04-04T15:21:07.000Z", "first_observed": "2016-04-04T15:21:07Z", "last_observed": "2016-04-04T15:21:07Z", "number_observed": 1, "object_refs": [ "url--57028663-86c8-4481-8fe4-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028663-86c8-4481-8fe4-b48702de0b81", "value": "https://www.virustotal.com/file/b0c14bd63741ed4fbf656f43c58b8e493c6488187211826ebab08316c18a343f/analysis/1459353860/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028663-918c-42ca-9c84-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:07.000Z", "modified": "2016-04-04T15:21:07.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 35b00e2243157171be6a7d7bc9b32f98805dcd35", "pattern": "[file:hashes.SHA256 = 'e68747b8a627f52b9133b5247430d3d858de753dddc0181cbf4fd3f0c7f6a8a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028664-74c0-4f22-975e-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:08.000Z", "modified": "2016-04-04T15:21:08.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 35b00e2243157171be6a7d7bc9b32f98805dcd35", "pattern": "[file:hashes.MD5 = 'b374ae58ef5d62beea5a4147fa7aff2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028664-4ca0-427d-bb3a-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:08.000Z", "modified": "2016-04-04T15:21:08.000Z", "first_observed": "2016-04-04T15:21:08Z", "last_observed": "2016-04-04T15:21:08Z", "number_observed": 1, "object_refs": [ "url--57028664-4ca0-427d-bb3a-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028664-4ca0-427d-bb3a-b48702de0b81", "value": "https://www.virustotal.com/file/e68747b8a627f52b9133b5247430d3d858de753dddc0181cbf4fd3f0c7f6a8a0/analysis/1459353733/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028664-ad50-4a79-8065-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:08.000Z", "modified": "2016-04-04T15:21:08.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f5f24bda7af3ed95c72c9b77d5a9c5807ca1be9", "pattern": "[file:hashes.SHA256 = '171236a6feb87edbd23a15e7911fb34dd6193aeab2354846157665bf2d990523']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028665-b318-48c6-b993-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:09.000Z", "modified": "2016-04-04T15:21:09.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 9f5f24bda7af3ed95c72c9b77d5a9c5807ca1be9", "pattern": "[file:hashes.MD5 = '7f18b134719f4fc8d5ea8006c3262709']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028665-1d08-42e7-b55b-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:09.000Z", "modified": "2016-04-04T15:21:09.000Z", "first_observed": "2016-04-04T15:21:09Z", "last_observed": "2016-04-04T15:21:09Z", "number_observed": 1, "object_refs": [ "url--57028665-1d08-42e7-b55b-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028665-1d08-42e7-b55b-b48702de0b81", "value": "https://www.virustotal.com/file/171236a6feb87edbd23a15e7911fb34dd6193aeab2354846157665bf2d990523/analysis/1459676770/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028665-2764-4691-9607-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:09.000Z", "modified": "2016-04-04T15:21:09.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 4e2dfcd4a3e14b05b268b4a6df76479984932675", "pattern": "[file:hashes.SHA256 = '968ebd29b3ffc064c083c87fee9b6cadcf71a6485fb63bb9ec4ca01188f62a7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028666-5968-4b79-a842-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:10.000Z", "modified": "2016-04-04T15:21:10.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 4e2dfcd4a3e14b05b268b4a6df76479984932675", "pattern": "[file:hashes.MD5 = '10248d64db4ef4e5ea59bb0b0a2dff9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028666-e748-4d06-8202-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:10.000Z", "modified": "2016-04-04T15:21:10.000Z", "first_observed": "2016-04-04T15:21:10Z", "last_observed": "2016-04-04T15:21:10Z", "number_observed": 1, "object_refs": [ "url--57028666-e748-4d06-8202-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028666-e748-4d06-8202-b48702de0b81", "value": "https://www.virustotal.com/file/968ebd29b3ffc064c083c87fee9b6cadcf71a6485fb63bb9ec4ca01188f62a7e/analysis/1459353819/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028666-ca8c-4669-841d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:10.000Z", "modified": "2016-04-04T15:21:10.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0e5b982c8d55b78582da733d31e8b652c9da9f6e", "pattern": "[file:hashes.SHA256 = '1ab6804203d543d006d1acb9c7eb4c23874b16077142db8bf046bc5a5db879b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028666-7bdc-4ecd-8917-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:10.000Z", "modified": "2016-04-04T15:21:10.000Z", "description": "Linux/Remaiten.C - version 2.2 - Xchecked via VT: 0e5b982c8d55b78582da733d31e8b652c9da9f6e", "pattern": "[file:hashes.MD5 = '0f8fef517b504f4a9a5f4dcee5ea2276']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028667-25cc-4364-b279-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:11.000Z", "modified": "2016-04-04T15:21:11.000Z", "first_observed": "2016-04-04T15:21:11Z", "last_observed": "2016-04-04T15:21:11Z", "number_observed": 1, "object_refs": [ "url--57028667-25cc-4364-b279-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028667-25cc-4364-b279-b48702de0b81", "value": "https://www.virustotal.com/file/1ab6804203d543d006d1acb9c7eb4c23874b16077142db8bf046bc5a5db879b3/analysis/1459677915/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028667-3000-431e-86ca-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:11.000Z", "modified": "2016-04-04T15:21:11.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 977efab8a7cce22530c3bdeca860a342e232eeb3", "pattern": "[file:hashes.SHA256 = 'c94253ce4e9fa99d6511ef9eeb621016eed3bf4211dd2785ba751d17661e08ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028667-213c-4905-9f38-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:11.000Z", "modified": "2016-04-04T15:21:11.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 977efab8a7cce22530c3bdeca860a342e232eeb3", "pattern": "[file:hashes.MD5 = 'f5d415bc6230ac6834f76700fc65183e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028668-dfac-4e6a-8b1c-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:12.000Z", "modified": "2016-04-04T15:21:12.000Z", "first_observed": "2016-04-04T15:21:12Z", "last_observed": "2016-04-04T15:21:12Z", "number_observed": 1, "object_refs": [ "url--57028668-dfac-4e6a-8b1c-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028668-dfac-4e6a-8b1c-b48702de0b81", "value": "https://www.virustotal.com/file/c94253ce4e9fa99d6511ef9eeb621016eed3bf4211dd2785ba751d17661e08ec/analysis/1459353945/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028668-df20-4bdf-a819-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:12.000Z", "modified": "2016-04-04T15:21:12.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: b9d8b993943872a19a1d4838570d7dcc9f374c20", "pattern": "[file:hashes.SHA256 = '5a374c131b3e682e56c29605b1344d3369cd3a33239fe48765501fa2e62cbd89']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028668-c3f4-499b-a789-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:12.000Z", "modified": "2016-04-04T15:21:12.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: b9d8b993943872a19a1d4838570d7dcc9f374c20", "pattern": "[file:hashes.MD5 = '8cc02b906eb6a5e3021f7ca2f9883f3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028669-58b8-47bd-95d9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:13.000Z", "modified": "2016-04-04T15:21:13.000Z", "first_observed": "2016-04-04T15:21:13Z", "last_observed": "2016-04-04T15:21:13Z", "number_observed": 1, "object_refs": [ "url--57028669-58b8-47bd-95d9-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028669-58b8-47bd-95d9-b48702de0b81", "value": "https://www.virustotal.com/file/5a374c131b3e682e56c29605b1344d3369cd3a33239fe48765501fa2e62cbd89/analysis/1459600873/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028669-2e0c-441d-b712-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:13.000Z", "modified": "2016-04-04T15:21:13.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 2e901502263d50c1ab65e7516bb8534c28d41265", "pattern": "[file:hashes.SHA256 = 'cad9ab404b300f5622575144601a5847f63040c027b1e219eaf611a6ecca6545']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028669-846c-42f8-ab54-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:13.000Z", "modified": "2016-04-04T15:21:13.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: 2e901502263d50c1ab65e7516bb8534c28d41265", "pattern": "[file:hashes.MD5 = 'b952973e2c224ac773223949718fc74e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866a-e0d8-41ed-8441-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:14.000Z", "modified": "2016-04-04T15:21:14.000Z", "first_observed": "2016-04-04T15:21:14Z", "last_observed": "2016-04-04T15:21:14Z", "number_observed": 1, "object_refs": [ "url--5702866a-e0d8-41ed-8441-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866a-e0d8-41ed-8441-b48702de0b81", "value": "https://www.virustotal.com/file/cad9ab404b300f5622575144601a5847f63040c027b1e219eaf611a6ecca6545/analysis/1459353670/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866a-5dd4-4fcf-8026-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:14.000Z", "modified": "2016-04-04T15:21:14.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: d4d70d0022e06b391b31195c030ac9bc6e716cce", "pattern": "[file:hashes.SHA256 = '9270b918d1b7181bce7abb85e53b31ebff13b7c8b4ea61f399112bcbaac180d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866a-ad2c-4857-b4e9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:14.000Z", "modified": "2016-04-04T15:21:14.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: d4d70d0022e06b391b31195c030ac9bc6e716cce", "pattern": "[file:hashes.MD5 = '6ed1b7d3cc3ae25e33cb1513770bf522']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866a-d184-4e90-b248-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:14.000Z", "modified": "2016-04-04T15:21:14.000Z", "first_observed": "2016-04-04T15:21:14Z", "last_observed": "2016-04-04T15:21:14Z", "number_observed": 1, "object_refs": [ "url--5702866a-d184-4e90-b248-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866a-d184-4e90-b248-b48702de0b81", "value": "https://www.virustotal.com/file/9270b918d1b7181bce7abb85e53b31ebff13b7c8b4ea61f399112bcbaac180d7/analysis/1459354132/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866b-0acc-46fa-93b3-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:15.000Z", "modified": "2016-04-04T15:21:15.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: e097c882eda2bd508dd9a3be72efce6fd2971f11", "pattern": "[file:hashes.SHA256 = 'f88b87d082ea002b094209117e6580e9269b6f4c918f0227c6e2db95418fd798']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866b-9b5c-4d91-a7f8-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:15.000Z", "modified": "2016-04-04T15:21:15.000Z", "description": "Linux/Remaiten.B - Version 2.1 - Xchecked via VT: e097c882eda2bd508dd9a3be72efce6fd2971f11", "pattern": "[file:hashes.MD5 = '9de636f9bd90fd721f8c9042e9e87438']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866b-34d8-48c6-928a-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:15.000Z", "modified": "2016-04-04T15:21:15.000Z", "first_observed": "2016-04-04T15:21:15Z", "last_observed": "2016-04-04T15:21:15Z", "number_observed": 1, "object_refs": [ "url--5702866b-34d8-48c6-928a-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866b-34d8-48c6-928a-b48702de0b81", "value": "https://www.virustotal.com/file/f88b87d082ea002b094209117e6580e9269b6f4c918f0227c6e2db95418fd798/analysis/1459354153/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866c-6dd0-413c-bf8d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:16.000Z", "modified": "2016-04-04T15:21:16.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 11807e5aa5dc1c14f8d509ea410eeb778896830d", "pattern": "[file:hashes.SHA256 = 'c47ec77ac308edf168db331117b09f50bef93d4affebe04849702bf4428255d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866c-9604-4763-af99-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:16.000Z", "modified": "2016-04-04T15:21:16.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 11807e5aa5dc1c14f8d509ea410eeb778896830d", "pattern": "[file:hashes.MD5 = 'c1c9505ec350378284783e7cbd425135']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866c-0af0-4937-a598-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:16.000Z", "modified": "2016-04-04T15:21:16.000Z", "first_observed": "2016-04-04T15:21:16Z", "last_observed": "2016-04-04T15:21:16Z", "number_observed": 1, "object_refs": [ "url--5702866c-0af0-4937-a598-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866c-0af0-4937-a598-b48702de0b81", "value": "https://www.virustotal.com/file/c47ec77ac308edf168db331117b09f50bef93d4affebe04849702bf4428255d6/analysis/1459353503/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866d-d0e8-455c-826d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:17.000Z", "modified": "2016-04-04T15:21:17.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 52210b49c47c6ad6fe34c70d6faf49e2763c0d9d", "pattern": "[file:hashes.SHA256 = '840f70c83b0d8368733fb147856e676d3cbe39e9f6e40a83cdb246b263bca06b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866d-dca8-4b8d-acd8-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:17.000Z", "modified": "2016-04-04T15:21:17.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 52210b49c47c6ad6fe34c70d6faf49e2763c0d9d", "pattern": "[file:hashes.MD5 = '921d7a598c6a823f79ca0a1517136c47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866d-a444-45b7-bb60-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:17.000Z", "modified": "2016-04-04T15:21:17.000Z", "first_observed": "2016-04-04T15:21:17Z", "last_observed": "2016-04-04T15:21:17Z", "number_observed": 1, "object_refs": [ "url--5702866d-a444-45b7-bb60-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866d-a444-45b7-bb60-b48702de0b81", "value": "https://www.virustotal.com/file/840f70c83b0d8368733fb147856e676d3cbe39e9f6e40a83cdb246b263bca06b/analysis/1459353839/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866d-cd98-4a09-b1a9-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:17.000Z", "modified": "2016-04-04T15:21:17.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 3b233834ee962adb111a002bb64e594175e7c1e2", "pattern": "[file:hashes.SHA256 = 'cba57768d3b2500d38809d0638d5d87ba3ec5fdda09d966e3fab60a0d82d1340']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866e-d4ac-4346-970b-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:18.000Z", "modified": "2016-04-04T15:21:18.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 3b233834ee962adb111a002bb64e594175e7c1e2", "pattern": "[file:hashes.MD5 = '389aff86439c3c98953b17b585888d09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866e-0798-4a61-9e9d-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:18.000Z", "modified": "2016-04-04T15:21:18.000Z", "first_observed": "2016-04-04T15:21:18Z", "last_observed": "2016-04-04T15:21:18Z", "number_observed": 1, "object_refs": [ "url--5702866e-0798-4a61-9e9d-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866e-0798-4a61-9e9d-b48702de0b81", "value": "https://www.virustotal.com/file/cba57768d3b2500d38809d0638d5d87ba3ec5fdda09d966e3fab60a0d82d1340/analysis/1459568562/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866e-1e8c-4686-84fc-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:18.000Z", "modified": "2016-04-04T15:21:18.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: bd8256d469aa42c6c57e8e6f91ef5b4782bd2cb7", "pattern": "[file:hashes.SHA256 = '90d1f5eba528445e7663d8746365a7e9e403370cc847f39e339f9d077d0a0b10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866f-827c-4a20-9e86-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:19.000Z", "modified": "2016-04-04T15:21:19.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: bd8256d469aa42c6c57e8e6f91ef5b4782bd2cb7", "pattern": "[file:hashes.MD5 = '86b5db0a37904d602d920b65d9aab88a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5702866f-bf9c-44ed-bd09-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:19.000Z", "modified": "2016-04-04T15:21:19.000Z", "first_observed": "2016-04-04T15:21:19Z", "last_observed": "2016-04-04T15:21:19Z", "number_observed": 1, "object_refs": [ "url--5702866f-bf9c-44ed-bd09-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5702866f-bf9c-44ed-bd09-b48702de0b81", "value": "https://www.virustotal.com/file/90d1f5eba528445e7663d8746365a7e9e403370cc847f39e339f9d077d0a0b10/analysis/1459354070/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5702866f-562c-4b2c-abe7-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:19.000Z", "modified": "2016-04-04T15:21:19.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 2ff0b69bc5aaca82edb6a364ee9f6ad3c5fdd71c", "pattern": "[file:hashes.SHA256 = 'b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57028670-013c-4fc9-b632-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:20.000Z", "modified": "2016-04-04T15:21:20.000Z", "description": "Linux/Remaiten.A - Version 2.0 - Xchecked via VT: 2ff0b69bc5aaca82edb6a364ee9f6ad3c5fdd71c", "pattern": "[file:hashes.MD5 = '0488dffdf64dc11b920b81b334d6b2de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-04T15:21:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57028670-3cf4-4bba-b591-b48702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:21:20.000Z", "modified": "2016-04-04T15:21:20.000Z", "first_observed": "2016-04-04T15:21:20Z", "last_observed": "2016-04-04T15:21:20Z", "number_observed": 1, "object_refs": [ "url--57028670-3cf4-4bba-b591-b48702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57028670-3cf4-4bba-b591-b48702de0b81", "value": "https://www.virustotal.com/file/b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196/analysis/1459353692/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--570286a5-a4cc-4a9a-8f6d-1748950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-04T15:22:13.000Z", "modified": "2016-04-04T15:22:13.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. Recently, we discovered a bot that combines the capabilities of Tsunami (also known as Kaiten) and Gafgyt. It also provides some improvements as well as a couple of new features. We call this new threat Linux/Remaiten. So far, we have seen three versions of Linux/Remaiten that identify themselves as versions 2.0, 2.1 and 2.2. Based on artifacts found in the code, the authors call this new malware \u00e2\u20ac\u0153KTN-Remastered\u00e2\u20ac\u009d or \u00e2\u20ac\u0153KTN-RM\u00e2\u20ac\u009d.\r\n\r\nIn this blog we will describe the unique spreading mechanism of Linux/Remaiten, its different features, and the differences between the versions found in the wild.\r\nImproved spreading mechanism\r\n\r\nA prominent feature of Linux/Gafgyt is telnet scanning. When instructed to perform telnet scanning, it tries to connect to random IP addresses reachable from the Internet on port 23. If the connection succeeds, it will try to guess the login credentials from an embedded list of username/password combinations. If it successfully logs in, it issues a shell command to download bot executables for multiple architectures and tries to run them. This is a simple albeit noisy way of infecting new victims, as it is likely one of the binaries will execute on the running architecture.\r\n\r\nLinux/Remaiten improves upon this spreading mechanism by carrying downloader executables for CPU architectures that are commonly used in embedded Linux devices such as ARM and MIPS. After logging on via the telnet prompt of the victim device, it tries to determine the new victim device\u00e2\u20ac\u2122s platform and transfer only the appropriate downloader. This downloader\u00e2\u20ac\u2122s job is to request the architecture-appropriate Linux/Remaiten bot binary from the bot\u00e2\u20ac\u2122s C&C server. This binary is then executed on the new victim device, creating another bot for the malicious operators to use." }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }