The Kaiten bot was distributed in some Linux Mint ISO downloads. Here are the IOCs.
According to reports from the Linux Mint Blog, hackers created a backdoored version of the Linux Mint distribution's ISO files and then compromised the Linux Mint website to change the download links to point the hacked versions hosted in Bulgaria.
The "Mint Team," maintainers of the distro and operators of the hacked web site, say that the links were only active on February 20th, 2016. These were listed under download "mirror" sites; direct HTTP downloads from Mint Team servers and torrents were not affected. Only backdoored versions of the "Cinnamon" edition were identified, not the "MATE" or "Xfce" editions, which use different default desktop environments.