SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 0c6d3721e9b4ba3bbac4617b34f0f0ff75f88e72.

Database Entry

SHA1 Fingerprint:0c6d3721e9b4ba3bbac4617b34f0f0ff75f88e72
Certificate Common Name (CN):biszweater.pw/emailAddress=webmaster@biszweater.pw
Issuer Distinguished Name (DN):biszweater.pw/emailAddress=webmaster@biszweater.pw
TLS Version:TLS 1.2
First seen:2016-11-19 17:29:58 UTC
Last seen:2016-11-20 18:13:02 UTC
Status:Blacklisted
Listing reason:Tuhkit C&C
Listing date:2016-11-21 11:09:33
Malware samples:6
Botnet C&Cs:1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-11-20 18:13:022168ffd2ea3c138c524289ef163da01cn/aTuhkit89.40.127.231:80
2016-11-20 18:13:022168ffd2ea3c138c524289ef163da01cn/aTuhkit89.40.127.231:80
2016-11-20 08:09:034fb7b7f3f382b7e82edb4fbe704d217an/aTuhkit89.40.127.231:80
2016-11-20 08:09:034fb7b7f3f382b7e82edb4fbe704d217an/aTuhkit89.40.127.231:80
2016-11-20 04:47:54ac5c01797c3aabef08c28cc23cde3eefVirustotal results 21/57 (36.84%) Tuhkit89.40.127.231:80
2016-11-20 04:47:54ac5c01797c3aabef08c28cc23cde3eefVirustotal results 21/57 (36.84%) Tuhkit89.40.127.231:80
2016-11-20 03:06:24499a9c1c80fa907893d4e5cbbbf7681cn/aTuhkit89.40.127.231:80
2016-11-20 03:06:24499a9c1c80fa907893d4e5cbbbf7681cn/aTuhkit89.40.127.231:80
2016-11-20 01:57:55982b2eaa8d2b451872fac289d0c572adn/aTuhkit89.40.127.231:80
2016-11-20 01:57:55982b2eaa8d2b451872fac289d0c572adn/aTuhkit89.40.127.231:80
2016-11-19 17:29:58e166840d0e7a795708fca544b83e1236Virustotal results 20/57 (35.09%) Tuhkit89.40.127.231:80
2016-11-19 17:29:58e166840d0e7a795708fca544b83e1236Virustotal results 20/57 (35.09%) Tuhkit89.40.127.231:80

# of entries: 12 (max: 100)