SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 0399b4d2132a027f5e69a99e2fd529fce19a42ab.

Database Entry

SHA1 Fingerprint:	0399b4d2132a027f5e69a99e2fd529fce19a42ab
Certificate Common Name (CN):	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Issuer Distinguished Name (DN):	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
TLS Version:	TLS 1.2
First seen:	2016-07-30 03:10:47 UTC
Last seen:	2016-08-14 19:35:43 UTC
Status:	Blacklisted
Listing reason:	Gozi C&C
Listing date:	2016-07-30 08:10:12
Malware samples:	6
Botnet C&Cs:	4

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2016-08-14 19:35:43	44749f7fb064b534275a7b876025c01f	30/56 (53.57%)	Gozi	5.63.152.13:443
2016-08-14 19:35:43	44749f7fb064b534275a7b876025c01f	30/56 (53.57%)	Gozi	5.63.152.13:443
2016-08-13 11:08:42	02b749919a4b104000eedbafd04be8bd	28/55 (50.91%)	Gozi	5.63.152.13:443
2016-08-13 11:08:42	02b749919a4b104000eedbafd04be8bd	28/55 (50.91%)	Gozi	5.63.152.13:443
2016-08-09 20:38:09	506ddd2b33d9aded980119ee885753e3	6/54 (11.11%)	Gozi	194.58.122.128:443
2016-08-09 20:38:09	506ddd2b33d9aded980119ee885753e3	6/54 (11.11%)	Gozi	194.58.122.128:443
2016-08-07 18:36:01	36fd220ff8bc7aaea204eff1a813e78d	15/54 (27.78%)	Gozi	185.26.114.26:443
2016-08-07 18:36:01	36fd220ff8bc7aaea204eff1a813e78d	15/54 (27.78%)	Gozi	185.26.114.26:443
2016-07-31 18:59:00	4fefce53e2af90b0bbe8586d0faa8433	21/55 (38.18%)	Gozi	164.132.221.157:443
2016-07-31 18:59:00	4fefce53e2af90b0bbe8586d0faa8433	21/55 (38.18%)	Gozi	164.132.221.157:443
2016-07-30 03:10:47	38b9c896ee0d738bcbca468a3a609ae7	21/54 (38.89%)	Gozi	164.132.221.157:443
2016-07-30 03:10:47	38b9c896ee0d738bcbca468a3a609ae7	21/54 (38.89%)	Gozi	164.132.221.157:443

# of entries: 12 (max: 100)