SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 0817e0e3aa88569f70c4a79da4e1dacc6c034058.

Database Entry

SHA1 Fingerprint:0817e0e3aa88569f70c4a79da4e1dacc6c034058
Certificate Common Name (CN):localhost
Issuer Distinguished Name (DN):localhost
TLS Version:TLSv1
First seen:2016-08-05 05:26:52 UTC
Last seen:2016-08-14 09:33:18 UTC
Status:Blacklisted
Listing reason:Gootkit C&C
Listing date:2016-08-05 08:44:17
Malware samples:6
Botnet C&Cs:1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-08-14 09:33:18df8d891e96c1062f6d0b6258dbbf3907Virustotal results 42/57 (73.68%) Shylock 109.203.117.155:80
2016-08-14 09:33:18df8d891e96c1062f6d0b6258dbbf3907Virustotal results 42/57 (73.68%) Shylock 109.203.117.155:80
2016-08-12 05:48:24621f8d3ebe283d0102a2ef09bff19766Virustotal results 33/56 (58.93%) Shylock 109.203.117.155:80
2016-08-12 05:48:24621f8d3ebe283d0102a2ef09bff19766Virustotal results 33/56 (58.93%) Shylock 109.203.117.155:80
2016-08-10 15:08:34ff4467bdbb0fef0ee4076bc273ae83a3n/aShylock 109.203.117.155:80
2016-08-10 15:08:34ff4467bdbb0fef0ee4076bc273ae83a3n/aShylock 109.203.117.155:80
2016-08-07 13:54:3580fc827fb2c7886abb92c9ad04c9a33dVirustotal results 40/57 (70.18%) Shylock 109.203.117.155:80
2016-08-07 13:54:3580fc827fb2c7886abb92c9ad04c9a33dVirustotal results 40/57 (70.18%) Shylock 109.203.117.155:80
2016-08-07 06:27:19f56065fcd67c9ba57830c05f2acfc290Virustotal results 38/57 (66.67%) Shylock 109.203.117.155:80
2016-08-07 06:27:19f56065fcd67c9ba57830c05f2acfc290Virustotal results 38/57 (66.67%) Shylock 109.203.117.155:80
2016-08-05 05:26:525a3027aacdc3d5f55c385c4e3cdfdd46n/aGootkit 109.203.117.155:80
2016-08-05 05:26:525a3027aacdc3d5f55c385c4e3cdfdd46n/aGootkit 109.203.117.155:80

# of entries: 12 (max: 100)