SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 1210c3324a067448d47ad198084d7a04b15fbb39.

Database Entry

SHA1 Fingerprint:	1210c3324a067448d47ad198084d7a04b15fbb39
Certificate Common Name (CN):	thhabvppp.com
Issuer Distinguished Name (DN):	thhabvppp.com
TLS Version:	TLS 1.2
First seen:	2016-12-03 01:39:21 UTC
Last seen:	2017-01-19 07:32:14 UTC
Status:	Blacklisted
Listing reason:	Vawtrak C&C
Listing date:	2016-12-03 09:54:21
Malware samples:	6
Botnet C&Cs:	5

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2017-01-19 07:32:14	b7e172b37c559bc8b1d660ce89838857	8/56 (14.29%)	Vawtrak	5.196.129.108:443
2017-01-19 07:32:14	b7e172b37c559bc8b1d660ce89838857	8/56 (14.29%)	Vawtrak	5.196.129.108:443
2017-01-13 16:07:02	3aab483ebd107c6e6e44aad524e40ec0	38/58 (65.52%)	Vawtrak	51.254.39.113:443
2017-01-13 16:07:02	3aab483ebd107c6e6e44aad524e40ec0	38/58 (65.52%)	Vawtrak	51.254.39.113:443
2017-01-13 13:46:53	c3d36f11d65851242b6eddaa835fc72b	41/57 (71.93%)	Vawtrak	51.254.39.113:443
2017-01-13 13:46:53	c3d36f11d65851242b6eddaa835fc72b	41/57 (71.93%)	Vawtrak	51.254.39.113:443
2016-12-15 19:15:01	6a6523b1f62fb9684353229be727d09e	21/57 (36.84%)	Vawtrak	109.248.222.180:443
2016-12-15 19:15:01	6a6523b1f62fb9684353229be727d09e	21/57 (36.84%)	Vawtrak	109.248.222.180:443
2016-12-14 21:46:22	3868082e4daa93d34a3fe5d7df9d1d72	22/57 (38.60%)	Vawtrak	62.76.189.215:443
2016-12-14 21:46:22	3868082e4daa93d34a3fe5d7df9d1d72	22/57 (38.60%)	Vawtrak	62.76.189.215:443
2016-12-03 01:39:21	aa736b6e8e55b91ce00e572befc179f4	33/57 (57.89%)	Vawtrak	5.149.249.178:443
2016-12-03 01:39:21	aa736b6e8e55b91ce00e572befc179f4	33/57 (57.89%)	Vawtrak	5.149.249.178:443

# of entries: 12 (max: 100)