SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 1210c3324a067448d47ad198084d7a04b15fbb39.

Database Entry


SHA1 Fingerprint:1210c3324a067448d47ad198084d7a04b15fbb39
Certificate Common Name (CN):thhabvppp.com
Issuer Distinguished Name (DN):thhabvppp.com
TLS Version:TLS 1.2
First seen:2016-12-03 01:39:21 UTC
Last seen:2017-01-19 07:32:14 UTC
Status:Blacklisted
Listing reason:Vawtrak C&C
Listing date:2016-12-03 09:54:21
Malware samples:6
Botnet C&Cs:5

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2017-01-19 07:32:14b7e172b37c559bc8b1d660ce89838857Virustotal results 8/56 (14.29%) Vawtrak 5.196.129.108:443
2017-01-13 16:07:023aab483ebd107c6e6e44aad524e40ec0Virustotal results 38/58 (65.52%) Vawtrak 51.254.39.113:443
2017-01-13 13:46:53c3d36f11d65851242b6eddaa835fc72bVirustotal results 41/57 (71.93%) Vawtrak 51.254.39.113:443
2016-12-15 19:15:016a6523b1f62fb9684353229be727d09eVirustotal results 21/57 (36.84%) Vawtrak 109.248.222.180:443
2016-12-14 21:46:223868082e4daa93d34a3fe5d7df9d1d72Virustotal results 22/57 (38.60%) Vawtrak 62.76.189.215:443
2016-12-03 01:39:21aa736b6e8e55b91ce00e572befc179f4Virustotal results 33/57 (57.89%) Vawtrak 5.149.249.178:443

# of entries: 6 (max: 100)