SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 1714ea54c7f0d5e801c9822137a794b655e44529.

Database Entry

SHA1 Fingerprint:	1714ea54c7f0d5e801c9822137a794b655e44529
Certificate Common Name (CN):	salagriva.com/emailAddress=admin@salagriva.com
Issuer Distinguished Name (DN):	salagriva.com/emailAddress=admin@salagriva.com
TLS Version:	TLSv1
First seen:	2016-02-18 21:19:51 UTC
Last seen:	2016-04-13 08:10:41 UTC
Status:	Blacklisted
Listing reason:	Qadars C&C
Listing date:	2016-02-19 07:18:46
Malware samples:	52
Botnet C&Cs:	9

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2016-04-13 08:10:41	d23f754f1c3a89dea9b0d1749b7fb9ba	n/a	Quakbot	192.169.6.155:443
2016-04-13 08:10:41	d23f754f1c3a89dea9b0d1749b7fb9ba	n/a	Quakbot	192.169.6.155:443
2016-04-13 08:06:19	02c1e7e0d11fc72a475dd645e6da6a4b	n/a	Quakbot	192.169.6.155:443
2016-04-13 08:06:19	02c1e7e0d11fc72a475dd645e6da6a4b	n/a	Quakbot	192.169.6.155:443
2016-04-13 07:46:25	a587b15506de11ff3c9eed0a4b3ce7a9	n/a	Quakbot	192.169.6.155:443
2016-04-13 07:46:25	a587b15506de11ff3c9eed0a4b3ce7a9	n/a	Quakbot	192.169.6.155:443
2016-04-13 06:28:10	fcd7de955549607144d90cbbcd9842b4	n/a	Quakbot	192.169.6.155:443
2016-04-13 06:28:10	fcd7de955549607144d90cbbcd9842b4	n/a	Quakbot	192.169.6.155:443
2016-04-13 05:40:37	35bcfa36fc39e1a089ce2002884a2ee2	n/a	Quakbot	192.169.6.155:443
2016-04-13 05:40:37	35bcfa36fc39e1a089ce2002884a2ee2	n/a	Quakbot	192.169.6.155:443
2016-04-12 13:19:18	f5dbd84500ec6b2598b21bb9fe09219d	n/a	Quakbot	192.169.6.155:443
2016-04-12 13:19:18	f5dbd84500ec6b2598b21bb9fe09219d	n/a	Quakbot	192.169.6.155:443
2016-04-12 09:04:08	7a76ccff673670fa8208bd3e924c4216	n/a	Quakbot	192.169.6.155:443
2016-04-12 09:04:08	7a76ccff673670fa8208bd3e924c4216	n/a	Quakbot	192.169.6.155:443
2016-04-11 11:44:54	6e2813ca24b22af5bc87b9d2118fa444	30/57 (52.63%)	Quakbot	192.169.6.155:443
2016-04-11 11:44:54	6e2813ca24b22af5bc87b9d2118fa444	30/57 (52.63%)	Quakbot	192.169.6.155:443
2016-04-11 08:38:26	a681be0d2016499c23f5f5885a770b09	23/57 (40.35%)	Quakbot	192.169.6.155:443
2016-04-11 08:38:26	a681be0d2016499c23f5f5885a770b09	23/57 (40.35%)	Quakbot	192.169.6.155:443
2016-04-11 07:16:47	9ffac386a269c8bf1a1a06ece089b33a	19/57 (33.33%)	Quakbot	192.169.6.155:443
2016-04-11 07:16:47	9ffac386a269c8bf1a1a06ece089b33a	19/57 (33.33%)	Quakbot	192.169.6.155:443
2016-04-10 06:29:09	2a7da20b1373d0559b9e57478336d46e	n/a	Quakbot	192.52.167.201:443
2016-04-10 06:29:09	2a7da20b1373d0559b9e57478336d46e	n/a	Quakbot	192.52.167.201:443
2016-04-09 12:40:23	7061a43f164d1d1dc0b8bcc3a74b8714	15/57 (26.32%)	Quakbot	199.193.250.105:443
2016-04-09 12:40:23	7061a43f164d1d1dc0b8bcc3a74b8714	15/57 (26.32%)	Quakbot	199.193.250.105:443
2016-04-07 07:43:44	81d757c4573152c6673a2a3ebfb1657d	9/57 (15.79%)	Quakbot	199.193.250.105:443
2016-04-07 07:43:44	81d757c4573152c6673a2a3ebfb1657d	9/57 (15.79%)	Quakbot	199.193.250.105:443
2016-04-06 02:44:11	e30d4b61520c8c02016f172a65a76a59	18/57 (31.58%)	Quakbot	199.193.250.105:443
2016-04-06 02:44:11	e30d4b61520c8c02016f172a65a76a59	18/57 (31.58%)	Quakbot	199.193.250.105:443
2016-04-02 12:13:46	09693e2a1af7eeff2f37996623282c22	n/a	Quakbot	199.193.250.105:443
2016-04-02 12:13:46	09693e2a1af7eeff2f37996623282c22	n/a	Quakbot	199.193.250.105:443
2016-03-31 15:46:23	ca1337b5c21ad5b529dc18c607c9e0c8	11/56 (19.64%)	Quakbot	91.216.245.35:443
2016-03-31 15:46:23	ca1337b5c21ad5b529dc18c607c9e0c8	11/56 (19.64%)	Quakbot	91.216.245.35:443
2016-03-26 23:16:05	3012ed3be68974a45af00ddc0febda6c	29/57 (50.88%)	Quakbot	91.216.245.35:443
2016-03-26 23:16:05	3012ed3be68974a45af00ddc0febda6c	29/57 (50.88%)	Quakbot	91.216.245.35:443
2016-03-24 18:58:49	004a28a66cc0e77c76365317c59d4d27	n/a	Quakbot	91.216.245.35:443
2016-03-24 18:58:49	004a28a66cc0e77c76365317c59d4d27	n/a	Quakbot	91.216.245.35:443
2016-03-19 16:40:52	281fda790447f24ba69892d22fe1af08	38/57 (66.67%)	Quakbot	91.216.245.35:443
2016-03-19 16:40:52	281fda790447f24ba69892d22fe1af08	38/57 (66.67%)	Quakbot	91.216.245.35:443
2016-03-07 05:49:18	fb26bef696604a19a6c4d30cd6e67b30	27/57 (47.37%)	Quakbot	192.157.249.24:443
2016-03-07 05:49:18	fb26bef696604a19a6c4d30cd6e67b30	27/57 (47.37%)	Quakbot	192.157.249.24:443
2016-03-05 09:41:25	cf4b30b496c3ab50cb2f0458ecfe589b	n/a	Quakbot	192.157.249.24:443
2016-03-05 09:41:25	cf4b30b496c3ab50cb2f0458ecfe589b	n/a	Quakbot	192.157.249.24:443
2016-03-04 02:02:27	02162ee9dc1c8b9f319be8021c430b25	n/a	Quakbot	192.157.249.24:443
2016-03-04 02:02:27	02162ee9dc1c8b9f319be8021c430b25	n/a	Quakbot	192.157.249.24:443
2016-03-02 06:24:34	e7b82b47aab9dc474b2f1a72ed1d75b2	n/a	Quakbot	84.200.2.23:443
2016-03-02 06:24:34	e7b82b47aab9dc474b2f1a72ed1d75b2	n/a	Quakbot	84.200.2.23:443
2016-03-01 19:56:52	b8ea1fdc5f893fcb06e838d2f9f25c6b	27/55 (49.09%)	Quakbot	84.200.2.23:443
2016-03-01 19:56:52	b8ea1fdc5f893fcb06e838d2f9f25c6b	27/55 (49.09%)	Quakbot	84.200.2.23:443
2016-03-01 13:11:46	3519d79fe427833661dec573e62771a7	36/56 (64.29%)	Quakbot	84.200.2.23:443
2016-03-01 13:11:46	3519d79fe427833661dec573e62771a7	36/56 (64.29%)	Quakbot	84.200.2.23:443
2016-03-01 08:09:57	a8db8cc080ee9a33ca48ac2f5e205ae6	3/56 (5.36%)	Qadars	84.200.2.23:443
2016-03-01 08:09:57	a8db8cc080ee9a33ca48ac2f5e205ae6	3/56 (5.36%)	Qadars	84.200.2.23:443
2016-02-29 13:33:19	eb3a79de543d8f243a87ad5742dadcbe	n/a	Quakbot	84.200.2.23:443
2016-02-29 13:33:19	eb3a79de543d8f243a87ad5742dadcbe	n/a	Quakbot	84.200.2.23:443
2016-02-29 12:41:57	279a0b5109d5c898bfeb7daaf6383da5	n/a	Quakbot	84.200.2.23:443
2016-02-29 12:41:57	279a0b5109d5c898bfeb7daaf6383da5	n/a	Quakbot	84.200.2.23:443
2016-02-29 12:36:50	8b252547121044cef9bd7763da067278	n/a	Quakbot	84.200.2.23:443
2016-02-29 12:36:50	8b252547121044cef9bd7763da067278	n/a	Quakbot	84.200.2.23:443
2016-02-29 08:53:56	593408dbc8cd8992038521acece31d47	n/a	Quakbot	84.200.2.23:443
2016-02-29 08:53:56	593408dbc8cd8992038521acece31d47	n/a	Quakbot	84.200.2.23:443
2016-02-29 07:34:42	6728e729d66cf7bff4c303f03698e663	n/a	Quakbot	84.200.2.23:443
2016-02-29 07:34:42	6728e729d66cf7bff4c303f03698e663	n/a	Quakbot	84.200.2.23:443
2016-02-28 11:17:00	8a263bb2fc12fc86c4a65cfc8cadb696	n/a	Qadars	192.157.238.182:443
2016-02-28 11:17:00	8a263bb2fc12fc86c4a65cfc8cadb696	n/a	Qadars	192.157.238.182:443
2016-02-27 15:27:58	d76cc030bd9e3095d1fcba4cc73bb920	3/56 (5.36%)	Qadars	192.157.238.182:443
2016-02-27 15:27:58	d76cc030bd9e3095d1fcba4cc73bb920	3/56 (5.36%)	Qadars	192.157.238.182:443
2016-02-27 08:11:30	37823f69a9c18b5d069d773d1aa66fbf	n/a	Qadars	192.157.238.182:443
2016-02-27 08:11:30	37823f69a9c18b5d069d773d1aa66fbf	n/a	Qadars	192.157.238.182:443
2016-02-27 07:14:41	54a6bc698190bd912c6c5b4ae80742bc	19/56 (33.93%)	Qadars	192.157.238.182:443
2016-02-27 07:14:41	54a6bc698190bd912c6c5b4ae80742bc	19/56 (33.93%)	Qadars	192.157.238.182:443
2016-02-27 01:01:44	a8e94d41f534736800e05454e12d9c09	17/55 (30.91%)	Qadars	192.157.238.182:443
2016-02-27 01:01:44	a8e94d41f534736800e05454e12d9c09	17/55 (30.91%)	Qadars	192.157.238.182:443
2016-02-22 15:47:07	08963839c532975c1ebc6191c80ac9fe	6/55 (10.91%)	Qadars	192.169.6.173:443
2016-02-22 15:47:07	08963839c532975c1ebc6191c80ac9fe	6/55 (10.91%)	Qadars	192.169.6.173:443
2016-02-21 19:10:19	72ac0618f399b9717706de786bb79679	6/55 (10.91%)	Qadars	168.235.66.206:443
2016-02-21 19:10:19	72ac0618f399b9717706de786bb79679	6/55 (10.91%)	Qadars	168.235.66.206:443
2016-02-21 15:11:27	661a6b57086a7ea6b67c083757c9f8b1	4/55 (7.27%)	Qadars	168.235.66.206:443
2016-02-21 15:11:27	661a6b57086a7ea6b67c083757c9f8b1	4/55 (7.27%)	Qadars	168.235.66.206:443
2016-02-21 14:31:34	b23859609f98a78afc4fb1af0be91a2a	25/56 (44.64%)	Qadars	168.235.66.206:443
2016-02-21 14:31:34	b23859609f98a78afc4fb1af0be91a2a	25/56 (44.64%)	Qadars	168.235.66.206:443
2016-02-21 14:18:18	674191b46583e6db3f924117b74627c2	28/57 (49.12%)	Qadars	168.235.66.206:443
2016-02-21 14:18:18	674191b46583e6db3f924117b74627c2	28/57 (49.12%)	Qadars	168.235.66.206:443
2016-02-21 14:06:27	0508a654ee6a9b59937296fcc341ea99	31/57 (54.39%)	Qadars	168.235.66.206:443
2016-02-21 14:06:27	0508a654ee6a9b59937296fcc341ea99	31/57 (54.39%)	Qadars	168.235.66.206:443
2016-02-21 13:44:41	51f217379ccc4c0f9162bc5265dff675	18/52 (34.62%)	Qadars	168.235.66.206:443
2016-02-21 13:44:41	51f217379ccc4c0f9162bc5265dff675	18/52 (34.62%)	Qadars	168.235.66.206:443
2016-02-20 18:48:33	2006abd6eb5885ea3a7752d9df9e32a5	22/55 (40.00%)	Qadars	168.235.66.206:443
2016-02-20 18:48:33	2006abd6eb5885ea3a7752d9df9e32a5	22/55 (40.00%)	Qadars	168.235.66.206:443
2016-02-20 14:02:10	cc73e8712b1689a941743d69b8b7db48	3/54 (5.56%)	Qadars	168.235.66.206:443
2016-02-20 14:02:10	cc73e8712b1689a941743d69b8b7db48	3/54 (5.56%)	Qadars	168.235.66.206:443
2016-02-20 11:48:41	d38ecc17df1006f3e0ee801863fcc9e6	4/55 (7.27%)	Qadars	168.235.66.206:443
2016-02-20 11:48:41	d38ecc17df1006f3e0ee801863fcc9e6	4/55 (7.27%)	Qadars	168.235.66.206:443
2016-02-20 11:34:56	e61c1c00329503689d4ce4e8e6d3b2ab	14/55 (25.45%)	Qadars	168.235.66.206:443
2016-02-20 11:34:56	e61c1c00329503689d4ce4e8e6d3b2ab	14/55 (25.45%)	Qadars	168.235.66.206:443
2016-02-20 10:19:33	fd3614fe130d908e1a24a5a8f7ab8939	31/53 (58.49%)	Phorpiex	168.235.66.206:443
2016-02-20 10:19:33	fd3614fe130d908e1a24a5a8f7ab8939	31/53 (58.49%)	Phorpiex	168.235.66.206:443
2016-02-19 18:45:05	7686f9284baccd719ddd11ab6370c102	6/55 (10.91%)	Qadars	168.235.66.206:443
2016-02-19 18:45:05	7686f9284baccd719ddd11ab6370c102	6/55 (10.91%)	Qadars	168.235.66.206:443
2016-02-19 16:28:31	54c9f6748b0b8f9c61cd5ef6b0d713a3	17/55 (30.91%)	Qadars	168.235.66.206:443
2016-02-19 16:28:31	54c9f6748b0b8f9c61cd5ef6b0d713a3	17/55 (30.91%)	Qadars	168.235.66.206:443

# of entries: 100 (max: 100)