SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 24bbbe147a1a2941f70a4f6e60ea87760fd06f06.

Database Entry

SHA1 Fingerprint:	24bbbe147a1a2941f70a4f6e60ea87760fd06f06
Certificate Common Name (CN):	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Issuer Distinguished Name (DN):	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
TLS Version:	TLS 1.2
First seen:	2018-04-26 16:15:53 UTC
Last seen:	2018-07-06 07:29:24 UTC
Status:	Blacklisted
Listing reason:	Gozi C&C
Listing date:	2018-04-27 07:32:21
Malware samples:	15
Botnet C&Cs:	3

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2018-07-06 07:29:24	aad30de327f42ecd493305c08dd9a186	10/67 (14.93%)	Gozi	185.224.249.29:443
2018-07-06 07:29:24	aad30de327f42ecd493305c08dd9a186	10/67 (14.93%)	Gozi	185.224.249.29:443
2018-06-27 14:22:47	c9a2fdfbd108a46d7e70cc3b50f6c1a6	19/67 (28.36%)	Gozi	185.159.128.236:443
2018-06-27 14:22:47	c9a2fdfbd108a46d7e70cc3b50f6c1a6	19/67 (28.36%)	Gozi	185.159.128.236:443
2018-06-25 09:49:56	a21515fa851e924b939b90c1e07b2c8a	20/67 (29.85%)	Gozi	185.159.128.236:443
2018-06-25 09:49:56	a21515fa851e924b939b90c1e07b2c8a	20/67 (29.85%)	Gozi	185.159.128.236:443
2018-06-18 15:14:54	04284bbab6904f73a00f5040286d6bb2	25/67 (37.31%)	TrickBot	185.159.128.236:443
2018-06-18 15:14:54	04284bbab6904f73a00f5040286d6bb2	25/67 (37.31%)	TrickBot	185.159.128.236:443
2018-06-18 15:14:54	04284bbab6904f73a00f5040286d6bb2	25/67 (37.31%)	TrickBot	185.159.128.236:443
2018-06-18 15:14:54	04284bbab6904f73a00f5040286d6bb2	25/67 (37.31%)	TrickBot	185.159.128.236:443
2018-06-18 10:47:03	412130272ba30a1ec89fdf0bd01ec9fe	13/67 (19.40%)	Gozi	185.159.128.236:443
2018-06-18 10:47:03	412130272ba30a1ec89fdf0bd01ec9fe	13/67 (19.40%)	Gozi	185.159.128.236:443
2018-06-16 20:31:12	7e9cd6f55c04335e0eb93103f2d0a8ba	24/67 (35.82%)	Gozi	185.159.128.236:443
2018-06-16 20:31:12	7e9cd6f55c04335e0eb93103f2d0a8ba	24/67 (35.82%)	Gozi	185.159.128.236:443
2018-06-14 03:01:23	88ff997042028e93d4c4eec435de9d1e	38/68 (55.88%)	Gozi	185.159.128.236:443
2018-06-14 03:01:23	88ff997042028e93d4c4eec435de9d1e	38/68 (55.88%)	Gozi	185.159.128.236:443
2018-06-12 12:26:52	117f4a9e5e146a2ff2be5509dd3d738a	13/68 (19.12%)	Gozi	185.159.128.236:443
2018-06-12 12:26:52	117f4a9e5e146a2ff2be5509dd3d738a	13/68 (19.12%)	Gozi	185.159.128.236:443
2018-06-05 08:07:16	775ce6ce6f31259022e9af0d0e95ca34	10/65 (15.38%)	Gozi	185.159.128.236:443
2018-06-05 08:07:16	775ce6ce6f31259022e9af0d0e95ca34	10/65 (15.38%)	Gozi	185.159.128.236:443
2018-05-30 17:57:06	fee99bf0086921bdac7c3b2c9b9a0615	34/65 (52.31%)	Gozi	185.159.128.236:443
2018-05-30 17:57:06	fee99bf0086921bdac7c3b2c9b9a0615	34/65 (52.31%)	Gozi	185.159.128.236:443
2018-05-25 01:42:46	b6d74bd969584e4cf3c792ba6f71dd4e	7/63 (11.11%)		185.159.128.236:443
2018-05-25 01:42:46	b6d74bd969584e4cf3c792ba6f71dd4e	7/63 (11.11%)		185.159.128.236:443
2018-05-17 18:52:57	6f0a02a86400079fe8e2c76609d232a3	26/66 (39.39%)		185.159.128.236:443
2018-05-17 18:52:57	6f0a02a86400079fe8e2c76609d232a3	26/66 (39.39%)		185.159.128.236:443
2018-05-17 06:44:56	7980226010f02292d8cbac440c9c0443	7/65 (10.77%)	Gozi	185.159.128.236:443
2018-05-17 06:44:56	7980226010f02292d8cbac440c9c0443	7/65 (10.77%)	Gozi	185.159.128.236:443
2018-05-15 11:51:33	d145f6637925e36d7b1dbd9957329b15	5/66 (7.58%)		185.159.128.236:443
2018-05-15 11:51:33	d145f6637925e36d7b1dbd9957329b15	5/66 (7.58%)		185.159.128.236:443
2018-04-26 16:16:28	d246a156d9319fa7f9b0789e98a2d6ed	18/59 (30.51%)	Gozi	185.223.95.108:443
2018-04-26 16:16:28	d246a156d9319fa7f9b0789e98a2d6ed	18/59 (30.51%)	Gozi	185.223.95.108:443

# of entries: 32 (max: 100)