SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 2662e232d7da6ef5213e362275a05fc236ad9e95.

Database Entry


SHA1 Fingerprint:2662e232d7da6ef5213e362275a05fc236ad9e95
Certificate Common Name (CN):tofthetomousu.cs
Issuer Distinguished Name (DN):tofthetomousu.cs
TLS Version:TLS 1.2
First seen:2015-07-23 21:16:57 UTC
Last seen:2015-08-01 13:26:21 UTC
Status:Blacklisted
Listing reason:Dridex C&C
Listing date:2015-07-24 05:05:01
Malware samples:11
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2015-08-01 13:26:219b0b8087ae2c0398a9fddbb6b6496dc7Virustotal results 31/56 (55.36%) 162.243.12.14:449
2015-07-31 09:18:20853742ebaaa2e4a3dc29b9fe8c3822d4Virustotal results 14/56 (25.00%) Dridex 162.243.12.14:449
2015-07-30 18:47:545f93237c3eb6f756f0d95f56635b0ae8Virustotal results 11/56 (19.64%) Dridex 162.243.12.14:449
2015-07-30 18:29:515ee27ac177cf9667219ac9d01e6aa175Virustotal results 18/56 (32.14%) Dridex 162.243.12.14:449
2015-07-29 13:37:16e751a941b7cb8e85b4949cc3e7e39027Virustotal results 2/55 (3.64%) Dridex 162.243.12.14:449
2015-07-26 03:20:49a26fbbd72f9dd680a5bc224a89819a00Virustotal results 2/55 (3.64%) Dridex 162.243.12.14:449
2015-07-24 11:39:509e73e0c4b92253c5f8b6648f29b28b5bVirustotal results 4/55 (7.27%) Dridex 162.243.12.14:449
2015-07-24 08:45:33948c59ea3039951d312fb1190242f20eVirustotal results 2/55 (3.64%) Dridex 162.243.12.14:449
2015-07-23 23:33:36dd11a8abcecc2e95d96f1e84cfcc33bbVirustotal results 4/56 (7.14%) Dridex 162.243.12.14:449
2015-07-23 21:45:20fbd07085e643f13e54d33fc694bd5c33Virustotal results 18/56 (32.14%) Dridex 162.243.12.14:449
2015-07-23 21:16:57f3bdf84087eec79f54cd657ff2b42a30Virustotal results 3/56 (5.36%) 162.243.12.14:449

# of entries: 11 (max: 100)