SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 39651dd1be23369f801b4779ac2d7db865e7a246.

Database Entry

SHA1 Fingerprint:39651dd1be23369f801b4779ac2d7db865e7a246
Certificate Common Name (CN):giviklorted.at
Issuer Distinguished Name (DN):RapidSSL SHA256 CA - G3
TLS Version:TLS 1.2
First seen:2016-02-14 01:23:53 UTC
Last seen:2016-02-23 14:55:16 UTC
Status:Blacklisted
Listing reason:Quakbot C&C
Listing date:2016-02-14 07:38:18
Malware samples:7
Botnet C&Cs:6

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-02-23 14:55:16a9c6032055ded3cdc6a4feac6be2c00cn/aQuakbot217.144.170.77:443
2016-02-23 14:55:16a9c6032055ded3cdc6a4feac6be2c00cn/aQuakbot217.144.170.77:443
2016-02-22 13:22:20970575b355240980b41fe36ffb11a7bfn/aQuakbot31.135.112.64:443
2016-02-22 13:22:20970575b355240980b41fe36ffb11a7bfn/aQuakbot31.135.112.64:443
2016-02-22 06:09:256f4fe53ed03208ccbbc9fe5debd617c4n/aQuakbot46.148.187.74:443
2016-02-22 06:09:256f4fe53ed03208ccbbc9fe5debd617c4n/aQuakbot46.148.187.74:443
2016-02-22 06:02:20a783ee14e1a26cec3a1bca9f5822d6e0n/aQuakbot46.98.198.248:443
2016-02-22 06:02:20a783ee14e1a26cec3a1bca9f5822d6e0n/aQuakbot46.98.198.248:443
2016-02-22 05:55:55215879fff86094782f0e2fe856358d78n/aQuakbot46.98.198.248:443
2016-02-22 05:55:55215879fff86094782f0e2fe856358d78n/aQuakbot46.98.198.248:443
2016-02-14 09:02:084abaf8f183c19763a38ddf1628e35155n/aQuakbot5.136.100.50:443
2016-02-14 09:02:084abaf8f183c19763a38ddf1628e35155n/aQuakbot5.136.100.50:443
2016-02-14 01:23:53aa2daa72d54c9e3c6288e7c95aeeb8ffVirustotal results 26/54 (48.15%) Quakbot46.118.130.60:443
2016-02-14 01:23:53aa2daa72d54c9e3c6288e7c95aeeb8ffVirustotal results 26/54 (48.15%) Quakbot46.118.130.60:443

# of entries: 14 (max: 100)