SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 3999302944cf1b07abf827008771c45dcf69f6fe.

Database Entry

SHA1 Fingerprint:	3999302944cf1b07abf827008771c45dcf69f6fe
Certificate Common Name (CN):	*
Issuer Distinguished Name (DN):	*
TLS Version:	TLS 1.2' NOTBEF
First seen:	2021-02-25 15:05:32 UTC
Last seen:	2021-02-26 07:44:15 UTC
Status:	Blacklisted
Listing reason:	Gozi C&C
Listing date:	2021-02-26 06:30:48
Malware samples:	6
Botnet C&Cs:	1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2021-02-26 07:44:15	b6d56d3ebd48d4a3534140b1c06cf5b4	n/a	Gozi	195.123.209.122:443
2021-02-26 07:44:15	b6d56d3ebd48d4a3534140b1c06cf5b4	n/a	Gozi	195.123.209.122:443
2021-02-26 03:57:17	a581b527e44fdebb3f62b184e4df5a4d	43 / 71 (60.56%)	Gozi	195.123.209.122:443
2021-02-26 03:57:17	a581b527e44fdebb3f62b184e4df5a4d	43 / 71 (60.56%)	Gozi	195.123.209.122:443
2021-02-25 20:54:28	8156afae8c5153957efa73b95075558a	49 / 69 (71.01%)	Quakbot	195.123.209.122:443
2021-02-25 20:54:28	8156afae8c5153957efa73b95075558a	49 / 69 (71.01%)	Quakbot	195.123.209.122:443
2021-02-25 19:05:25	203c546ece7ed3c3306df0f4e6ba81a1	21 / 69 (30.43%)	Quakbot	195.123.209.122:443
2021-02-25 19:05:25	203c546ece7ed3c3306df0f4e6ba81a1	21 / 69 (30.43%)	Quakbot	195.123.209.122:443
2021-02-25 15:19:01	156f0d86196b2e90f1a7158bebcb16ae	30 / 70 (42.86%)	Gozi	195.123.209.122:443
2021-02-25 15:19:01	156f0d86196b2e90f1a7158bebcb16ae	30 / 70 (42.86%)	Gozi	195.123.209.122:443
2021-02-25 15:05:32	0253bcc25a1815a9439d3cceb2dd5ff4	29 / 69 (42.03%)	RaccoonStealer	195.123.209.122:443
2021-02-25 15:05:32	0253bcc25a1815a9439d3cceb2dd5ff4	29 / 69 (42.03%)	RaccoonStealer	195.123.209.122:443

# of entries: 12 (max: 100)