SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 613c9682e987177bee34a4400d5b08b78b42a5b5.

Database Entry

SHA1 Fingerprint:	613c9682e987177bee34a4400d5b08b78b42a5b5
Certificate Common Name (CN):	thatatheodofri.thabeswnc.an
Issuer Distinguished Name (DN):	thatatheodofri.thabeswnc.an
TLS Version:	TLSv1
First seen:	2017-03-22 18:36:07 UTC
Last seen:	2017-03-23 15:44:10 UTC
Status:	Blacklisted
Listing reason:	Dridex C&C
Listing date:	2017-03-23 19:07:13
Malware samples:	7
Botnet C&Cs:	1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2017-03-23 15:44:10	b0091c348e617462964b5ddf72d7073c	33/62 (53.23%)	Dridex	8.8.247.36:443
2017-03-23 15:44:10	b0091c348e617462964b5ddf72d7073c	33/62 (53.23%)	Dridex	8.8.247.36:443
2017-03-23 12:55:06	802eb0928efd197e78afb1c6a5aa1915	44/61 (72.13%)	Dridex	8.8.247.36:443
2017-03-23 12:55:06	802eb0928efd197e78afb1c6a5aa1915	44/61 (72.13%)	Dridex	8.8.247.36:443
2017-03-23 03:05:05	c215eb225a354f41a68091100885d4ec	36/61 (59.02%)	Dridex	8.8.247.36:443
2017-03-23 03:05:05	c215eb225a354f41a68091100885d4ec	36/61 (59.02%)	Dridex	8.8.247.36:443
2017-03-22 18:51:44	84abdddea487cef7c19b2ec37f613420	n/a	Dridex	8.8.247.36:443
2017-03-22 18:51:44	84abdddea487cef7c19b2ec37f613420	n/a	Dridex	8.8.247.36:443
2017-03-22 18:42:35	7e6b5a2f93879a2aa4dd421889e880da	n/a	Dridex	8.8.247.36:443
2017-03-22 18:42:35	7e6b5a2f93879a2aa4dd421889e880da	n/a	Dridex	8.8.247.36:443
2017-03-22 18:38:46	61fbc54d879a307ccfac2c862280507f	n/a	Dridex	8.8.247.36:443
2017-03-22 18:38:46	61fbc54d879a307ccfac2c862280507f	n/a	Dridex	8.8.247.36:443
2017-03-22 18:36:07	9122dca70f0acb1df0b14b86072435dd	n/a	Dridex	8.8.247.36:443
2017-03-22 18:36:07	9122dca70f0acb1df0b14b86072435dd	n/a	Dridex	8.8.247.36:443

# of entries: 14 (max: 100)