SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 849079a5855a6b6d50728445d1261bf3e8885bef.

Database Entry

SHA1 Fingerprint:	849079a5855a6b6d50728445d1261bf3e8885bef
Certificate Common Name (CN):	localhost
Issuer Distinguished Name (DN):	localhost
TLS Version:	SSLv3
First seen:	2014-04-30 22:58:42 UTC
Last seen:	2014-05-05 14:33:09 UTC
Status:	Blacklisted
Listing reason:	Shylock C&C
Listing date:	2014-05-04 08:24:32
Malware samples:	6
Botnet C&Cs:	1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2014-05-05 14:33:09	e74cb79a70b3bacd5d8d73d5b00e2093	18/52 (34.62%)	Shylock	54.198.19.105:443
2014-05-05 14:33:09	e74cb79a70b3bacd5d8d73d5b00e2093	18/52 (34.62%)	Shylock	54.198.19.105:443
2014-05-05 11:35:54	7352cc0d306845de1fcc1e6e82d76654	1/51 (1.96%)	Shylock	54.198.19.105:443
2014-05-05 11:35:54	7352cc0d306845de1fcc1e6e82d76654	1/51 (1.96%)	Shylock	54.198.19.105:443
2014-05-05 08:05:44	22d3d55fa19f668b456d9937022c3b6e	17/51 (33.33%)	Shylock	54.198.19.105:443
2014-05-05 08:05:44	22d3d55fa19f668b456d9937022c3b6e	17/51 (33.33%)	Shylock	54.198.19.105:443
2014-05-03 20:01:04	d02d14ea97cab9dd6ca9e3abcb94ef9f	20/52 (38.46%)	Shylock	54.198.19.105:443
2014-05-03 20:01:04	d02d14ea97cab9dd6ca9e3abcb94ef9f	20/52 (38.46%)	Shylock	54.198.19.105:443
2014-05-03 01:09:10	e4f4162b0a10ab9acdd5c66739d90e7c	38/57 (66.67%)	Shylock	54.198.19.105:443
2014-05-03 01:09:10	e4f4162b0a10ab9acdd5c66739d90e7c	38/57 (66.67%)	Shylock	54.198.19.105:443
2014-04-30 22:58:42	75bece4ecaf08c67a76bff54fe38750b	29/54 (53.70%)	Shylock	54.198.19.105:443
2014-04-30 22:58:42	75bece4ecaf08c67a76bff54fe38750b	29/54 (53.70%)	Shylock	54.198.19.105:443

# of entries: 12 (max: 100)