SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 8a6a4ea803df4d10e661ebb56d801191f1361f85.

Database Entry


SHA1 Fingerprint:8a6a4ea803df4d10e661ebb56d801191f1361f85
Certificate Common Name (CN):romantik.it
Issuer Distinguished Name (DN):romantik.it
TLS Version:TLSv1
First seen:2015-06-30 12:04:21 UTC
Last seen:2015-07-07 16:08:29 UTC
Status:Blacklisted
Listing reason:Dridex C&C
Listing date:2015-07-13 07:22:43
Malware samples:8
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2015-07-07 16:08:29cf8a658e8fcf856f753051424d4c423dn/aDridex 118.174.151.27:943
2015-07-04 14:38:1144ca65430ac1aa396e42dfb4862c9212Virustotal results 2/56 (3.57%) Dridex 118.174.151.27:943
2015-07-03 16:12:24469eaa7c5ba9e05d2ad96d9254139070Virustotal results 0/55 (0.00%) Dridex 118.174.151.27:943
2015-07-02 10:23:4462a5ce2f1c1393cc1a92764af711c2b1Virustotal results 3/55 (5.45%) Dridex 118.174.151.27:943
2015-07-01 13:04:13865164ef97c50bdd8e8740621234a3cfVirustotal results 1/55 (1.82%) Dridex 118.174.151.27:943
2015-07-01 09:38:4130e9c697261914b4cf506074fa518818Virustotal results 3/56 (5.36%) Dridex 118.174.151.27:943
2015-07-01 03:46:41b16c64284354646cc5ae9071fb53fceeVirustotal results 0/55 (0.00%) Dridex 118.174.151.27:943
2015-06-30 12:04:210a977dfcb93301f1841dbe2272d3102bVirustotal results 0/56 (0.00%) Dridex 118.174.151.27:943

# of entries: 8 (max: 100)