SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 91e05ef0663bdfd9693a5c68735a4b7be13c941e.

Database Entry


SHA1 Fingerprint:91e05ef0663bdfd9693a5c68735a4b7be13c941e
Certificate Common Name (CN):localhost.localdomain
Issuer Distinguished Name (DN):localhost.localdomain
TLS Version:TLS 1.2
First seen:2016-11-25 18:07:41 UTC
Last seen:2016-12-11 12:08:51 UTC
Status:Blacklisted
Listing reason:TrickBot C&C
Listing date:2016-11-27 08:56:20
Malware samples:5
Botnet C&Cs:3

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-12-11 12:08:5187aebf50fa43fa08684e28deae01c6e7Virustotal results 15/56 (26.79%) TrickBot 192.189.25.143:443
2016-12-11 12:08:5187aebf50fa43fa08684e28deae01c6e7Virustotal results 15/56 (26.79%) TrickBot 192.189.25.143:443
2016-12-05 16:40:282e3a4bbd6064cc756d6a3093f83d7385Virustotal results 43/56 (76.79%) TrickBot 192.189.25.148:447
2016-12-05 16:40:282e3a4bbd6064cc756d6a3093f83d7385Virustotal results 43/56 (76.79%) TrickBot 192.189.25.148:447
2016-12-03 08:07:3146ffaa075dd586a6f93a4d26a2431355Virustotal results 8/57 (14.04%) TrickBot 192.189.25.143:443
2016-12-03 08:07:3146ffaa075dd586a6f93a4d26a2431355Virustotal results 8/57 (14.04%) TrickBot 192.189.25.143:443
2016-11-26 07:48:49c0f1af1e72056486b5f9e8fbe01ba8b1Virustotal results 34/57 (59.65%) TrickBot 192.189.25.142:447
2016-11-26 07:48:49c0f1af1e72056486b5f9e8fbe01ba8b1Virustotal results 34/57 (59.65%) TrickBot 192.189.25.142:447
2016-11-25 18:07:41a9a5d89ad2753f582ba791a6e433f871Virustotal results 26/56 (46.43%) TrickBot 192.189.25.142:447
2016-11-25 18:07:41a9a5d89ad2753f582ba791a6e433f871Virustotal results 26/56 (46.43%) TrickBot 192.189.25.142:447

# of entries: 10 (max: 100)