SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 98c97ebcf9a16f604136307bcf251f9e00755d99.

Database Entry


SHA1 Fingerprint:98c97ebcf9a16f604136307bcf251f9e00755d99
Certificate Common Name (CN):rotmansaaatot.icu
Issuer Distinguished Name (DN):Let's Encrypt Authority X3
TLS Version:TLS 1.2
First seen:2018-10-03 15:04:52 UTC
Last seen:2018-10-04 10:49:52 UTC
Status:Blacklisted
Listing reason:Gozi C&C
Listing date:2018-10-04 09:46:52
Malware samples:8
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2018-10-04 10:49:5217a9847e2dbf83dbf2f81539005e1e8cn/aGozi 46.29.165.207:443
2018-10-04 07:32:00cf6e87af545745f6bb6ab4fa7161badbVirustotal results 37/69 (53.62%) Gozi 46.29.165.207:443
2018-10-04 06:47:478a34bda136a8e7858bac01c1f257d251n/aGozi 46.29.165.207:443
2018-10-04 06:31:41d919668b29eb88b6a530eec0406aa743Virustotal results 35/68 (51.47%) Gozi 46.29.165.207:443
2018-10-03 19:46:118eac083433afc180c728fad286c37200n/aGozi 46.29.165.207:443
2018-10-03 19:11:30ed33fcde6695edccbd0d844f1a9ea373Virustotal results 36/68 (52.94%) Gozi 46.29.165.207:443
2018-10-03 15:50:5050597e436876e9c69996ac3147571733Virustotal results 18/58 (31.03%) Gozi 46.29.165.207:443
2018-10-03 15:04:52cea99798368c5d89ccd16ea98a9c1a21Virustotal results 35/69 (50.72%) Gozi 46.29.165.207:443

# of entries: 8 (max: 100)