SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint a393d201ba27f55b3cd986151d02f8681597602c.

Database Entry

SHA1 Fingerprint:	a393d201ba27f55b3cd986151d02f8681597602c
Certificate Common Name (CN):	Wureuzisen
Issuer Distinguished Name (DN):	Wureuzisen
TLS Version:	TLS 1.2
First seen:	2016-02-18 22:10:28 UTC
Last seen:	2018-10-01 16:49:57 UTC
Status:	Blacklisted
Listing reason:	ZeuS C&C
Listing date:	2016-03-29 08:34:06
Malware samples:	40
Botnet C&Cs:	22

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2018-10-01 16:49:57	4a18172e8d9f9ff2f97100b0c51eadc5	11/68 (16.18%)		144.217.33.200:443
2018-10-01 16:49:57	4a18172e8d9f9ff2f97100b0c51eadc5	11/68 (16.18%)		144.217.33.200:443
2018-09-22 07:32:55	6b97ecf0b0e121e5f7b0a891d4cc2c25	6/67 (8.96%)		144.217.33.200:443
2018-09-22 07:32:55	6b97ecf0b0e121e5f7b0a891d4cc2c25	6/67 (8.96%)		144.217.33.200:443
2018-06-03 14:10:29	a7fda3ba5fcad916c849ce91eb9c7f91	14/66 (21.21%)		144.217.33.200:443
2018-06-03 14:10:29	a7fda3ba5fcad916c849ce91eb9c7f91	14/66 (21.21%)		144.217.33.200:443
2018-05-27 17:53:54	bd18433436659a1f73cbeb09533a54a6	9/66 (13.64%)	Neutrino	144.217.33.200:443
2018-05-27 17:53:54	bd18433436659a1f73cbeb09533a54a6	9/66 (13.64%)	Neutrino	144.217.33.200:443
2017-11-04 11:19:21	1c2b347c5c1497fa954391e5924d1cc6	19/63 (30.16%)		144.217.33.200:443
2017-11-04 11:19:21	1c2b347c5c1497fa954391e5924d1cc6	19/63 (30.16%)		144.217.33.200:443
2017-09-18 06:17:38	bede57b8f16dbd0d0889a01c1da19318	33/65 (50.77%)		144.217.33.200:443
2017-09-18 06:17:38	bede57b8f16dbd0d0889a01c1da19318	33/65 (50.77%)		144.217.33.200:443
2017-08-23 17:17:09	0871449e69f071a16359f71064f6100c	30/63 (47.62%)		173.254.252.209:443
2017-08-23 17:17:09	0871449e69f071a16359f71064f6100c	30/63 (47.62%)		173.254.252.209:443
2017-03-13 02:02:06	21ba05feae8af69a0a4541b81e0c3a07	28/61 (45.90%)		144.217.33.200:443
2017-03-13 02:02:06	21ba05feae8af69a0a4541b81e0c3a07	28/61 (45.90%)		144.217.33.200:443
2017-03-11 21:14:26	aa9466608035bdb28bc3556e20af3d82	29/59 (49.15%)		144.208.127.72:443
2017-03-11 21:14:26	aa9466608035bdb28bc3556e20af3d82	29/59 (49.15%)		144.208.127.72:443
2017-02-17 10:03:13	a2c16c8bda4cc6a7517f66761e93afc7	31/59 (52.54%)		77.81.107.193:443
2017-02-17 10:03:13	a2c16c8bda4cc6a7517f66761e93afc7	31/59 (52.54%)		77.81.107.193:443
2017-02-14 21:44:59	3c64af6e74c479899ec213d409d45e10	27/59 (45.76%)		144.217.33.200:443
2017-02-14 21:44:59	3c64af6e74c479899ec213d409d45e10	27/59 (45.76%)		144.217.33.200:443
2017-02-14 05:37:00	b5f33db21993fe8dca3f26f5741a507b	23/58 (39.66%)		154.16.159.122:443
2017-02-14 05:37:00	b5f33db21993fe8dca3f26f5741a507b	23/58 (39.66%)		154.16.159.122:443
2017-02-13 13:31:35	831ee87b3b5ade1b54024545d1cd20c8	37/58 (63.79%)		23.239.85.14:443
2017-02-13 13:31:35	831ee87b3b5ade1b54024545d1cd20c8	37/58 (63.79%)		23.239.85.14:443
2017-02-11 04:01:34	e57a65eee37196df7dc171d7fc84e6e2	14/58 (24.14%)		103.28.71.118:443
2017-02-11 04:01:34	e57a65eee37196df7dc171d7fc84e6e2	14/58 (24.14%)		103.28.71.118:443
2017-02-04 00:34:48	861631f3461ac4a3a5e04043acc4bf8e	20/57 (35.09%)		69.61.83.121:443
2017-02-04 00:34:48	861631f3461ac4a3a5e04043acc4bf8e	20/57 (35.09%)		69.61.83.121:443
2017-01-30 18:08:47	5f6a17731d7b70d5907b2a1cb807fbc3	26/56 (46.43%)		69.61.83.121:443
2017-01-30 18:08:47	5f6a17731d7b70d5907b2a1cb807fbc3	26/56 (46.43%)		69.61.83.121:443
2017-01-26 17:28:28	5bb6a3d5efedfeb61687655da9445058	28/56 (50.00%)		79.137.13.22:443
2017-01-26 17:28:28	5bb6a3d5efedfeb61687655da9445058	28/56 (50.00%)		79.137.13.22:443
2016-12-21 17:34:18	a417c6a43a7dd292263fc1e29673466d	29/57 (50.88%)		77.81.107.193:443
2016-12-21 17:34:18	a417c6a43a7dd292263fc1e29673466d	29/57 (50.88%)		77.81.107.193:443
2016-12-18 02:42:52	4a9caf0b97c6e0f2be5e4f47d66ec2b3	25/57 (43.86%)	ZeuS	74.63.209.174:443
2016-12-18 02:42:52	4a9caf0b97c6e0f2be5e4f47d66ec2b3	25/57 (43.86%)	ZeuS	74.63.209.174:443
2016-12-13 05:38:34	a2e9c3eca78d5c3c033ec6aa81fc785f	18/56 (32.14%)		185.62.39.171:443
2016-12-13 05:38:34	a2e9c3eca78d5c3c033ec6aa81fc785f	18/56 (32.14%)		185.62.39.171:443
2016-11-24 00:45:54	a1fbd71e4216312b4e089455b64b49cf	13/56 (23.21%)	Terdot	104.223.21.3:443
2016-11-24 00:45:54	a1fbd71e4216312b4e089455b64b49cf	13/56 (23.21%)	Terdot	104.223.21.3:443
2016-11-16 00:46:26	05973f32b15cb08559d47414a934c528	26/57 (45.61%)	Terdot	96.9.244.10:443
2016-11-16 00:46:26	05973f32b15cb08559d47414a934c528	26/57 (45.61%)	Terdot	96.9.244.10:443
2016-11-01 16:00:38	57d39de50af090c533c4d9d15882f2d1	8/56 (14.29%)	ZeuS	96.9.244.114:443
2016-11-01 16:00:38	57d39de50af090c533c4d9d15882f2d1	8/56 (14.29%)	ZeuS	96.9.244.114:443
2016-10-18 05:01:15	652a0e23d2b880d2431ec78bc7d59982	26/57 (45.61%)		96.9.244.115:555
2016-10-18 05:01:15	652a0e23d2b880d2431ec78bc7d59982	26/57 (45.61%)		96.9.244.115:555
2016-10-14 12:50:46	0ffccf8f84017b1f640b282c99a2b40f	9/56 (16.07%)		96.9.244.115:555
2016-10-14 12:50:46	0ffccf8f84017b1f640b282c99a2b40f	9/56 (16.07%)		96.9.244.115:555
2016-09-05 19:29:52	0e225191249a5c29d3ab3caa638b12f5	4/56 (7.14%)	ZeuS	85.204.49.106:443
2016-09-05 19:29:52	0e225191249a5c29d3ab3caa638b12f5	4/56 (7.14%)	ZeuS	85.204.49.106:443
2016-08-28 03:32:32	fd1eb7239414f9aedf63e17ebdd5c1d7	19/56 (33.93%)	ZeuS	85.204.49.106:443
2016-08-28 03:32:32	fd1eb7239414f9aedf63e17ebdd5c1d7	19/56 (33.93%)	ZeuS	85.204.49.106:443
2016-08-08 12:45:24	104906bd958368cb58e1f356e960e914	18/54 (33.33%)	ZeuS	85.204.49.106:443
2016-08-08 12:45:24	104906bd958368cb58e1f356e960e914	18/54 (33.33%)	ZeuS	85.204.49.106:443
2016-07-26 12:27:29	9ec12e288103adf5edd40411a9653ca1	18/55 (32.73%)		85.204.49.106:443
2016-07-26 12:27:29	9ec12e288103adf5edd40411a9653ca1	18/55 (32.73%)		85.204.49.106:443
2016-07-03 13:15:27	330c90eb8aac5fc2f54d2a4d22670468	2/56 (3.57%)		85.204.49.106:443
2016-07-03 13:15:27	330c90eb8aac5fc2f54d2a4d22670468	2/56 (3.57%)		85.204.49.106:443
2016-06-22 23:43:05	fe27c1e99e260761b18fe922632e836e	n/a	VirLock	85.204.49.106:443
2016-06-22 23:43:05	fe27c1e99e260761b18fe922632e836e	n/a	VirLock	85.204.49.106:443
2016-06-14 11:13:45	0a092c9f698d04132221ced3cc6007dc	19/56 (33.93%)		85.204.49.106:443
2016-06-14 11:13:45	0a092c9f698d04132221ced3cc6007dc	19/56 (33.93%)		85.204.49.106:443
2016-06-12 01:44:40	a770e4f4dcf570411e772fb4e4390dcf	24/55 (43.64%)		85.204.49.106:443
2016-06-12 01:44:40	a770e4f4dcf570411e772fb4e4390dcf	24/55 (43.64%)		85.204.49.106:443
2016-05-16 10:26:32	d728a23fb123b35cfc219ee49ee55ea9	3/57 (5.26%)	ZeuS	104.37.169.139:443
2016-05-16 10:26:32	d728a23fb123b35cfc219ee49ee55ea9	3/57 (5.26%)	ZeuS	104.37.169.139:443
2016-05-08 23:15:26	629906d7331746f3729164557f70d1ec	8/57 (14.04%)	ZeuS	104.152.188.33:443
2016-05-08 23:15:26	629906d7331746f3729164557f70d1ec	8/57 (14.04%)	ZeuS	104.152.188.33:443
2016-05-08 15:53:26	5ea231dd419624298791d0699f226380	7/57 (12.28%)	ZeuS	104.152.188.33:443
2016-05-08 15:53:26	5ea231dd419624298791d0699f226380	7/57 (12.28%)	ZeuS	104.152.188.33:443
2016-05-01 17:24:05	c5030cc67bc58a27c177cb9aea674c3e	n/a		104.152.188.24:443
2016-05-01 17:24:05	c5030cc67bc58a27c177cb9aea674c3e	n/a		104.152.188.24:443
2016-04-25 08:05:47	869fd7c399e32f34406ebd02f009a693	7/56 (12.50%)		23.105.71.119:443
2016-04-25 08:05:47	869fd7c399e32f34406ebd02f009a693	7/56 (12.50%)		23.105.71.119:443
2016-03-28 11:17:38	b8250755c67a3066d4f7b9ed91c2f03f	9/57 (15.79%)	ZeuS	74.122.198.116:443
2016-03-28 11:17:38	b8250755c67a3066d4f7b9ed91c2f03f	9/57 (15.79%)	ZeuS	74.122.198.116:443
2016-02-18 22:10:28	ad86575eb97661d3824a7427dac80c10	6/54 (11.11%)	Neutrino	23.249.171.33:443
2016-02-18 22:10:28	ad86575eb97661d3824a7427dac80c10	6/54 (11.11%)	Neutrino	23.249.171.33:443

# of entries: 80 (max: 100)