SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint b1a1f738f7e4c36de39c4f4622b5e8b4d15862e7.

Database Entry


SHA1 Fingerprint:b1a1f738f7e4c36de39c4f4622b5e8b4d15862e7
Certificate Common Name (CN):localhost
Issuer Distinguished Name (DN):localhost
TLS Version:TLSv1
First seen:2016-08-31 21:03:34 UTC
Last seen:2016-09-08 07:17:09 UTC
Status:Blacklisted
Listing reason:Gootkit C&C
Listing date:2016-09-01 07:24:36
Malware samples:6
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-09-08 07:17:098f76d56be34f55e1d8cc2e854525cd6aVirustotal results 32/58 (55.17%) Gootkit 198.61.220.159:80
2016-09-04 05:40:330cc03bdebab758da0b49297cb16e2a3eVirustotal results 16/57 (28.07%) Gootkit 198.61.220.159:80
2016-09-03 12:59:310efb4efec6c61caa1cec162dbfcda8ddVirustotal results 23/58 (39.66%) Gootkit 198.61.220.159:80
2016-09-03 03:47:045646e5e8fcd9ca287cb5b64718cceee0Virustotal results 33/57 (57.89%) Gootkit 198.61.220.159:80
2016-09-02 10:34:2665805cf7e99a632af310ad6608f73f58Virustotal results 37/57 (64.91%) Gootkit 198.61.220.159:80
2016-08-31 21:03:342d6d88ed67d87fcab2082f6941b4e924Virustotal results 6/57 (10.53%) Gootkit 198.61.220.159:80

# of entries: 6 (max: 100)