SSL Certificates
The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint c6cf08845203a4b1fda667d3410ab43b9e368526.
Database Entry
| SHA1 Fingerprint: | c6cf08845203a4b1fda667d3410ab43b9e368526 |
|---|---|
| Certificate Common Name (CN): | izhongcheng.cn |
| Issuer Distinguished Name (DN): | GeoTrust CN RSA CA G1 |
| TLS Version: | TLS 1.2 |
| First seen: | 2020-05-01 03:48:47 UTC |
| Last seen: | 2021-07-31 03:50:36 UTC |
| Status: | Blacklisted |
| Listing reason: | CobaltStrike C&C |
| Listing date: | 2021-07-13 12:36:03 |
| Malware samples: | 59 |
| Botnet C&Cs: | 28 |
Malware Samples
The table below documents all malware samples associated with this SSL certificate.
| Timestamp (UTC) | Malware Sample (MD5 hash) | VT | Signature | Botnet C&C (IP:port) |
|---|---|---|---|---|
| 2021-07-31 03:50:36 | f9a85edcbd31e7eb4165ee61d7175f8b |  40 / 70 (57.14%)
| 211.152.146.86:443 | |
| 2021-07-31 03:50:36 | f9a85edcbd31e7eb4165ee61d7175f8b | 40 / 70 (57.14%)
| 211.152.146.86:443 | |
| 2021-07-31 01:48:18 | f4940e9d843336a142b0deae0ec2174d | 43 / 69 (62.32%)
| 101.33.11.29:443 | |
| 2021-07-31 01:48:18 | f4940e9d843336a142b0deae0ec2174d | 43 / 69 (62.32%)
| 101.33.11.29:443 | |
| 2021-07-30 20:15:22 | 59aa912d2a1fe54069c3f0d4ab67cc3d | 58 / 70 (82.86%)
| 203.205.224.59:443 | |
| 2021-07-30 20:15:22 | 59aa912d2a1fe54069c3f0d4ab67cc3d | 58 / 70 (82.86%)
| 203.205.224.59:443 | |
| 2021-07-24 17:12:58 | 602ef7edb7dcd1c9e0ff03bf5e610096 | 27 / 70 (38.57%)
| 211.152.146.87:443 | |
| 2021-07-24 17:12:58 | 602ef7edb7dcd1c9e0ff03bf5e610096 | 27 / 70 (38.57%)
| 211.152.146.87:443 | |
| 2021-07-20 04:22:01 | 8c9d31762f34a9e0a353304858d781bb | 5 / 65 (7.69%)
| 211.152.136.90:443 | |
| 2021-07-20 04:22:01 | 8c9d31762f34a9e0a353304858d781bb | 5 / 65 (7.69%)
| 211.152.136.90:443 | |
| 2021-07-20 00:02:26 | 4766eabc20d71a686ad3332da332daa4 | 4 / 69 (5.80%)
| 211.152.146.73:443 | |
| 2021-07-20 00:02:26 | 4766eabc20d71a686ad3332da332daa4 | 4 / 69 (5.80%)
| 211.152.146.73:443 | |
| 2021-07-19 12:59:30 | 6c63aed2122a6c4a6ab0670501a747c5 | 17 / 69 (24.64%)
| CobaltStrike | 203.205.191.21:443 |
| 2021-07-19 12:59:30 | 6c63aed2122a6c4a6ab0670501a747c5 | 17 / 69 (24.64%)
| CobaltStrike | 203.205.191.21:443 |
| 2021-07-17 14:26:16 | bbe8e8d00b910726ea6bf7f8e03ee1b4 | 34 / 69 (49.28%)
| 101.33.11.48:443 | |
| 2021-07-17 14:26:16 | bbe8e8d00b910726ea6bf7f8e03ee1b4 | 34 / 69 (49.28%)
| 101.33.11.48:443 | |
| 2021-07-13 07:33:22 | 765cf8227a47cef845b23e6b56acf926 | 3 / 67 (4.48%)
| CobaltStrike | 101.33.10.114:443 |
| 2021-07-13 07:33:22 | 765cf8227a47cef845b23e6b56acf926 | 3 / 67 (4.48%)
| CobaltStrike | 101.33.10.114:443 |
| 2021-07-12 07:22:10 | 88fb1b59cd83c4e5b86ab2793ce15952 | 10 / 71 (14.08%)
| 101.33.11.48:443 | |
| 2021-07-12 07:22:10 | 88fb1b59cd83c4e5b86ab2793ce15952 | 10 / 71 (14.08%)
| 101.33.11.48:443 | |
| 2021-07-12 07:21:59 | 4ed409f5fcd0a2a0990e204f84f21de8 | 8 / 71 (11.27%)
| 211.152.146.86:443 | |
| 2021-07-12 07:21:59 | 4ed409f5fcd0a2a0990e204f84f21de8 | 8 / 71 (11.27%)
| 211.152.146.86:443 | |
| 2021-07-12 07:21:27 | d25c194c65cc01776d7564d78cd3bcf4 | 7 / 68 (10.29%)
| 101.33.11.45:443 | |
| 2021-07-12 07:21:27 | d25c194c65cc01776d7564d78cd3bcf4 | 7 / 68 (10.29%)
| 101.33.11.45:443 | |
| 2021-07-12 07:19:04 | 9c1b58af10b0f62a66656fd9ec892f96 | 22 / 69 (31.88%)
| 211.152.136.77:443 | |
| 2021-07-12 07:19:04 | 9c1b58af10b0f62a66656fd9ec892f96 | 22 / 69 (31.88%)
| 211.152.136.77:443 | |
| 2021-07-12 07:16:59 | 1529176ad0bb4ef126074c0cf22f5361 | 4 / 69 (5.80%)
| 211.152.136.90:443 | |
| 2021-07-12 07:16:59 | 1529176ad0bb4ef126074c0cf22f5361 | 4 / 69 (5.80%)
| 211.152.136.90:443 | |
| 2021-07-12 07:16:30 | c7234dbd26209856fbf62f2fcea2293c | 3 / 70 (4.29%)
| 211.152.136.89:443 | |
| 2021-07-12 07:16:30 | c7234dbd26209856fbf62f2fcea2293c | 3 / 70 (4.29%)
| 211.152.136.89:443 | |
| 2021-07-12 07:16:08 | 86e1d2feca2aaa0de04ac43a88163e5e | 21 / 63 (33.33%)
| 180.97.251.173:443 | |
| 2021-07-12 07:16:08 | 86e1d2feca2aaa0de04ac43a88163e5e | 21 / 63 (33.33%)
| 180.97.251.173:443 | |
| 2021-07-12 07:15:53 | 705f5d9b81dbc6bd0120ed555dccb491 | 32 / 69 (46.38%)
| 211.152.136.71:443 | |
| 2021-07-12 07:15:53 | 705f5d9b81dbc6bd0120ed555dccb491 | 32 / 69 (46.38%)
| 211.152.136.71:443 | |
| 2021-07-12 07:10:56 | f12a1c138bc56653a09076cba61d392d | 32 / 69 (46.38%)
| 101.33.11.48:443 | |
| 2021-07-12 07:10:56 | f12a1c138bc56653a09076cba61d392d | 32 / 69 (46.38%)
| 101.33.11.48:443 | |
| 2021-07-08 05:47:40 | 3b301ebc5bdcc4f83216474bb8b67c1a | 39 / 70 (55.71%)
| Redosdru | 101.33.11.45:443 |
| 2021-07-08 05:47:40 | 3b301ebc5bdcc4f83216474bb8b67c1a | 39 / 70 (55.71%)
| Redosdru | 101.33.11.45:443 |
| 2021-07-06 07:44:53 | a682c9cfdd26382c0d7c29e7d3d4110d | 34 / 70 (48.57%)
| CobaltStrike | 101.33.11.29:443 |
| 2021-07-06 07:44:53 | a682c9cfdd26382c0d7c29e7d3d4110d | 34 / 70 (48.57%)
| CobaltStrike | 101.33.11.29:443 |
| 2021-06-30 21:13:47 | 4e985539205fd2ba57c1ea48911ca382 | 26 / 68 (38.24%)
| 101.33.10.114:443 | |
| 2021-06-30 21:13:47 | 4e985539205fd2ba57c1ea48911ca382 | 26 / 68 (38.24%)
| 101.33.10.114:443 | |
| 2021-06-27 17:52:23 | 1089b93a4a286283523deac740716ebd | 35 / 70 (50.00%)
| CobaltStrike | 122.228.4.229:443 |
| 2021-06-27 17:52:23 | 1089b93a4a286283523deac740716ebd | 35 / 70 (50.00%)
| CobaltStrike | 122.228.4.229:443 |
| 2021-06-11 20:55:35 | 9e1491c85efcdfe54efad69351886206 | n/a | Nitol | 101.33.11.88:443 |
| 2021-06-11 20:55:35 | 9e1491c85efcdfe54efad69351886206 | n/a | Nitol | 101.33.11.88:443 |
| 2021-06-05 20:59:15 | 45853aabd043c13de599aec1d3c88e6e | 41 / 70 (58.57%)
| 101.33.11.110:443 | |
| 2021-06-05 20:59:15 | 45853aabd043c13de599aec1d3c88e6e | 41 / 70 (58.57%)
| 101.33.11.110:443 | |
| 2021-06-02 17:55:58 | 3404a08ed2348076e20687dd479eac2b | 31 / 69 (44.93%)
| 211.152.136.90:443 | |
| 2021-06-02 17:55:58 | 3404a08ed2348076e20687dd479eac2b | 31 / 69 (44.93%)
| 211.152.136.90:443 | |
| 2021-05-29 05:01:20 | a2a1b33ba9cdca6d16e6baa6db7b8b9a | 3 / 68 (4.41%)
| 101.33.11.25:443 | |
| 2021-05-29 05:01:20 | a2a1b33ba9cdca6d16e6baa6db7b8b9a | 3 / 68 (4.41%)
| 101.33.11.25:443 | |
| 2021-05-25 23:23:56 | 8ac09324cb33c288541fd317a950cdf6 | 49 / 69 (71.01%)
| YoungLotus | 101.33.11.88:443 |
| 2021-05-25 23:23:56 | 8ac09324cb33c288541fd317a950cdf6 | 49 / 69 (71.01%)
| YoungLotus | 101.33.11.88:443 |
| 2021-05-15 11:53:06 | aff1290c0415dff3ae8f8814bec2aae3 | 46 / 69 (66.67%)
| YoungLotus | 203.205.224.59:443 |
| 2021-05-15 11:53:06 | aff1290c0415dff3ae8f8814bec2aae3 | 46 / 69 (66.67%)
| YoungLotus | 203.205.224.59:443 |
| 2021-05-10 21:24:35 | a09547c10d4591baff7acd7dcd266df0 | 36 / 68 (52.94%)
| YoungLotus | 211.152.136.90:443 |
| 2021-05-10 21:24:35 | a09547c10d4591baff7acd7dcd266df0 | 36 / 68 (52.94%)
| YoungLotus | 211.152.136.90:443 |
| 2021-05-09 05:03:52 | 5907ef729a9457be49244db9823f0f9f | 23 / 69 (33.33%)
| 211.152.136.88:443 | |
| 2021-05-09 05:03:52 | 5907ef729a9457be49244db9823f0f9f | 23 / 69 (33.33%)
| 211.152.136.88:443 | |
| 2021-05-03 00:40:13 | 6e7986b5cfadb15e9b1f139797c961f3 | 9 / 68 (13.24%)
| 203.205.224.59:443 | |
| 2021-05-03 00:40:13 | 6e7986b5cfadb15e9b1f139797c961f3 | 9 / 68 (13.24%)
| 203.205.224.59:443 | |
| 2021-04-23 16:39:02 | 5d0749adc6ff4ed7814c704bee79f50b | 17 / 69 (24.64%)
| 211.152.136.87:443 | |
| 2021-04-23 16:39:02 | 5d0749adc6ff4ed7814c704bee79f50b | 17 / 69 (24.64%)
| 211.152.136.87:443 | |
| 2021-04-01 03:51:37 | 9f8b29e9ac99296f29c3472c6fe89874 | 35 / 68 (51.47%)
| 27.22.58.175:443 | |
| 2021-04-01 03:51:37 | 9f8b29e9ac99296f29c3472c6fe89874 | 35 / 68 (51.47%)
| 27.22.58.175:443 | |
| 2021-03-08 02:37:48 | b7971e397e1dbf7834a52334349775bb | n/a | 180.97.251.173:443 | |
| 2021-03-08 02:37:48 | b7971e397e1dbf7834a52334349775bb | n/a | 180.97.251.173:443 | |
| 2021-02-21 22:06:38 | 93230f71f7d6f961b29340ed111be2fd | 39 / 70 (55.71%)
| Formbook | 180.97.251.173:443 |
| 2021-02-21 22:06:38 | 93230f71f7d6f961b29340ed111be2fd | 39 / 70 (55.71%)
| Formbook | 180.97.251.173:443 |
| 2021-02-17 19:21:59 | 1d3a4e992f1900451ac8fcb31dc6eb55 | 13 / 70 (18.57%)
| 180.97.251.173:443 | |
| 2021-02-17 19:21:59 | 1d3a4e992f1900451ac8fcb31dc6eb55 | 13 / 70 (18.57%)
| 180.97.251.173:443 | |
| 2021-02-10 08:20:47 | c1370121f61446a68dce35e058b04306 | 26 / 71 (36.62%)
| 115.220.8.189:443 | |
| 2021-02-10 08:20:47 | c1370121f61446a68dce35e058b04306 | 26 / 71 (36.62%)
| 115.220.8.189:443 | |
| 2021-02-05 03:26:52 | 9169f9999af0a2460303b7b2eeaec408 | 46 / 69 (66.67%)
| CobaltStrike | 122.228.4.170:443 |
| 2021-02-05 03:26:52 | 9169f9999af0a2460303b7b2eeaec408 | 46 / 69 (66.67%)
| CobaltStrike | 122.228.4.170:443 |
| 2021-01-14 17:21:43 | e49a339b091771e5f5879f6680bcde63 | 28 / 70 (40.00%)
| 180.97.251.173:443 | |
| 2021-01-14 17:21:43 | e49a339b091771e5f5879f6680bcde63 | 28 / 70 (40.00%)
| 180.97.251.173:443 | |
| 2020-12-25 21:20:04 | 0cc1d1fc0074b6d8545ea97c78ac5b39 | 61 / 71 (85.92%)
| Gh0stRAT | 101.226.26.166:443 |
| 2020-12-25 21:20:04 | 0cc1d1fc0074b6d8545ea97c78ac5b39 | 61 / 71 (85.92%)
| Gh0stRAT | 101.226.26.166:443 |
| 2020-12-23 18:36:28 | 08e6856d7991453aa24d563428486986 | 14 / 70 (20.00%)
| CobaltStrike | 101.226.26.165:443 |
| 2020-12-23 18:36:28 | 08e6856d7991453aa24d563428486986 | 14 / 70 (20.00%)
| CobaltStrike | 101.226.26.165:443 |
| 2020-12-14 13:49:36 | ff59c6d1e4f9f9ba162c64b454511e79 | 33 / 71 (46.48%)
| 101.33.11.45:443 | |
| 2020-12-14 13:49:36 | ff59c6d1e4f9f9ba162c64b454511e79 | 33 / 71 (46.48%)
| 101.33.11.45:443 | |
| 2020-12-03 11:01:19 | 497a3bbb8aa43f921f358b0f891a1b5a | 16 / 70 (22.86%)
| 27.22.58.175:443 | |
| 2020-12-03 11:01:19 | 497a3bbb8aa43f921f358b0f891a1b5a | 16 / 70 (22.86%)
| 27.22.58.175:443 | |
| 2020-11-29 00:00:58 | 5dfb7f863cd291544b9dfdb3de25162f | 38 / 70 (54.29%)
| CobaltStrike | 101.226.26.166:443 |
| 2020-11-29 00:00:58 | 5dfb7f863cd291544b9dfdb3de25162f | 38 / 70 (54.29%)
| CobaltStrike | 101.226.26.166:443 |
| 2020-10-12 16:39:23 | 5a592c81edae10a6685d6f48380dcac4 | 50 / 70 (71.43%)
| 101.226.26.165:443 | |
| 2020-10-12 16:39:23 | 5a592c81edae10a6685d6f48380dcac4 | 50 / 70 (71.43%)
| 101.226.26.165:443 | |
| 2020-09-08 15:28:34 | bbcb91f6a3d34085f4b311cfd43f5983 | 2 / 70 (2.86%)
| 211.152.136.89:443 | |
| 2020-09-08 15:28:34 | bbcb91f6a3d34085f4b311cfd43f5983 | 2 / 70 (2.86%)
| 211.152.136.89:443 | |
| 2020-09-01 20:56:05 | 1987c632f3ff12b1cc2efadcc4ad6184 | 2 / 68 (2.94%)
| 211.152.136.77:443 | |
| 2020-09-01 20:56:05 | 1987c632f3ff12b1cc2efadcc4ad6184 | 2 / 68 (2.94%)
| 211.152.136.77:443 | |
| 2020-08-27 09:53:57 | 24d9aedfbf8e7841716d307177bd5fe4 | 49 / 67 (73.13%)
| CobaltStrike | 101.226.26.165:443 |
| 2020-08-27 09:53:57 | 24d9aedfbf8e7841716d307177bd5fe4 | 49 / 67 (73.13%)
| CobaltStrike | 101.226.26.165:443 |
| 2020-08-24 14:57:09 | 6a74d61980a3b5e4b162e32069fa175b | 2 / 71 (2.82%)
| 211.152.136.87:443 | |
| 2020-08-24 14:57:09 | 6a74d61980a3b5e4b162e32069fa175b | 2 / 71 (2.82%)
| 211.152.136.87:443 | |
| 2020-08-18 06:26:19 | 2d5ad07d2b522cf4f25e078f3bb81f7e | 35 / 68 (51.47%)
| CobaltStrike | 180.97.251.173:443 |
| 2020-08-18 06:26:19 | 2d5ad07d2b522cf4f25e078f3bb81f7e | 35 / 68 (51.47%)
| CobaltStrike | 180.97.251.173:443 |
# of entries: 100 (max: 100)