SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint d6412db50df662b5af43a2a20dfe58e00cab0996.

Database Entry

SHA1 Fingerprint:d6412db50df662b5af43a2a20dfe58e00cab0996
Certificate Common Name (CN):main.info
Issuer Distinguished Name (DN):main.info
TLS Version:TLS 1.2
First seen:2018-10-10 18:08:17 UTC
Last seen:2018-11-02 06:23:13 UTC
Status:Blacklisted
Listing reason:IcedId C&C
Listing date:2018-10-11 05:55:26
Malware samples:14
Botnet C&Cs:3

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2018-11-02 06:23:1328248b60b839643f6dc3c61825398180Virustotal results 38/68 (55.88%) IcedID 83.217.10.56:443
2018-11-02 06:23:1328248b60b839643f6dc3c61825398180Virustotal results 38/68 (55.88%) IcedID 83.217.10.56:443
2018-11-02 05:26:046c2a8cf4607e0ccc5261422a4cfba90cVirustotal results 36/66 (54.55%) IcedID 83.217.10.56:443
2018-11-02 05:26:046c2a8cf4607e0ccc5261422a4cfba90cVirustotal results 36/66 (54.55%) IcedID 83.217.10.56:443
2018-11-01 02:26:080a21d94a0b40d0a8f822ea130b1146f2Virustotal results 34/64 (53.12%) IcedID 83.217.10.56:443
2018-11-01 02:26:080a21d94a0b40d0a8f822ea130b1146f2Virustotal results 34/64 (53.12%) IcedID 83.217.10.56:443
2018-10-30 11:42:299bce2d4c9a54a8fa917aedccd730905cVirustotal results 39/67 (58.21%) TinyNuke83.217.10.56:443
2018-10-30 11:42:299bce2d4c9a54a8fa917aedccd730905cVirustotal results 39/67 (58.21%) TinyNuke83.217.10.56:443
2018-10-23 22:53:12c82aad642de0420b14347146c115e214Virustotal results 36/66 (54.55%) Gozi 83.217.10.56:443
2018-10-23 22:53:12c82aad642de0420b14347146c115e214Virustotal results 36/66 (54.55%) Gozi 83.217.10.56:443
2018-10-20 14:00:17802d71c300cbff10abed2eae0c2a7973Virustotal results 13/65 (20.00%) 83.217.10.56:443
2018-10-20 14:00:17802d71c300cbff10abed2eae0c2a7973Virustotal results 13/65 (20.00%) 83.217.10.56:443
2018-10-20 09:46:206b47ec52b4c2f80af7fef477f809e480Virustotal results 5/68 (7.35%) IcedID 83.217.10.56:443
2018-10-20 09:46:206b47ec52b4c2f80af7fef477f809e480Virustotal results 5/68 (7.35%) IcedID 83.217.10.56:443
2018-10-18 02:11:2895ef7b1aea0dcc9fdb2bd1856797bbf4Virustotal results 37/69 (53.62%) IcedID 85.143.220.184:443
2018-10-18 02:11:2895ef7b1aea0dcc9fdb2bd1856797bbf4Virustotal results 37/69 (53.62%) IcedID 85.143.220.184:443
2018-10-11 01:40:436c01a3c0d71c4174429c12afad488db9Virustotal results 32/69 (46.38%) IcedId 46.148.26.86:443
2018-10-11 01:40:436c01a3c0d71c4174429c12afad488db9Virustotal results 32/69 (46.38%) IcedId 46.148.26.86:443
2018-10-11 01:01:378052c0d388ab75d7bf513947f33a92ecVirustotal results 33/68 (48.53%) IcedId 46.148.26.86:443
2018-10-11 01:01:378052c0d388ab75d7bf513947f33a92ecVirustotal results 33/68 (48.53%) IcedId 46.148.26.86:443
2018-10-10 22:28:5525119a8e6d48a5a65d788cbf7dea7653Virustotal results 38/69 (55.07%) IcedId 46.148.26.86:443
2018-10-10 22:28:5525119a8e6d48a5a65d788cbf7dea7653Virustotal results 38/69 (55.07%) IcedId 46.148.26.86:443
2018-10-10 20:39:188bf47d1db2b18e354af0165092187b42Virustotal results 40/69 (57.97%) AZORult 46.148.26.86:443
2018-10-10 20:39:188bf47d1db2b18e354af0165092187b42Virustotal results 40/69 (57.97%) AZORult 46.148.26.86:443
2018-10-10 20:25:5751d1e31e3decc7f30f2c39a3099f6356Virustotal results 35/69 (50.72%) IcedId 46.148.26.86:443
2018-10-10 20:25:5751d1e31e3decc7f30f2c39a3099f6356Virustotal results 35/69 (50.72%) IcedId 46.148.26.86:443
2018-10-10 18:08:1702713930209097e46d24a5188e8d3262Virustotal results 40/69 (57.97%) IcedId 46.148.26.86:443
2018-10-10 18:08:1702713930209097e46d24a5188e8d3262Virustotal results 40/69 (57.97%) IcedId 46.148.26.86:443

# of entries: 28 (max: 100)