SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint d939155400494051d785fbeae33933f64a2d6cce.

Database Entry


SHA1 Fingerprint:d939155400494051d785fbeae33933f64a2d6cce
Certificate Common Name (CN):cherniypoyas.ru
Issuer Distinguished Name (DN):COMODO RSA Domain Validation Secure Server CA
TLS Version:TLS 1.2
First seen:2015-09-10 00:37:53 UTC
Last seen:2015-09-20 17:39:08 UTC
Status:Blacklisted
Listing reason:Rovnix C&C
Listing date:2015-09-19 08:30:28
Malware samples:5
Botnet C&Cs:2

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2015-09-20 17:39:08f8ae4b7e142d0d5fcf445d3ea4e71e5dVirustotal results 9/56 (16.07%) Gozi 37.0.125.106:443
2015-09-20 17:39:08f8ae4b7e142d0d5fcf445d3ea4e71e5dVirustotal results 9/56 (16.07%) Gozi 37.0.125.106:443
2015-09-19 06:13:027660d41996b28503a7813c5381d63ba7Virustotal results 16/56 (28.57%) 37.0.125.106:443
2015-09-19 06:13:027660d41996b28503a7813c5381d63ba7Virustotal results 16/56 (28.57%) 37.0.125.106:443
2015-09-18 13:22:402bf19f880796985530ef6cf663b0c635Virustotal results 20/57 (35.09%) 37.0.125.106:443
2015-09-18 13:22:402bf19f880796985530ef6cf663b0c635Virustotal results 20/57 (35.09%) 37.0.125.106:443
2015-09-12 01:47:19dd28d0de3a0be8143253815cc9d7f8acVirustotal results 2/56 (3.57%) 37.0.125.106:443
2015-09-12 01:47:19dd28d0de3a0be8143253815cc9d7f8acVirustotal results 2/56 (3.57%) 37.0.125.106:443
2015-09-10 00:37:531a843d010b3f0549e5a882eef4a3f6c3Virustotal results 3/57 (5.26%) 185.66.218.2:443
2015-09-10 00:37:531a843d010b3f0549e5a882eef4a3f6c3Virustotal results 3/57 (5.26%) 185.66.218.2:443

# of entries: 10 (max: 100)