SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint e76858cc6964b10dc40fc29dacbc11f97b6a25e1.

Database Entry


SHA1 Fingerprint:e76858cc6964b10dc40fc29dacbc11f97b6a25e1
Certificate Common Name (CN):www.knewill.schmidt/emailAddress=tales_shells@hotmail.com
Issuer Distinguished Name (DN):www.knewill.schmidt/emailAddress=tales_shells@hotmail.com
TLS Version:SSLv3
First seen:2015-12-15 23:27:08 UTC
Last seen:2016-01-13 15:04:25 UTC
Status:Blacklisted
Listing reason:Gootkit C&C
Listing date:2015-12-21 07:05:57
Malware samples:10
Botnet C&Cs:5

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-01-13 15:04:25fec4139ddbcec00c476eaf26ea12222aVirustotal results 4/55 (7.27%) Gootkit 172.245.130.32:80
2016-01-09 21:48:32abaf06b954fe51cf7ae6ab3ba5fd1456Virustotal results 19/54 (35.19%) Gootkit 185.82.202.38:80
2016-01-09 04:28:45acda62425681c7a5b944db58f6750cf6Virustotal results 3/54 (5.56%) Gootkit 51.255.155.169:80
2016-01-08 21:31:34aa27a6c2d9b3766534c4b467bdcc1972Virustotal results 6/54 (11.11%) Gootkit 198.96.89.181:80
2015-12-24 03:15:463b82738ea9f1192445b0a4573192a209Virustotal results 6/54 (11.11%) Gootkit 109.235.70.20:80
2015-12-21 12:35:53b47acc8e563fa8d337192559d7b52ba3Virustotal results 2/55 (3.64%) Gootkit 185.82.202.38:80
2015-12-21 08:07:26b62e2b3f9e850f0b3fb08c66b5669027Virustotal results 5/54 (9.26%) Gootkit 185.82.202.38:80
2015-12-20 10:58:02800530f8744bfde73f8b129c0290ef32Virustotal results 2/56 (3.57%) Gootkit 198.96.89.181:80
2015-12-17 02:12:24ede83e77ccbdf74800074fd8b2cb3d51Virustotal results 10/53 (18.87%) Gootkit 198.96.89.181:80
2015-12-15 23:27:08d1a89940c78d8e9e06e112cfba0dc886Virustotal results 6/56 (10.71%) Gootkit 185.82.202.38:80

# of entries: 10 (max: 100)