SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint ed0c166e2af7f79874a89c97d038349e10e9cea9.

Database Entry

SHA1 Fingerprint:ed0c166e2af7f79874a89c97d038349e10e9cea9
Certificate Common Name (CN):*.grounddoesstart.live
Issuer Distinguished Name (DN):R3
TLS Version:TLS 1.2
First seen:2021-05-24 01:25:44 UTC
Last seen:2021-05-24 06:53:07 UTC
Status:Blacklisted
Listing reason:Gozi C&C
Listing date:2021-05-24 06:38:15
Malware samples:17
Botnet C&Cs:1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2021-05-24 06:53:07e8a3c694fc39f2fc11cc98a039092d9cn/aGozi 31.44.185.19:443
2021-05-24 06:53:07e8a3c694fc39f2fc11cc98a039092d9cn/aGozi 31.44.185.19:443
2021-05-24 06:32:160503fec93d7e4902e9e2de90ba2d70fcn/aGozi 31.44.185.19:443
2021-05-24 06:32:160503fec93d7e4902e9e2de90ba2d70fcn/aGozi 31.44.185.19:443
2021-05-24 06:23:507837a49cac10d6ab48c654f93d3b2bf7n/aGozi 31.44.185.19:443
2021-05-24 06:23:507837a49cac10d6ab48c654f93d3b2bf7n/aGozi 31.44.185.19:443
2021-05-24 05:47:4234e3dec3c347c0f8882af6bf35dc6053n/aGozi 31.44.185.19:443
2021-05-24 05:47:4234e3dec3c347c0f8882af6bf35dc6053n/aGozi 31.44.185.19:443
2021-05-24 05:26:05051265a9bf890f1963b95b45cff85a70n/aGozi 31.44.185.19:443
2021-05-24 05:26:05051265a9bf890f1963b95b45cff85a70n/aGozi 31.44.185.19:443
2021-05-24 04:24:29526b7faa3b330ec7390cfd501504e7ecn/aGozi 31.44.185.19:443
2021-05-24 04:24:29526b7faa3b330ec7390cfd501504e7ecn/aGozi 31.44.185.19:443
2021-05-24 03:58:065172c1fa183a05af6e61824cc537a16fn/aGozi 31.44.185.19:443
2021-05-24 03:58:065172c1fa183a05af6e61824cc537a16fn/aGozi 31.44.185.19:443
2021-05-24 02:31:12aa0504acb9d1ae967323137832275849n/aGozi 31.44.185.19:443
2021-05-24 02:31:12aa0504acb9d1ae967323137832275849n/aGozi 31.44.185.19:443
2021-05-24 02:06:08ef1bbe7c50300026f38483c39d400384n/aGozi 31.44.185.19:443
2021-05-24 02:06:08ef1bbe7c50300026f38483c39d400384n/aGozi 31.44.185.19:443
2021-05-24 01:45:546f3ea32d08f95a30263a01da09082c4bn/aGozi 31.44.185.19:443
2021-05-24 01:45:546f3ea32d08f95a30263a01da09082c4bn/aGozi 31.44.185.19:443
2021-05-24 01:33:43db3d0749f2905024807ae7f53e843f49Virustotal results 39 / 69 (56.52%) Gozi 31.44.185.19:443
2021-05-24 01:33:43db3d0749f2905024807ae7f53e843f49Virustotal results 39 / 69 (56.52%) Gozi 31.44.185.19:443
2021-05-24 01:33:21e4f8503f3a496c4a4ba0cc59a9d395ccn/aGozi 31.44.185.19:443
2021-05-24 01:33:21e4f8503f3a496c4a4ba0cc59a9d395ccn/aGozi 31.44.185.19:443
2021-05-24 01:32:50d99def97b28d3a8be5a355f94467e21fn/aGozi 31.44.185.19:443
2021-05-24 01:32:50d99def97b28d3a8be5a355f94467e21fn/aGozi 31.44.185.19:443
2021-05-24 01:30:12aa00eb9458ddbbb663eb66ee80dbedc5Virustotal results 37 / 69 (53.62%) Gozi 31.44.185.19:443
2021-05-24 01:30:12aa00eb9458ddbbb663eb66ee80dbedc5Virustotal results 37 / 69 (53.62%) Gozi 31.44.185.19:443
2021-05-24 01:29:39713e16108deabb13d773ce36f5dc002cVirustotal results 39 / 69 (56.52%) Gozi 31.44.185.19:443
2021-05-24 01:29:39713e16108deabb13d773ce36f5dc002cVirustotal results 39 / 69 (56.52%) Gozi 31.44.185.19:443
2021-05-24 01:27:483bd0a0df4b002da98fe56f89c982b16cVirustotal results 37 / 69 (53.62%) Gozi 31.44.185.19:443
2021-05-24 01:27:483bd0a0df4b002da98fe56f89c982b16cVirustotal results 37 / 69 (53.62%) Gozi 31.44.185.19:443
2021-05-24 01:25:44492076d2d0e123d67a38e65ad5aaee6aVirustotal results 40 / 69 (57.97%) Gozi 31.44.185.19:443
2021-05-24 01:25:44492076d2d0e123d67a38e65ad5aaee6aVirustotal results 40 / 69 (57.97%) Gozi 31.44.185.19:443

# of entries: 34 (max: 100)