SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint ed28a9c76b5b20605b2de661dd64e643d7a0290a.

Database Entry


SHA1 Fingerprint:ed28a9c76b5b20605b2de661dd64e643d7a0290a
Certificate Common Name (CN):www.signliquideducationdaughter.final/emailAddress=vowel_child@hotmail.com
Issuer Distinguished Name (DN):www.signliquideducationdaughter.final/emailAddress=vowel_child@hotmail.com
TLS Version:SSLv3
First seen:2015-12-14 12:55:38 UTC
Last seen:2015-12-15 11:07:11 UTC
Status:Blacklisted
Listing reason:Gootkit C&C
Listing date:2015-12-14 12:58:31
Malware samples:5
Botnet C&Cs:2

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2015-12-15 11:07:11ecd4b65b56fc5683ccf9def5869e18d2Virustotal results 7/54 (12.96%) Gootkit 185.117.72.87:80
2015-12-15 11:07:11ecd4b65b56fc5683ccf9def5869e18d2Virustotal results 7/54 (12.96%) Gootkit 185.117.72.87:80
2015-12-15 05:58:291feef71728bee6aabdf2dd6155799aa5Virustotal results 1/54 (1.85%) Gootkit 185.117.72.87:80
2015-12-15 05:58:291feef71728bee6aabdf2dd6155799aa5Virustotal results 1/54 (1.85%) Gootkit 185.117.72.87:80
2015-12-14 15:05:468ebdfa0a0fbec2dc55a0266ba0715968Virustotal results 32/56 (57.14%) Gootkit 192.227.158.188:80
2015-12-14 15:05:468ebdfa0a0fbec2dc55a0266ba0715968Virustotal results 32/56 (57.14%) Gootkit 192.227.158.188:80
2015-12-14 14:50:01e1afc3652407338ead6ded313e609daan/aGootkit 192.227.158.188:80
2015-12-14 14:50:01e1afc3652407338ead6ded313e609daan/aGootkit 192.227.158.188:80
2015-12-14 12:55:3848d4a677440ab5c5a3c38cf694f7193cVirustotal results 33/54 (61.11%) Gootkit 192.227.158.188:80
2015-12-14 12:55:3848d4a677440ab5c5a3c38cf694f7193cVirustotal results 33/54 (61.11%) Gootkit 192.227.158.188:80

# of entries: 10 (max: 100)