SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint f5639b20d13517445e5dfb6c01d1f24df616b034.

Database Entry

SHA1 Fingerprint:	f5639b20d13517445e5dfb6c01d1f24df616b034
Certificate Common Name (CN):	tidiraone.icu
Issuer Distinguished Name (DN):	Let's Encrypt Authority X3
TLS Version:	TLS 1.2
First seen:	2018-10-03 15:04:48 UTC
Last seen:	2018-10-04 10:49:52 UTC
Status:	Blacklisted
Listing reason:	Gozi C&C
Listing date:	2018-10-04 09:44:45
Malware samples:	18
Botnet C&Cs:	1

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2018-10-04 10:49:52	17a9847e2dbf83dbf2f81539005e1e8c	n/a	Gozi	185.246.153.252:443
2018-10-04 10:49:52	17a9847e2dbf83dbf2f81539005e1e8c	n/a	Gozi	185.246.153.252:443
2018-10-04 10:45:49	0232dab0ff834fb13f0a17ee05e7f1e8	33/69 (47.83%)	Gozi	185.246.153.252:443
2018-10-04 10:45:49	0232dab0ff834fb13f0a17ee05e7f1e8	33/69 (47.83%)	Gozi	185.246.153.252:443
2018-10-04 10:39:02	91fa4d4332b0018b2cf66b8a4a00e6d0	n/a	Gozi	185.246.153.252:443
2018-10-04 10:39:02	91fa4d4332b0018b2cf66b8a4a00e6d0	n/a	Gozi	185.246.153.252:443
2018-10-04 10:32:14	9df46c5e010562c01e7776b70ae7a9cd	n/a	Gozi	185.246.153.252:443
2018-10-04 10:32:14	9df46c5e010562c01e7776b70ae7a9cd	n/a	Gozi	185.246.153.252:443
2018-10-04 07:51:36	aeecf4f501293b8b334cf5fe0f97e6fa	30/68 (44.12%)	Gozi	185.246.153.252:443
2018-10-04 07:51:36	aeecf4f501293b8b334cf5fe0f97e6fa	30/68 (44.12%)	Gozi	185.246.153.252:443
2018-10-04 07:32:00	cf6e87af545745f6bb6ab4fa7161badb	37/69 (53.62%)	Gozi	185.246.153.252:443
2018-10-04 07:32:00	cf6e87af545745f6bb6ab4fa7161badb	37/69 (53.62%)	Gozi	185.246.153.252:443
2018-10-04 07:15:36	085d610d456a0cf66a0a6f8aca30997b	32/68 (47.06%)	Gozi	185.246.153.252:443
2018-10-04 07:15:36	085d610d456a0cf66a0a6f8aca30997b	32/68 (47.06%)	Gozi	185.246.153.252:443
2018-10-04 06:47:47	8a34bda136a8e7858bac01c1f257d251	n/a	Gozi	185.246.153.252:443
2018-10-04 06:47:47	8a34bda136a8e7858bac01c1f257d251	n/a	Gozi	185.246.153.252:443
2018-10-04 06:36:33	acb007032aaa9edfc05fb7f51e1151e7	32/69 (46.38%)	Gozi	185.246.153.252:443
2018-10-04 06:36:33	acb007032aaa9edfc05fb7f51e1151e7	32/69 (46.38%)	Gozi	185.246.153.252:443
2018-10-04 06:31:41	d919668b29eb88b6a530eec0406aa743	35/68 (51.47%)	Gozi	185.246.153.252:443
2018-10-04 06:31:41	d919668b29eb88b6a530eec0406aa743	35/68 (51.47%)	Gozi	185.246.153.252:443
2018-10-04 05:52:07	a095b2fd75655cde20ea37152f55104f	30/68 (44.12%)	Gozi	185.246.153.252:443
2018-10-04 05:52:07	a095b2fd75655cde20ea37152f55104f	30/68 (44.12%)	Gozi	185.246.153.252:443
2018-10-03 19:46:10	8eac083433afc180c728fad286c37200	n/a	Gozi	185.246.153.252:443
2018-10-03 19:46:10	8eac083433afc180c728fad286c37200	n/a	Gozi	185.246.153.252:443
2018-10-03 19:11:30	ed33fcde6695edccbd0d844f1a9ea373	36/68 (52.94%)	Gozi	185.246.153.252:443
2018-10-03 19:11:30	ed33fcde6695edccbd0d844f1a9ea373	36/68 (52.94%)	Gozi	185.246.153.252:443
2018-10-03 15:50:49	50597e436876e9c69996ac3147571733	18/58 (31.03%)	Gozi	185.246.153.252:443
2018-10-03 15:50:49	50597e436876e9c69996ac3147571733	18/58 (31.03%)	Gozi	185.246.153.252:443
2018-10-03 15:50:39	2e85c942520922f0bde9eda50d4fa579	36/69 (52.17%)	Gozi	185.246.153.252:443
2018-10-03 15:50:39	2e85c942520922f0bde9eda50d4fa579	36/69 (52.17%)	Gozi	185.246.153.252:443
2018-10-03 15:18:00	c47d78b708d2d3a260d15ef3cfb58f87	36/68 (52.94%)	Gozi	185.246.153.252:443
2018-10-03 15:18:00	c47d78b708d2d3a260d15ef3cfb58f87	36/68 (52.94%)	Gozi	185.246.153.252:443
2018-10-03 15:05:01	a569ebcf1078652e036190382d2e81f6	35/69 (50.72%)	Gozi	185.246.153.252:443
2018-10-03 15:05:01	a569ebcf1078652e036190382d2e81f6	35/69 (50.72%)	Gozi	185.246.153.252:443
2018-10-03 15:04:52	cea99798368c5d89ccd16ea98a9c1a21	35/69 (50.72%)	Gozi	185.246.153.252:443
2018-10-03 15:04:52	cea99798368c5d89ccd16ea98a9c1a21	35/69 (50.72%)	Gozi	185.246.153.252:443

# of entries: 36 (max: 100)