Statistics

- Top Malware

AsyncRAT

- Blacklisted SSL Certificates

7'359

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

97

- Distinct Malware Families

173

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1AsyncRAT Server817
2WE1743
3Let's Encrypt Authority X3463
4Quasar Server CA310
5BitRAT248
6C=US, ST=Denial, L=Springfield, O=Dis228
7DcRat Server, OU=qwqdanchun, O=DcRat By qwqdanchun, L=SH, C=CN222
8localhost219
9R3217
10C=XX, L=Default City, O=Default Company Ltd199

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1AsyncRAT Server817
2DcRat381
3Quasar Server CA310
4BitRAT248
5C=US, ST=Denial, L=Springfield, O=Dis228
6localhost219
7C=XX, L=Default City, O=Default Company Ltd199
8example.com153
9C=AU, ST=Some-State, O=Internet Widgits Pty Ltd148
10*139

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1AsyncRAT C&C1'273
2Dridex C&C735
3LummaStealer C&C434
4QuasarRAT C&C391
5Gozi C&C348
6Malware C&C301
7Quakbot C&C292
8BitRAT C&C284
9TorrentLocker C&C271
10DCRat C&C245
11KINS C&C241
12Gootkit C&C233
13OrcusRAT C&C175
14OffLoader C&C163
15ConnectWise C&C158
16IcedId C&C151
17PandaZeuS C&C139
18TrickBot C&C137
19CobaltStrike C&C116
20Rhadamanthys C&C116