Statistics

- Top Malware

AsyncRAT

- Blacklisted SSL Certificates

6'311

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

97

- Distinct Malware Families

157

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1AsyncRAT Server795
2Let's Encrypt Authority X3463
3Quasar Server CA275
4BitRAT248
5C=US, ST=Denial, L=Springfield, O=Dis228
6R3217
7localhost217
8DcRat Server, OU=qwqdanchun, O=DcRat By qwqdanchun, L=SH, C=CN204
9C=XX, L=Default City, O=Default Company Ltd199
10WE1157

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1AsyncRAT Server795
2DcRat342
3Quasar Server CA275
4BitRAT248
5C=US, ST=Denial, L=Springfield, O=Dis228
6localhost217
7C=XX, L=Default City, O=Default Company Ltd199
8example.com153
9C=AU, ST=Some-State, O=Internet Widgits Pty Ltd143
10*139

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1AsyncRAT C&C1'162
2Dridex C&C735
3Gozi C&C348
4Malware C&C295
5QuasarRAT C&C295
6Quakbot C&C292
7BitRAT C&C283
8TorrentLocker C&C271
9KINS C&C241
10Gootkit C&C233
11DCRat C&C223
12OrcusRAT C&C167
13IcedId C&C151
14LummaStealer C&C140
15PandaZeuS C&C139
16TrickBot C&C137
17CobaltStrike C&C101
18Vidar C&C71
19QNodeService C&C61
20ServHelper C&C58