Statistics

- Top Malware

Dridex

- Blacklisted SSL Certificates

4'466

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

100

- Distinct Malware Families

107

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1Let's Encrypt Authority X3463
2AsyncRAT Server380
3C=US, ST=Denial, L=Springfield, O=Dis228
4localhost216
5C=XX, L=Default City, O=Default Company Ltd199
6BitRAT174
7R3166
8example.com152
9C=AU, ST=Some-State, O=Internet Widgits Pty Ltd140
10*135

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1AsyncRAT Server380
2C=US, ST=Denial, L=Springfield, O=Dis228
3localhost216
4C=XX, L=Default City, O=Default Company Ltd199
5BitRAT174
6example.com152
7C=AU, ST=Some-State, O=Internet Widgits Pty Ltd140
8*135
9localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd105
10Orcus Server77

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1Dridex C&C735
2AsyncRAT C&C453
3Gozi C&C337
4Quakbot C&C292
5TorrentLocker C&C271
6Malware C&C255
7KINS C&C241
8Gootkit C&C233
9BitRAT C&C200
10IcedId C&C147
11PandaZeuS C&C139
12TrickBot C&C137
13OrcusRAT C&C117
14CobaltStrike C&C77
15QNodeService C&C61
16QuasarRAT C&C60
17BazaLoader C&C53
18ServHelper C&C51
19RaccoonStealer C&C51
20Shylock C&C45