Statistics
Top Malware
AsyncRAT
Blacklisted SSL Certificates
5'214
Top issuing CA
Let's Encrypt Authority X3
Blacklisted JA3 Fingerprints
97
Distinct Malware Families
120
Top issuing CAs
The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.
| Rank | Certificate Authority (CA) | SSL certificates |
|---|---|---|
| 1 | AsyncRAT Server | 641 |
| 2 | Let's Encrypt Authority X3 | 463 |
| 3 | BitRAT | 237 |
| 4 | C=US, ST=Denial, L=Springfield, O=Dis | 228 |
| 5 | localhost | 217 |
| 6 | R3 | 203 |
| 7 | C=XX, L=Default City, O=Default Company Ltd | 199 |
| 8 | example.com | 153 |
| 9 | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 142 |
| 10 | * | 138 |
Top SSL Certificate Common-Names (CN)
The table below documents the top ten common-names (CN) used by botnet C&Cs.
| Rank | Common-Nanme | SSL certificates |
|---|---|---|
| 1 | AsyncRAT Server | 641 |
| 2 | BitRAT | 237 |
| 3 | C=US, ST=Denial, L=Springfield, O=Dis | 228 |
| 4 | localhost | 217 |
| 5 | C=XX, L=Default City, O=Default Company Ltd | 199 |
| 6 | DcRat | 161 |
| 7 | example.com | 153 |
| 8 | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 142 |
| 9 | * | 138 |
| 10 | Quasar Server CA | 130 |
Top Listing Reasons
The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.
| Rank | Listing reason | SSL certificates |
|---|---|---|
| 1 | AsyncRAT C&C | 836 |
| 2 | Dridex C&C | 735 |
| 3 | Gozi C&C | 342 |
| 4 | Quakbot C&C | 292 |
| 5 | Malware C&C | 277 |
| 6 | TorrentLocker C&C | 271 |
| 7 | BitRAT C&C | 270 |
| 8 | KINS C&C | 241 |
| 9 | Gootkit C&C | 233 |
| 10 | IcedId C&C | 148 |
| 11 | PandaZeuS C&C | 139 |
| 12 | OrcusRAT C&C | 139 |
| 13 | QuasarRAT C&C | 138 |
| 14 | TrickBot C&C | 137 |
| 15 | DCRat C&C | 101 |
| 16 | CobaltStrike C&C | 90 |
| 17 | QNodeService C&C | 61 |
| 18 | ServHelper C&C | 58 |
| 19 | BazaLoader C&C | 53 |
| 20 | RaccoonStealer C&C | 52 |