Statistics

- Top Malware

Dridex

- Blacklisted SSL Certificates

2'978

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

97

- Distinct Malware Families

85

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1C=US, ST=Denial, L=Springfield, O=Dis228
2Let's Encrypt Authority X3220
3localhost215
4C=XX, L=Default City, O=Default Company Ltd192
5example.com146
6C=AU, ST=Some-State, O=Internet Widgits Pty Ltd133
7*94
8domain.com/O=My Company Name LTD./C=US54
9Orcus Server35
10COMODO RSA Domain Validation Secure Server CA34

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1C=US, ST=Denial, L=Springfield, O=Dis228
2localhost215
3C=XX, L=Default City, O=Default Company Ltd192
4example.com146
5C=AU, ST=Some-State, O=Internet Widgits Pty Ltd133
6*94
7domain.com/O=My Company Name LTD./C=US54
8Orcus Server35
9southnorth.org33
10AsyncRAT Server29

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1Dridex C&C722
2Quakbot C&C292
3TorrentLocker C&C271
4Gozi C&C245
5KINS C&C241
6Gootkit C&C233
7Malware C&C158
8PandaZeuS C&C139
9TrickBot C&C137
10OrcusRAT C&C51
11Shylock C&C45
12IcedId C&C42
13AsyncRAT C&C40
14Vawtrak C&C33
15Adwind C&C28
16Qadars C&C26
17Ransomware C&C25
18ZeuS C&C23
19Chthonic C&C19
20Shifu C&C19