Statistics

- Top Malware

Dridex

- Blacklisted SSL Certificates

4'023

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

99

- Distinct Malware Families

104

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1Let's Encrypt Authority X3463
2AsyncRAT Server265
3C=US, ST=Denial, L=Springfield, O=Dis228
4localhost215
5C=XX, L=Default City, O=Default Company Ltd199
6example.com152
7C=AU, ST=Some-State, O=Internet Widgits Pty Ltd140
8*129
9R3106
10localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd105

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1AsyncRAT Server265
2C=US, ST=Denial, L=Springfield, O=Dis228
3localhost215
4C=XX, L=Default City, O=Default Company Ltd199
5example.com152
6C=AU, ST=Some-State, O=Internet Widgits Pty Ltd140
7*129
8localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd105
9BitRAT78
10Orcus Server65

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1Dridex C&C735
2Gozi C&C327
3AsyncRAT C&C300
4Quakbot C&C292
5TorrentLocker C&C271
6KINS C&C241
7Malware C&C236
8Gootkit C&C233
9IcedId C&C146
10PandaZeuS C&C139
11TrickBot C&C137
12OrcusRAT C&C95
13BitRAT C&C87
14QNodeService C&C61
15RaccoonStealer C&C45
16Shylock C&C45
17Adwind C&C44
18ZLoader C&C42
19QuasarRAT C&C39
20BazaLoader C&C37