Statistics

- Top Malware

Dridex

- Blacklisted SSL Certificates

2'690

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

67

- Distinct Malware Families

74

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1C=US, ST=Denial, L=Springfield, O=Dis228
2localhost214
3C=XX, L=Default City, O=Default Company Ltd186
4example.com145
5C=AU, ST=Some-State, O=Internet Widgits Pty Ltd129
6Let's Encrypt Authority X3111
7*71
8domain.com/O=My Company Name LTD./C=US54
9COMODO RSA Domain Validation Secure Server CA34
10southnorth.org33

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1C=US, ST=Denial, L=Springfield, O=Dis228
2localhost214
3C=XX, L=Default City, O=Default Company Ltd186
4example.com145
5C=AU, ST=Some-State, O=Internet Widgits Pty Ltd129
6*71
7domain.com/O=My Company Name LTD./C=US54
8southnorth.org33
9Orcus Server15
10googleforking.com14

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1Dridex C&C721
2Quakbot C&C292
3TorrentLocker C&C271
4KINS C&C241
5Gootkit C&C234
6Gozi C&C166
7PandaZeuS C&C139
8TrickBot C&C136
9Malware C&C103
10Shylock C&C45
11Vawtrak C&C33
12Qadars C&C26
13IcedId C&C26
14Ransomware C&C25
15ZeuS C&C23
16OrcusRAT C&C20
17Chthonic C&C19
18Shifu C&C19
19Vawtrak MITM15
20Adwind C&C11