Statistics

- Top Malware

AsyncRAT

- Blacklisted SSL Certificates

9'591

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

97

- Distinct Malware Families

221

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1WE11'304
2AsyncRAT Server861
3Let's Encrypt Authority X3463
4Quasar Server CA404
5DcRat Server, OU=qwqdanchun, O=DcRat By qwqdanchun, L=SH, C=CN260
6BitRAT248
7localhost243
8C=US, ST=Denial, L=Springfield, O=Dis228
9R3217
10C=XX, L=Default City, O=Default Company Ltd199

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1AsyncRAT Server861
2DcRat444
3Quasar Server CA404
4BitRAT248
5localhost243
6C=US, ST=Denial, L=Springfield, O=Dis228
7C=XX, L=Default City, O=Default Company Ltd199
8example.com154
9C=AU, ST=Some-State, O=Internet Widgits Pty Ltd153
10*139

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1AsyncRAT C&C1'402
2Dridex C&C735
3QuasarRAT C&C674
4LummaStealer C&C547
5Vidar C&C504
6OffLoader C&C403
7ConnectWise C&C349
8Gozi C&C348
9Rhadamanthys C&C344
10Malware C&C334
11Quakbot C&C292
12BitRAT C&C284
13DCRat C&C273
14TorrentLocker C&C271
15KINS C&C241
16Gootkit C&C233
17OrcusRAT C&C180
18IcedId C&C151
19CobaltStrike C&C144
20PandaZeuS C&C139