Statistics
Top Malware
AsyncRAT
Blacklisted SSL Certificates
5'997
Top issuing CA
Let's Encrypt Authority X3
Blacklisted JA3 Fingerprints
97
Distinct Malware Families
146
Top issuing CAs
The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.
Rank | Certificate Authority (CA) | SSL certificates |
---|---|---|
1 | AsyncRAT Server | 787 |
2 | Let's Encrypt Authority X3 | 463 |
3 | Quasar Server CA | 250 |
4 | BitRAT | 248 |
5 | C=US, ST=Denial, L=Springfield, O=Dis | 228 |
6 | R3 | 217 |
7 | localhost | 217 |
8 | DcRat Server, OU=qwqdanchun, O=DcRat By qwqdanchun, L=SH, C=CN | 200 |
9 | C=XX, L=Default City, O=Default Company Ltd | 199 |
10 | example.com | 153 |
Top SSL Certificate Common-Names (CN)
The table below documents the top ten common-names (CN) used by botnet C&Cs.
Rank | Common-Nanme | SSL certificates |
---|---|---|
1 | AsyncRAT Server | 787 |
2 | DcRat | 333 |
3 | Quasar Server CA | 250 |
4 | BitRAT | 248 |
5 | C=US, ST=Denial, L=Springfield, O=Dis | 228 |
6 | localhost | 217 |
7 | C=XX, L=Default City, O=Default Company Ltd | 199 |
8 | example.com | 153 |
9 | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 143 |
10 | * | 139 |
Top Listing Reasons
The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.
Rank | Listing reason | SSL certificates |
---|---|---|
1 | AsyncRAT C&C | 1'130 |
2 | Dridex C&C | 735 |
3 | Gozi C&C | 348 |
4 | Quakbot C&C | 292 |
5 | Malware C&C | 292 |
6 | BitRAT C&C | 283 |
7 | TorrentLocker C&C | 271 |
8 | QuasarRAT C&C | 264 |
9 | KINS C&C | 241 |
10 | Gootkit C&C | 233 |
11 | DCRat C&C | 213 |
12 | OrcusRAT C&C | 165 |
13 | IcedId C&C | 151 |
14 | PandaZeuS C&C | 139 |
15 | TrickBot C&C | 137 |
16 | CobaltStrike C&C | 97 |
17 | QNodeService C&C | 61 |
18 | ServHelper C&C | 58 |
19 | BazaLoader C&C | 53 |
20 | RaccoonStealer C&C | 52 |