Statistics

- Top Malware

AsyncRAT

- Blacklisted SSL Certificates

5'382

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

97

- Distinct Malware Families

125

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1AsyncRAT Server674
2Let's Encrypt Authority X3463
3BitRAT245
4C=US, ST=Denial, L=Springfield, O=Dis228
5localhost217
6R3211
7C=XX, L=Default City, O=Default Company Ltd199
8Quasar Server CA157
9example.com153
10C=AU, ST=Some-State, O=Internet Widgits Pty Ltd142

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1AsyncRAT Server674
2BitRAT245
3C=US, ST=Denial, L=Springfield, O=Dis228
4localhost217
5DcRat212
6C=XX, L=Default City, O=Default Company Ltd199
7Quasar Server CA157
8example.com153
9C=AU, ST=Some-State, O=Internet Widgits Pty Ltd142
10*139

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1AsyncRAT C&C885
2Dridex C&C735
3Gozi C&C348
4Quakbot C&C292
5BitRAT C&C280
6Malware C&C278
7TorrentLocker C&C271
8KINS C&C241
9Gootkit C&C233
10QuasarRAT C&C166
11DCRat C&C153
12IcedId C&C151
13OrcusRAT C&C149
14PandaZeuS C&C139
15TrickBot C&C137
16CobaltStrike C&C92
17QNodeService C&C61
18ServHelper C&C58
19BazaLoader C&C53
20RaccoonStealer C&C52