Statistics

- Top Malware

Dridex

- Blacklisted SSL Certificates

3'471

- Top issuing CA

Let's Encrypt Authority X3


- Blacklisted JA3 Fingerprints

98

- Distinct Malware Families

94

Top issuing CAs

The table below documents the top ten Certificate Authorities (CA) that are issuing the most SSL certificates for botnet C&Cs. Please note that the statistic blow also includes self-signed certificates.

RankCertificate Authority (CA)SSL certificates
1Let's Encrypt Authority X3400
2C=US, ST=Denial, L=Springfield, O=Dis228
3localhost215
4C=XX, L=Default City, O=Default Company Ltd198
5example.com152
6C=AU, ST=Some-State, O=Internet Widgits Pty Ltd140
7AsyncRAT Server128
8*111
9localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd75
10domain.com/O=My Company Name LTD./C=US54

Top SSL Certificate Common-Names (CN)

The table below documents the top ten common-names (CN) used by botnet C&Cs.

RankCommon-NanmeSSL certificates
1C=US, ST=Denial, L=Springfield, O=Dis228
2localhost215
3C=XX, L=Default City, O=Default Company Ltd198
4example.com152
5C=AU, ST=Some-State, O=Internet Widgits Pty Ltd140
6AsyncRAT Server128
7*111
8localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd75
9domain.com/O=My Company Name LTD./C=US54
10Orcus Server52

Top Listing Reasons

The table below shows the listing reasons for blacklisted SSL certificates on SSLBL.

RankListing reasonSSL certificates
1Dridex C&C735
2Gozi C&C292
3Quakbot C&C292
4TorrentLocker C&C271
5KINS C&C241
6Gootkit C&C233
7Malware C&C215
8AsyncRAT C&C145
9PandaZeuS C&C139
10TrickBot C&C137
11IcedId C&C115
12OrcusRAT C&C77
13QNodeService C&C54
14Shylock C&C45
15Adwind C&C41
16Vawtrak C&C33
17ZLoader C&C29
18Qadars C&C26
19Ransomware C&C25
20ZeuS C&C23