Certificate feed (TCF-0601)
The service provides a continuous list of certificates alongside the information about associated samples signed with the certificate(s). The feed output can be filtered by sample classification status - for example, it can return certificates that signed only malware samples (with samples being included). This is an easy way for a user to get valid and self-signed certificates that are being used in impersonation attempts.
Basic records include sample SHA1 hash, certificate thumbprints, and the time the record was inserted into the feed.
Extended records contain:
- additional sample properties: SHA1 hash, MD5 hash, SHA256 hash, sample size, sample type, download availability of the sample, first and last seen dates (UTC), as well as the hashes of files containing the sample;
- sample reputation information: classification, threat level, trust factor, malware family name, malware type, threat name, targeted platform and subplatform;
- certificate properties: certificate status, date until the certificate was whitelisted, date since certificate is blacklisted, reason for whitelisting/blacklisting, first seen date, certificate threat level and trust factor;
- certificate validation;
- the certificate chain of trust.
The response can be filtered by sample classification status.
The feed stores records for the last 365 days.
Certificate Feed
Get feed data starting from the requested time
The query returns certificate information and information about signed samples that was stored since the requested date and time.
If the requested timestamp is not within the last 365 days, the service will respond with the status code 400 Bad Request.
GET /api/feed/certificate/v1/query/from/{time_format}/{start_time}[/page/{page}]?[format=xml|json]&[classification=MALICIOUS|SUSPICIOUS|KNOWN|UNKNOWN]&[limit=1-100]&[extended=true|false]
Request format
time_format- Time format in which the date and time should be requested. It is possible to choose between
utcandtimestamp - Required
- Time format in which the date and time should be requested. It is possible to choose between
start_time- Time value that should be requested. If the chosen time format is
timestamp, the time value should be an integer representing time. In case of UTC, the time value should be in the %Y-%m-%dT%H:%M:%S format - Required
- Time value that should be requested. If the chosen time format is
page- An optional pagination parameter for retrieving the next page of the results. The pagination value for the next page is provided in the previous request response
- Optional
format- An optional parameter that allows choosing the response format. Supported values are
xmlandjson; the default isxml - Optional
- An optional parameter that allows choosing the response format. Supported values are
limit- The maximum number of records to return in the certificate feed. It is possible to choose a number between 1 and 100; if the parameter is not provided in the request, defaults to 100
- Optional
extended- Allows choosing between extended (
true) and non-extended data set (false); if the parameter is not provided in the request, defaults tofalse(non-extended) - Optional
- Allows choosing between extended (
classification- If this parameter is provided in the request, the query will return a list of only those records that match the requested sample's classification. It is possible to combine and request multiple classifications at once. Supported values are: KNOWN, SUSPICIOUS, MALICIOUS, UNKNOWN
- Optional
Response format
The query will return records that were stored in the feed starting from the requested time. The records will be sorted in ascending order by their stored time. The API will return a list of maximum limit records. If the limit value is not provided in the request, 100 records will be returned by default.
Response fields that will be returned depend on the selected data set. If the extended option is not set to true, the response will only include a list of records, each containing a sample SHA1 hash, certificate thumbprints, and the time the record was inserted into the feed.
Response fields
next_page
- hash value for the next page that can be used with the
pageparameter in the next request to retrieve more records
request
-
limit- number of requested records
-
extended- requested data set
-
response_format- output format
-
page- page indicator (returned only if the
pageparameter is in the request)
- page indicator (returned only if the
-
classification- sample classification (returned only if the
classificationparameter is in the request) certificate_feed
- sample classification (returned only if the
-
signatures- Signature information is presented as a signature chain of trust. It includes information about counter-signatures and, recursively, issuer certificates until root certificate is reached. Individual certificate information includes the following fields: common_name, valid_from, valid_to, signature_algorithm, signature, extensions, certificate_thumbprints, serial_number, version, issuer
-
sha1- Sample SHA1 hash
-
sha256- Sample SHA256 hash
-
md5- Sample MD5 hash
-
pe_sha1(optional)- SHA1 authentihash of the PE file used in the authenticode signing process
-
pe_sha256(optional)- SHA256 authentihash of the PE file used in the authenticode signing process
-
container_sha1- SHA1 hash of the sample container
-
first_seen(optional)- Time when the sample was first seen in the ReversingLabs system (UTC)
-
last_seen(optional)- Time when the sample was last seen in the ReversingLabs system (UTC)
-
sample_type- Sample type
-
sample_size- Sample size in bytes
-
sample_available- Indicates whether the sample is available for download
-
classification- Classification of the sample
-
platform(optional)- Indicates the platform targeted by the malware
-
subplatform(optional)- Indicates the subplatform targeted by the malware
-
threat_name(optional)- Detected threat name for malicious and suspicious samples
-
malware_type(optional)- Malware type for malicious and suspicious samples
-
malware_family(optional)- Malware family for malicious and suspicious samples
-
threat_level(optional)- Threat level of the sample (returned only for samples classified as MALICIOUS and SUSPICIOUS)
-
trust_factor(optional)- Trust factor of the sample (returned only for samples classified as KNOWN)
-
validation- List of validation descriptions for a certificate associated with a sample at the time the sample was detected
-
certificate_thumbprints- MD5, SHA1, SHA256 thumbprints of the certificate used to sign the sample(s). MD5, SHA1 are available from October 2019.
-
certificate_status- Indicates whether the certificate is whitelisted/blacklisted/undefined
-
whitelisted_to(optional)- Property that applies only to certificates that were first whitelisted and then blacklisted. Indicates the date until which the certificate was considered whitelisted. The value returned here should correspond to the
blacklisted_fromfield
- Property that applies only to certificates that were first whitelisted and then blacklisted. Indicates the date until which the certificate was considered whitelisted. The value returned here should correspond to the
-
blacklisted_from(optional)- Indicates the last valid signing time of a certificate that is now blacklisted
-
reason(optional)- Indicates the reason for whitelisting/blacklisting the certificate
-
certificate_threat_level(optional)- A property of blacklisted certificates expressed as a number in range [0-5]
-
certificate_trust_factor(optional)- A property of whitelisted certificates expressed as a number in range [0-5]
-
certificate_first_seen- Time when the certificate was first seen in the ReversingLabs system (UTC)
Get the latest feed data
The query returns the latest certificate information and the information about signed samples.
GET /api/feed/certificate/v1/query/latest[/page/{page}]?[format=xml|json]&[classification=MALICIOUS|SUSPICIOUS|KNOWN|UNKNOWN]&[limit=1-1000]&[extended=true|false]
Request format
page- An optional pagination parameter for retrieving the next page of the results. The pagination value for the next page is provided in the previous request response
- Optional
format- An optional parameter that allows choosing the response format. Supported values are
xmlandjsonformat for the response;xmlis default - Optional
- An optional parameter that allows choosing the response format. Supported values are
limit- The maximum number of records to return in the certificate feed. It is possible to choose a number between 1 and 1000; if the parameter is not provided in the request, defaults to 1000
- Optional
extended- Allows choosing between extended (
true) and non-extended data set (false); if the parameter is not provided in the request, defaults tofalse(non-extended) - Optional
- Allows choosing between extended (
classification- If this parameter is provided in the request, the query will return a list of only those records that match the requested sample's classification. It is possible to combine and request multiple classifications at once. Supported values are: KNOWN, SUSPICIOUS, MALICIOUS, UNKNOWN
- Optional
Response format
The query returns records that were stored in the feed starting from 10 seconds before the request, ordered descending by stored time.
The API will return a list of maximum limit records. If the limit value is not provided in the request, 1000 records will be returned by default.
Response fields are the same as for the Get feed data starting from the requested time query <query-response>.
Examples
Example 1
Retrieving information starting from UTC time 27.09.2019. 00:00:00, listing three feed records, in JSON format.
Request
GET /api/feed/certificate/v1/query/from/utc/2019-09-27T00:00:00?format=json&limit=3
Response
{
"rl": {
"certificate_feed": [
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "0907bfee555ef20b67fcb1c92bd48d52"
},
{
"name": "SHA1",
"value": "aad10e16489a9f6bee789dfc171958b1db036a1c"
},
{
"name": "SHA256",
"value": "48525B3B128B48FE54D437508F4EEE2CA89E1288621A7569CE48BB08AAC210FE"
}
],
"sha1": "5f5bb550099561881c5aca6fdd079418e31d2bb7",
"inserted_on": "2019-09-27 00:00:15"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "c678645d41a50cf837e645e6889a02f9"
},
{
"name": "SHA1",
"value": "1a6ac0549a4a44264deb6ff003391da2f285b19f"
},
{
"name": "SHA256",
"value": "BA215596C19AEC4E1D25D32D284474D6F824228B74621738F6EE2CE603C9EF2F"
}
],
"sha1": "69d185adde13eef094692862d41ff6d81c338f5d",
"inserted_on": "2019-09-27 00:00:15"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "1d0f25354806f80e67cc765acecbec29"
},
{
"name": "SHA1",
"value": "61ebbc6cbf12d6afb3bc32f675428215043b7f6d"
},
{
"name": "SHA256",
"value": "FC0028CF0C52E3399D1D1890FB6581F6AC44595619CA358428ECF968A95A3D99"
}
],
"sha1": "9b293548d6426a195f56cafba7de68202c548837",
"inserted_on": "2019-09-27 00:00:15"
}
],
"next_page": "15695424159d492e84cb4eae1934793fcf2c77e53a61c13389",
"request": {
"limit": 3,
"response_format": "json"
}
}
}
Example 2
Retrieving information starting from UTC time 27.09.2019. 00:00:00 with next page SHA1 15695424159d492e84cb4eae1934793fcf2c77e53a61c13389 listing three feed records, in JSON format.
Request
GET /api/feed/certificate/v1/query/from/utc/2019-09-27T00:00:00/page/15695424159d492e84cb4eae1934793fcf2c77e53a61c13389?format=json&limit=3
Response
{
"rl": {
"certificate_feed": [
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "988eb04c9b0bbef5ed76054cc91b6a59"
},
{
"name": "SHA1",
"value": "c82273a065ec470fb1ebde846a91e6ffb29e9c12"
},
{
"name": "SHA256",
"value": "FFE713A0436DE7A5A6096F4B545DFC2339F2A0752E959C73EA078807405F53D6"
}
],
"sha1": "9d492e84cb4eae1934793fcf2c77e53a61c13389",
"inserted_on": "2019-09-27 00:00:15"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "4298e7e94db45ba5845048beea7b46b5"
},
{
"name": "SHA1",
"value": "5f0ea4b93e4a403cf923937f0faa88ab6b3dffce"
},
{
"name": "SHA256",
"value": "ADCB6EBA078AFC94FBBFC9E3627581C72FFB0AB8995AD47F18ACC04D65326192"
}
],
"sha1": "2ff2e55562e675bb5871e95dc0e136a3fccc0557",
"inserted_on": "2019-09-27 00:00:18"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "62fecb587eb46113c2afbbaadd422575"
},
{
"name": "SHA1",
"value": "e9129f8eddc58d377003a3a11cb2688440330179"
},
{
"name": "SHA256",
"value": "6F8E2A0358D3C3663C0DF69F5E5858906CE68CBFBAC6F01E2BF463BC350F7614"
}
],
"sha1": "318d5aedf2fab9127170e2da6d3d4fc4b8f91d6c",
"inserted_on": "2019-09-27 00:00:18"
}
],
"next_page": "15695424185ad2fdd090d922caf6c3869675b62ce0e2c47e28",
"request": {
"limit": 3,
"page": "15695424159d492e84cb4eae1934793fcf2c77e53a61c13389",
"response_format": "json"
}
}
}
Example 3
Retrieving information starting from timestamp 1569542400, listing just one feed record, in JSON format, with an extended data set.
Request
GET /api/feed/certificate/v1/query/from/timestamp/1674734311?format=json&limit=1&extended=true
Response
{
"rl": {
"certificate_feed": [
{
"container_sha1": "797ddbf06404d87afd3b5280d8901b02308ead20",
"signatures": {
"counter_signatures": [
{
"counter_signatures": null,
"certificate": {
"valid_from": "2022-09-21T00:00:00Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2033-11-21T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "True",
"name": "X509v3 Extended Key Usage",
"value": "Time Stamping"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.4.2\nPolicy: 2.16.840.1.114412.7.1\n"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:BA:16:D9:6D:4D:85:2F:73:29:76:9A:2F:75:8C:6A:20:8F:9E:C8:6F\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "62:8A:DE:D0:61:FC:8F:31:14:ED:97:0B:CD:3D:2A:94:14:DF:52:9C"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt\n"
}
],
"signature": "55AA2A1AF346F378573730FC75E34FD68523F1FCF995399B25E6F7728A98C377D464FC15FB36C249512C7888635509463900FC69D4CA9B29FBA33FC0C9009B131DB09889DC78F2CD7C85CD539DAF62E26166A3142A45874A98422B50FC1BB59E083009FAE42DD7098979F909E688CE7D1BB86AA29BC1536009E8A3B89DD7AD1F1CB8EC9841F0F60E80FBE4FFDF9D10A7EB00BA5F4A8F1A3A52B4EABF0949153536599A0F54D2B21B7F7E5E09AD76548A746DCAD205672B76EBFF98B226953819884414E50A59A26BE7223E4421D23F1CC09BED7C48B2D8920C914F3C6694AF5D0253EB9EE29EE4D31F8601649C00C2E95A74750D3DE17988BF1C0197C9192380D7365A5F9616B1630CC646403BCE5D35D4593E439A18AEC3C9CBC3FB9B135F6AB5C7E0F305C359DF27622BDE41C953B9FF341067F62632987BFE5C42948194829DAC0A8BC64B154AD3989045603380E023DEF803A4F64547E5CEB8034247E841367177ADFDA2E897744E2EDA1E1D8C5AC81E9AD5C2F0C622A84F9BBDD81C9A51C42F9AF65FA72797BA962E8557C060E778567F6AEFC2959A4B1102C8829CC91A057CBA71B54E7A996CF4E89ED45A98C89FBF8DBB185C43F5D02AE8E262EE7804DBBDD1FB5B0AA8707EF0978478E308035D472C63A825389701D23F3ADAE5E5F6E69BDC7E2CCCFF174C4D00A2D8D6010EB88BEEE6E07255892C271961F677018C",
"common_name": "DigiCert Timestamp 2022 - 2",
"serial_number": "0C4D69724B94FA3C2A4A3D2907803D5A",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "c1b349871880f9359e1e241630313de9"
},
{
"name": "SHA1",
"value": "f387224d8633829235a994bcbd8f96e9fe1c7c73"
},
{
"name": "SHA256",
"value": "C7F4E1BE32288920ABE2263ABE1AC4FC4FE6781C2D64D04C807557A023B5B6FA"
}
],
"issuer": {
"valid_from": "2022-03-23T00:00:00Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2037-03-22T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "BA:16:D9:6D:4D:85:2F:73:29:76:9A:2F:75:8C:6A:20:8F:9E:C8:6F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Time Stamping"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedRootG4.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedRootG4.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.4.2\nPolicy: 2.16.840.1.114412.7.1\n"
}
],
"signature": "7D598EC093B66F98A94422017E66D6D82142E1B0182E104D13CF3053CEBF18FBC7505DE24B29FB708A0DAA2969FC69C1CF1D07E93E60C8D80BE55C5BD76D87FA842025343167CDB612966FC4504C621D0C0882A816BDA956CF15738D012225CE95693F4777FB727414D7FFAB4F8A2C7AAB85CD435FED60B6AA4F91669E2C9EE08AACE5FD8CBC6426876C92BD9D7CD0700A7CEFA8BC754FBA5AF7A910B25DE9FF285489F0D58A717665DACCF072A323FAC0278244AE99271BAB241E26C1B7DE2AEBF69EB1799981A35686AB0A45C9DFC48DA0E798FBFBA69D72AFC4C7C1C16A71D9C6138009C4B69FCD878724BB4FA349B9776691F1729CE94B0252A7377E9353AC3B1D08490F94CD397ADDFF256399272C3D3F6BA7F166C341CD4FB6409B212140D0B71324CDDC1D783AE49EADE5347192D7266BE43873ABA6014FBD3F3B78AD4CADFBC4957BED0A5F33398741787A38E99CE1DD23FD1D28D3C7F9E8F1985FFB2BD87EF2469D752C1E272C26DB6F157B1E198B36B893D4E6F2179959CA70F037BF9800DF20164F27FB606716A166BADD55C03A2986B098A02BED9541B73AD5159831B462090F0ABD81D913FEBFA4D1F357D9BC04FA82DE32DF0489F000CD5DC2F9D0237F000BE4760226D9F0657642A6298709472BE67F1AA4850FFC9896F655542B1F80FAC0F20E2BE5D6FBA92F44154AE7130E1DDB37381AA12BF6EDD67CFC",
"common_name": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
"serial_number": "073637B724547CD847ACFD28662A5E5B",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "9e3e4fa44117441dba73c28e983fc05f"
},
{
"name": "SHA1",
"value": "b6c8af834d4e53b673c76872aa8c950c7c54df5f"
},
{
"name": "SHA256",
"value": "281734D4592D1291D27190709CB510B07E22C405D5E0D6119B70E73589F98ACF"
}
],
"issuer": {
"valid_from": "2013-08-01T12:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2038-01-15T12:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
}
],
"signature": "BB61D97DA96CBE17C4911BC3A1A2008DE364680F56CF77AE70F9FD9A4A99B9C9785C0C0C5FE4E61429560B36495D4463E0AD9C9618661B230D3D79E96D6BD654F8D23CC14340AE1D50F552FC903BBB9899696BC7C1A7A868A427DC9DF927AE3085B9F6674D3A3E8F5939225344EBC85D03CAED507A7D62210A80C87366D1A005605FE8A5B4A7AFA8F76D359C7C5A8AD6A23899F3788BF44DD2200BDE04EE8C9B4781720DC01432EF30592EAEE071F256E46A976F92506D968D687A9AB236147A06F224B9091150D708B1B8897A8423614229E5A3CDA22041D7D19C64D9EA26A18B14D74C19B25041713D3F4D7023860C4ADC81D2CC3294840D0809971C4FC0EE6B207430D2E03934108521150108E85532DE7149D92817504DE6BE4DD175ACD0CAFB41B843A5AAD3C305444F2C369BE2FAE245B823536C066F67557F46B54C3F6E285A7926D2A4A86297D21EE2ED4A8BBC1BFD474A0DDF67667EB25B41D03BE4F43BF40463E9EFC2540051A08A2AC9CE78CCD5EA870418B3CEAF4988AFF39299B6B3E6610FD28500E7501AE41B959D19A1B99CB19BB1001EEFD00F4F426CC90ABCEE43FA3A71A5C84D26A535FD895DBC85621D32D2A02B54ED9A57C1DBFA10CF19B78B4A1B8F01B6279553E8B6896D5BBC68D423E88B51A256F9F0A680A0D61EB3BC0F0F537529AAEA1377E4DE8C8121AD07104711AD873D07D175BCCFF3667E",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "059B1B579E8E2132E23907BDA777755C",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "78f2fcaa601f2fb4ebc937ba532e7549"
},
{
"name": "SHA1",
"value": "ddfb16cd4931c973a2037d3fc83a4d7d775d05e4"
},
{
"name": "SHA256",
"value": "552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988"
}
],
"issuer": {
"valid_from": "2022-08-01T00:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2031-11-09T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: X509v3 Any Policy\n"
}
],
"signature": "70A0BF435C55E7385FA0A3741B3DB616D7F7BF5707BD9AACA1872CEC855EA91ABB22F8871A695422EDA488776DBD1A14F4134A7A2F2DB738EFF4FF80B9F8A1F7F272DE24BC5203C84ED02ADEFA2D56CFF9F4F7AC307A9A8BB25ED4CFD143449B4321EB9672A148B499CB9D4FA7060313772744D4E77FE859A8F0BF2F0BA6E9F2343CECF703C787A8D24C401935466A6954B0B8A1568EECA4D53DE8B1DCFD1CD8F4775A5C548C6FEFA1503DFC760968849F6FCADB208D35601C0203CB20B0AC58A00E4063C59822C1B259F5556BCF27AB6C76CE6F232DF47E716A236B22FF12B8542D277ED83AD9F0B68796FD5BD15CAC18C34D9F73B701A99F57AA5E28E2B994",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "0E9B188EF9D02DE7EFDB50E20840185A",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "8ddd0bc6d9d770eb6b2b671a862855cc"
},
{
"name": "SHA1",
"value": "a99d5b79e9f1cda59cdab6373169d5353f5874c6"
},
{
"name": "SHA256",
"value": "33846B545A49C9BE4903C60E01713C1BD4E4EF31EA65CD95D69E62794F30B941"
}
],
"issuer": "DigiCert Assured ID Root CA"
}
}
}
}
}
]
"certificate": {
"valid_from": "2022-04-29T00:00:00Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2024-05-01T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "58:E5:82:F0:BE:FD:83:68:8C:A4:4A:5E:AA:80:78:F7:FE:80:36:1B"
},
{
"is_critical": "False",
"name": "X509v3 Subject Alternative Name",
"value": "othername:<unsupported>"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl\n\nFull Name:\n URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.3\n CPS: http://www.digicert.com/CPS\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt\n"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
}
],
"signature": "1DB129B746C0E2F211D37F527B6B81B1553ABB96493CFCF6C9F68F7B1CC4F0C8E0E2FAFDC3AF766BCA16B5C64FF9325CCD8C2D0B1F55B7CD60C234D4F935CCBBEFFFADBB0999BE73C2A1F18419C7499C18199F0378DE5A04EBA61FAE9F00F0C64C7377E573CC4FCCD38B8CA1CB7ECC35F7971CFEA51E71E474E8E2EF8BBAD13CB3E69A079D04B5FFED4123BCA21ADD0723F9255052F01CBCCF065ADEA3EB8D572D32674EF270BB846421BA1B899D310131556C2E532E6B3862E80BC333F410FC127E109D98044E21AC63D5CBE7D8E7B02E89875892E09FBFD496592ED387DAFD41CCD9BB7E49125222D0024B1D10A584CFF59D03C806F08A2843CFD57CC9B8DDAC0DE1FA069EF38C7DDA4A98E3D56A9689F0DF2B1505AF8475F86A6A4D8393506AEAF105C8A01DC6518ED8BABB86D27B0828C788E61B097D78E9199FDA93F97B65641A57396444175A38103CA5B7EB4ECEF0CE52D1575D4C6DC45E62BE0AD28B759933D5475A356CB9903EB67454224CDDBE2A1CAA255E97B77DC00517DF49D13AE7D8368E030A420E3E9CB43BDDE9E9DCC4D2BAC6F27F8F27DDA37ABB48C7982F5B768C8A849A1F5F08DE000463F63D2A36210AF5B6706801FBBF49A385E3CA4C8369353482596926A3B6FFCC1487E821AC2684571C72ED9DF7A0FA713DF3D45FF9257722B500A4C6936FC2E5D9116CEB4116AD6DC268316888E6286EE92D3B",
"common_name": "Adobe Inc.",
"serial_number": "0C2896110788B129825FB1D1F6BAACA3",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "318362c1c531fb204e985e5b8fa561ef"
},
{
"name": "SHA1",
"value": "b428bb409b67d9a4f701735cf06536c0c8c0f8f6"
},
{
"name": "SHA256",
"value": "8CA6CFA8D13913048FEA73CAF4BAC4485C0005AAB2B87F461B6B5ED32F9A9270"
}
],
"issuer": {
"valid_from": "2021-04-29T00:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2036-04-28T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedRootG4.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedRootG4.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.3\nPolicy: 2.23.140.1.4.1\n"
}
],
"signature": "3A23443D8D0876EE8FBC3A99D356E0021AA5F84834F32CB6E67466F79472B100CAAF6C302713129E90449F4BFD9EA37C26D537BC3A5D486D95D53F49F427BB16814550FD9CBDB685E0767E3771CB22F75AAA90CFF5936AE3EB20D1D55079889A8A8AC1B6BDA148187EDCD8801A111918CD61998156F6C9E376E7C4E41B5F43F83E94FF76393D9ED499CF4ADD28EB5F26A1955848D51AFED7273FFD90D17686DD1CB0605CF30DA8EEE089A1BD39E1384EDA6EBB369DFBE521535AC3CAE96AF1A23EDB43B833C84F38149299F5DDCE546DD95D02141F40337C03E295B2C221757352CB46D8C4341CA2A54B8DCD6F76372C853F1ACE26E918BE9007B0437F9588208270F0CCCAEFFD29355C1F893855F7378A8B09A1CB0BE9311AFF2E195C3971E1BE9CA70A06D62667B792E64E5FDE7AAC49CF2EA47492ADDB3CA49C861FE3C1561B2B23FF8FB5EA887B706BE6A0BAFD3A3F45A6C4E81691528B41C048844B964DAB4440E38DF01528CEEDF11856072A2F10C40C08643C338FAE288C3CCB8F880B0DBF3BF4CE1E7B8EEFB5EBCBB7F07713E6E7283FAC12AEA52F226C41F9825C1566CC6C0ECAC586C3F626330C074BA0D307026A6A4030484B34A85120BBAD1B8508E2590D6DCA05502BEA4A1C9EA5FDA0A71F0674E7F2D65290FDAF854821F9573BB49C03ED8645F4B4616EBF68E2266086EAC8AFA9FE941DE7631B3A8656784E",
"common_name": "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
"serial_number": "08AD40B260D29C4C9F5ECDA9BD93AED9",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "d91299e84355cd8d5a86795a0118b6e9"
},
{
"name": "SHA1",
"value": "7b0f360b775f76c94a12ca48445aa2d2a875701c"
},
{
"name": "SHA256",
"value": "46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B"
}
],
"issuer": {
"valid_from": "2013-08-01T12:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2038-01-15T12:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
}
],
"signature": "BB61D97DA96CBE17C4911BC3A1A2008DE364680F56CF77AE70F9FD9A4A99B9C9785C0C0C5FE4E61429560B36495D4463E0AD9C9618661B230D3D79E96D6BD654F8D23CC14340AE1D50F552FC903BBB9899696BC7C1A7A868A427DC9DF927AE3085B9F6674D3A3E8F5939225344EBC85D03CAED507A7D62210A80C87366D1A005605FE8A5B4A7AFA8F76D359C7C5A8AD6A23899F3788BF44DD2200BDE04EE8C9B4781720DC01432EF30592EAEE071F256E46A976F92506D968D687A9AB236147A06F224B9091150D708B1B8897A8423614229E5A3CDA22041D7D19C64D9EA26A18B14D74C19B25041713D3F4D7023860C4ADC81D2CC3294840D0809971C4FC0EE6B207430D2E03934108521150108E85532DE7149D92817504DE6BE4DD175ACD0CAFB41B843A5AAD3C305444F2C369BE2FAE245B823536C066F67557F46B54C3F6E285A7926D2A4A86297D21EE2ED4A8BBC1BFD474A0DDF67667EB25B41D03BE4F43BF40463E9EFC2540051A08A2AC9CE78CCD5EA870418B3CEAF4988AFF39299B6B3E6610FD28500E7501AE41B959D19A1B99CB19BB1001EEFD00F4F426CC90ABCEE43FA3A71A5C84D26A535FD895DBC85621D32D2A02B54ED9A57C1DBFA10CF19B78B4A1B8F01B6279553E8B6896D5BBC68D423E88B51A256F9F0A680A0D61EB3BC0F0F537529AAEA1377E4DE8C8121AD07104711AD873D07D175BCCFF3667E",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "059B1B579E8E2132E23907BDA777755C",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "78f2fcaa601f2fb4ebc937ba532e7549"
},
{
"name": "SHA1",
"value": "ddfb16cd4931c973a2037d3fc83a4d7d775d05e4"
},
{
"name": "SHA256",
"value": "552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988"
}
],
"issuer": {
"valid_from": "2022-06-09T00:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2031-11-09T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Time Stamping"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.4.2\nPolicy: 2.16.840.1.114412.7.1\n"
}
],
"signature": "9A1602A501EF81FB0DB458B278ADA82319D97337DA609E51D7CBF82F40B9A31F7C404E333E903CE789017585E8627B1D56E071BADE5EC637BC795C62004DF8497A514D0632F3C5D2002A2720EA892E1539E02C3EF8757C2C824161350F23D0ED3595D288952943CBE0A658107C538E9F45C9203714C0ED19BA7E7739D25496C7A611DF3433F67552424B1C9D8D96D5956C471214245F2641FA1A46BDDEB0E5914703AC1808CBCBDB66897F2B9C65BFBE374EBE2DF39D4AC3CCCC475EC89595ADD1CBBB2A0620F93F72EA36EB4572927A297B14033CFB4DD648717A10118A0874CD6C1B045CD28A950376515053D62EF74A46C3AE102C714CB087B62737446044",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "01240AFB1E380B8A16F14B719DF4D3C0",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "3291a2f1ac361c6bd3135018680eef08"
},
{
"name": "SHA1",
"value": "18c57901aa5ec47719c39400e1239a7ef12e9270"
},
{
"name": "SHA256",
"value": "4C913D04FB495DC36119552D6068F7B9891EFE40344E9E5C1E9132F65BAEFF7F"
}
],
"issuer": {
"valid_from": "2006-11-10T00:00:00Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2031-11-10T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
}
],
"signature": "A20EBCDFE2EDF0E372737A6494BFF77266D832E4427562AE87EBF2D5D9DE56B39FCCCE1428B90D97605C124C58E4D33D834945589735691AA847EA56C679AB12D8678184DF7F093C94E6B8262C20BD3DB32889F75FFF22E297841FE965EF87E0DFC16749B35DEBB2092AEB26ED78BE7D3F2BF3B726356D5F8901B6495B9F01059BAB3D25C1CCB67FC2F16F86C6FA6468EB812D94EB42B7FA8C1EDD62F1BE5067B76CBDF3F11F6B0C3607167F377CA95B6D7AF112466083D72704BE4BCE97BEC3672A6811DF80E70C3366BF130D146EF37F1F63101EFA8D1B256D6C8FA5B76101B1D2A326A110719DADE2C3F9C39951B72B0708CE2EE650B2A7FA0A452FA2F0F2",
"common_name": "DigiCert Assured ID Root CA",
"serial_number": "0CE7E0E517D846FE8FE560FC1BF03039",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "87ce0b7b2a0e4900e158719b37a89372"
},
{
"name": "SHA1",
"value": "0563b8630d62d75abbc8ab1e4bdfb5a899b24d43"
},
{
"name": "SHA256",
"value": "3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C"
}
],
"issuer": {
"valid_from": "2006-11-10T00:00:00Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2031-11-10T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
}
],
"signature": "A20EBCDFE2EDF0E372737A6494BFF77266D832E4427562AE87EBF2D5D9DE56B39FCCCE1428B90D97605C124C58E4D33D834945589735691AA847EA56C679AB12D8678184DF7F093C94E6B8262C20BD3DB32889F75FFF22E297841FE965EF87E0DFC16749B35DEBB2092AEB26ED78BE7D3F2BF3B726356D5F8901B6495B9F01059BAB3D25C1CCB67FC2F16F86C6FA6468EB812D94EB42B7FA8C1EDD62F1BE5067B76CBDF3F11F6B0C3607167F377CA95B6D7AF112466083D72704BE4BCE97BEC3672A6811DF80E70C3366BF130D146EF37F1F63101EFA8D1B256D6C8FA5B76101B1D2A326A110719DADE2C3F9C39951B72B0708CE2EE650B2A7FA0A452FA2F0F2",
"common_name": "DigiCert Assured ID Root CA",
"serial_number": "0CE7E0E517D846FE8FE560FC1BF03039",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "87ce0b7b2a0e4900e158719b37a89372"
},
{
"name": "SHA1",
"value": "0563b8630d62d75abbc8ab1e4bdfb5a899b24d43"
},
{
"name": "SHA256",
"value": "3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C"
}
],
"issuer": "DigiCert Assured ID Root CA"
}
}
}
}
}
}
},
"classification": "KNOWN",
"certificate_status": "undefined",
"sample_available": "False",
"first_seen": "2023-01-26 11:38:10",
"threat_level": "0",
"trust_factor": "5",
"sample_type": "PE/Exe/UPX",
"inserted_on": "2023-01-26 11:58:32",
"sha256": "a3cca01bc2b3dd37ead4879d60a5dde3fb70f41daa45bde3aef9a68ee60ded74",
"pe_sha256": "18854c7bcef20608507dc85a8bdce9fba6c29c6dcca4da1533925a7849fb0a9d",
"certificate_first_seen": "2022-06-22 08:00:40",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "318362c1c531fb204e985e5b8fa561ef"
},
{
"name": "SHA1",
"value": "b428bb409b67d9a4f701735cf06536c0c8c0f8f6"
},
{
"name": "SHA256",
"value": "8CA6CFA8D13913048FEA73CAF4BAC4485C0005AAB2B87F461B6B5ED32F9A9270"
}
],
"md5": "aafff0742bb0b7bbc54163b512347554",
"sha1": "797ddbf06404d87afd3b5280d8901b02308ead20",
"pe_sha1": "ad4dcd1fbc10a6f8b192c1c958dcc44926fb1e9f",
"sample_size": "2860856",
"last_seen": "2023-01-26 11:58:27"
}
],
"next_page": "167473431280124d78601aa15e3ab5bf324ea41f84c8cab689",
"request": {
"limit": 1,
"response_format": "json"
}
}