Skip to main content

Certificate feed (TCF-0601)

The service provides a continuous list of certificates alongside the information about associated samples signed with the certificate(s). The feed output can be filtered by sample classification status - for example, it can return certificates that signed only malware samples (with samples being included). This is an easy way for a user to get valid and self-signed certificates that are being used in impersonation attempts.

Basic records include sample SHA1 hash, certificate thumbprints, and the time the record was inserted into the feed.

Extended records contain:

  • additional sample properties: SHA1 hash, MD5 hash, SHA256 hash, sample size, sample type, download availability of the sample, first and last seen dates (UTC), as well as the hashes of files containing the sample;
  • sample reputation information: classification, threat level, trust factor, malware family name, malware type, threat name, targeted platform and subplatform;
  • certificate properties: certificate status, date until the certificate was whitelisted, date since certificate is blacklisted, reason for whitelisting/blacklisting, first seen date, certificate threat level and trust factor;
  • certificate validation;
  • the certificate chain of trust.

The response can be filtered by sample classification status.

The feed stores records for the last 365 days.

Certificate Feed

Get feed data starting from the requested time

The query returns certificate information and information about signed samples that was stored since the requested date and time.

If the requested timestamp is not within the last 365 days, the service will respond with the status code 400 Bad Request.

GET /api/feed/certificate/v1/query/from/{time_format}/{start_time}[/page/{page}]?[format=xml|json]&[classification=MALICIOUS|SUSPICIOUS|KNOWN|UNKNOWN]&[limit=1-100]&[extended=true|false]

Request format

  • time_format
    • Time format in which the date and time should be requested. It is possible to choose between utc and timestamp
    • Required
  • start_time
    • Time value that should be requested. If the chosen time format is timestamp, the time value should be an integer representing time. In case of UTC, the time value should be in the %Y-%m-%dT%H:%M:%S format
    • Required
  • page
    • An optional pagination parameter for retrieving the next page of the results. The pagination value for the next page is provided in the previous request response
    • Optional
  • format
    • An optional parameter that allows choosing the response format. Supported values are xml and json; the default is xml
    • Optional
  • limit
    • The maximum number of records to return in the certificate feed. It is possible to choose a number between 1 and 100; if the parameter is not provided in the request, defaults to 100
    • Optional
  • extended
    • Allows choosing between extended ( true) and non-extended data set ( false); if the parameter is not provided in the request, defaults to false (non-extended)
    • Optional
  • classification
    • If this parameter is provided in the request, the query will return a list of only those records that match the requested sample's classification. It is possible to combine and request multiple classifications at once. Supported values are: KNOWN, SUSPICIOUS, MALICIOUS, UNKNOWN
    • Optional

Response format

The query will return records that were stored in the feed starting from the requested time. The records will be sorted in ascending order by their stored time. The API will return a list of maximum limit records. If the limit value is not provided in the request, 100 records will be returned by default.

Response fields that will be returned depend on the selected data set. If the extended option is not set to true, the response will only include a list of records, each containing a sample SHA1 hash, certificate thumbprints, and the time the record was inserted into the feed.

Response fields

next_page

  • hash value for the next page that can be used with the page parameter in the next request to retrieve more records

request

  • limit

    • number of requested records
  • extended

    • requested data set
  • response_format

    • output format
  • page

    • page indicator (returned only if the page parameter is in the request)
  • classification

    • sample classification (returned only if the classification parameter is in the request) certificate_feed
  • signatures

    • Signature information is presented as a signature chain of trust. It includes information about counter-signatures and, recursively, issuer certificates until root certificate is reached. Individual certificate information includes the following fields: common_name, valid_from, valid_to, signature_algorithm, signature, extensions, certificate_thumbprints, serial_number, version, issuer
  • sha1

    • Sample SHA1 hash
  • sha256

    • Sample SHA256 hash
  • md5

    • Sample MD5 hash
  • pe_sha1 (optional)

    • SHA1 authentihash of the PE file used in the authenticode signing process
  • pe_sha256 (optional)

    • SHA256 authentihash of the PE file used in the authenticode signing process
  • container_sha1

    • SHA1 hash of the sample container
  • first_seen (optional)

    • Time when the sample was first seen in the ReversingLabs system (UTC)
  • last_seen (optional)

    • Time when the sample was last seen in the ReversingLabs system (UTC)
  • sample_type

    • Sample type
  • sample_size

    • Sample size in bytes
  • sample_available

    • Indicates whether the sample is available for download
  • classification

    • Classification of the sample
  • platform (optional)

    • Indicates the platform targeted by the malware
  • subplatform (optional)

    • Indicates the subplatform targeted by the malware
  • threat_name (optional)

    • Detected threat name for malicious and suspicious samples
  • malware_type (optional)

    • Malware type for malicious and suspicious samples
  • malware_family (optional)

    • Malware family for malicious and suspicious samples
  • threat_level (optional)

    • Threat level of the sample (returned only for samples classified as MALICIOUS and SUSPICIOUS)
  • trust_factor (optional)

    • Trust factor of the sample (returned only for samples classified as KNOWN)
  • validation

    • List of validation descriptions for a certificate associated with a sample at the time the sample was detected
  • certificate_thumbprints

    • MD5, SHA1, SHA256 thumbprints of the certificate used to sign the sample(s). MD5, SHA1 are available from October 2019.
  • certificate_status

    • Indicates whether the certificate is whitelisted/blacklisted/undefined
  • whitelisted_to (optional)

    • Property that applies only to certificates that were first whitelisted and then blacklisted. Indicates the date until which the certificate was considered whitelisted. The value returned here should correspond to the blacklisted_from field
  • blacklisted_from (optional)

    • Indicates the last valid signing time of a certificate that is now blacklisted
  • reason (optional)

    • Indicates the reason for whitelisting/blacklisting the certificate
  • certificate_threat_level (optional)

    • A property of blacklisted certificates expressed as a number in range [0-5]
  • certificate_trust_factor (optional)

    • A property of whitelisted certificates expressed as a number in range [0-5]
  • certificate_first_seen

    • Time when the certificate was first seen in the ReversingLabs system (UTC)

Get the latest feed data

The query returns the latest certificate information and the information about signed samples.

GET /api/feed/certificate/v1/query/latest[/page/{page}]?[format=xml|json]&[classification=MALICIOUS|SUSPICIOUS|KNOWN|UNKNOWN]&[limit=1-1000]&[extended=true|false]

Request format

  • page
    • An optional pagination parameter for retrieving the next page of the results. The pagination value for the next page is provided in the previous request response
    • Optional
  • format
    • An optional parameter that allows choosing the response format. Supported values are xml and json format for the response; xml is default
    • Optional
  • limit
    • The maximum number of records to return in the certificate feed. It is possible to choose a number between 1 and 1000; if the parameter is not provided in the request, defaults to 1000
    • Optional
  • extended
    • Allows choosing between extended ( true) and non-extended data set ( false); if the parameter is not provided in the request, defaults to false (non-extended)
    • Optional
  • classification
    • If this parameter is provided in the request, the query will return a list of only those records that match the requested sample's classification. It is possible to combine and request multiple classifications at once. Supported values are: KNOWN, SUSPICIOUS, MALICIOUS, UNKNOWN
    • Optional

Response format

The query returns records that were stored in the feed starting from 10 seconds before the request, ordered descending by stored time.

The API will return a list of maximum limit records. If the limit value is not provided in the request, 1000 records will be returned by default.

Response fields are the same as for the Get feed data starting from the requested time query <query-response>.

Examples

Example 1

Retrieving information starting from UTC time 27.09.2019. 00:00:00, listing three feed records, in JSON format.

Request

GET /api/feed/certificate/v1/query/from/utc/2019-09-27T00:00:00?format=json&limit=3

Response

{
"rl": {
"certificate_feed": [
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "0907bfee555ef20b67fcb1c92bd48d52"
},
{
"name": "SHA1",
"value": "aad10e16489a9f6bee789dfc171958b1db036a1c"
},
{
"name": "SHA256",
"value": "48525B3B128B48FE54D437508F4EEE2CA89E1288621A7569CE48BB08AAC210FE"
}
],
"sha1": "5f5bb550099561881c5aca6fdd079418e31d2bb7",
"inserted_on": "2019-09-27 00:00:15"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "c678645d41a50cf837e645e6889a02f9"
},
{
"name": "SHA1",
"value": "1a6ac0549a4a44264deb6ff003391da2f285b19f"
},
{
"name": "SHA256",
"value": "BA215596C19AEC4E1D25D32D284474D6F824228B74621738F6EE2CE603C9EF2F"
}
],
"sha1": "69d185adde13eef094692862d41ff6d81c338f5d",
"inserted_on": "2019-09-27 00:00:15"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "1d0f25354806f80e67cc765acecbec29"
},
{
"name": "SHA1",
"value": "61ebbc6cbf12d6afb3bc32f675428215043b7f6d"
},
{
"name": "SHA256",
"value": "FC0028CF0C52E3399D1D1890FB6581F6AC44595619CA358428ECF968A95A3D99"
}
],
"sha1": "9b293548d6426a195f56cafba7de68202c548837",
"inserted_on": "2019-09-27 00:00:15"
}
],
"next_page": "15695424159d492e84cb4eae1934793fcf2c77e53a61c13389",
"request": {
"limit": 3,
"response_format": "json"
}
}
}

Example 2

Retrieving information starting from UTC time 27.09.2019. 00:00:00 with next page SHA1 15695424159d492e84cb4eae1934793fcf2c77e53a61c13389 listing three feed records, in JSON format.

Request

GET /api/feed/certificate/v1/query/from/utc/2019-09-27T00:00:00/page/15695424159d492e84cb4eae1934793fcf2c77e53a61c13389?format=json&limit=3

Response

{
"rl": {
"certificate_feed": [
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "988eb04c9b0bbef5ed76054cc91b6a59"
},
{
"name": "SHA1",
"value": "c82273a065ec470fb1ebde846a91e6ffb29e9c12"
},
{
"name": "SHA256",
"value": "FFE713A0436DE7A5A6096F4B545DFC2339F2A0752E959C73EA078807405F53D6"
}
],
"sha1": "9d492e84cb4eae1934793fcf2c77e53a61c13389",
"inserted_on": "2019-09-27 00:00:15"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "4298e7e94db45ba5845048beea7b46b5"
},
{
"name": "SHA1",
"value": "5f0ea4b93e4a403cf923937f0faa88ab6b3dffce"
},
{
"name": "SHA256",
"value": "ADCB6EBA078AFC94FBBFC9E3627581C72FFB0AB8995AD47F18ACC04D65326192"
}
],
"sha1": "2ff2e55562e675bb5871e95dc0e136a3fccc0557",
"inserted_on": "2019-09-27 00:00:18"
},
{
"certificate_thumbprints": [
{
"name": "MD5",
"value": "62fecb587eb46113c2afbbaadd422575"
},
{
"name": "SHA1",
"value": "e9129f8eddc58d377003a3a11cb2688440330179"
},
{
"name": "SHA256",
"value": "6F8E2A0358D3C3663C0DF69F5E5858906CE68CBFBAC6F01E2BF463BC350F7614"
}
],
"sha1": "318d5aedf2fab9127170e2da6d3d4fc4b8f91d6c",
"inserted_on": "2019-09-27 00:00:18"
}
],
"next_page": "15695424185ad2fdd090d922caf6c3869675b62ce0e2c47e28",
"request": {
"limit": 3,
"page": "15695424159d492e84cb4eae1934793fcf2c77e53a61c13389",
"response_format": "json"
}
}
}

Example 3

Retrieving information starting from timestamp 1569542400, listing just one feed record, in JSON format, with an extended data set.

Request

GET /api/feed/certificate/v1/query/from/timestamp/1674734311?format=json&limit=1&extended=true

Response

{
"rl": {
"certificate_feed": [
{
"container_sha1": "797ddbf06404d87afd3b5280d8901b02308ead20",
"signatures": {
"counter_signatures": [
{
"counter_signatures": null,
"certificate": {
"valid_from": "2022-09-21T00:00:00Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2033-11-21T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "True",
"name": "X509v3 Extended Key Usage",
"value": "Time Stamping"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.4.2\nPolicy: 2.16.840.1.114412.7.1\n"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:BA:16:D9:6D:4D:85:2F:73:29:76:9A:2F:75:8C:6A:20:8F:9E:C8:6F\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "62:8A:DE:D0:61:FC:8F:31:14:ED:97:0B:CD:3D:2A:94:14:DF:52:9C"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt\n"
}
],
"signature": "55AA2A1AF346F378573730FC75E34FD68523F1FCF995399B25E6F7728A98C377D464FC15FB36C249512C7888635509463900FC69D4CA9B29FBA33FC0C9009B131DB09889DC78F2CD7C85CD539DAF62E26166A3142A45874A98422B50FC1BB59E083009FAE42DD7098979F909E688CE7D1BB86AA29BC1536009E8A3B89DD7AD1F1CB8EC9841F0F60E80FBE4FFDF9D10A7EB00BA5F4A8F1A3A52B4EABF0949153536599A0F54D2B21B7F7E5E09AD76548A746DCAD205672B76EBFF98B226953819884414E50A59A26BE7223E4421D23F1CC09BED7C48B2D8920C914F3C6694AF5D0253EB9EE29EE4D31F8601649C00C2E95A74750D3DE17988BF1C0197C9192380D7365A5F9616B1630CC646403BCE5D35D4593E439A18AEC3C9CBC3FB9B135F6AB5C7E0F305C359DF27622BDE41C953B9FF341067F62632987BFE5C42948194829DAC0A8BC64B154AD3989045603380E023DEF803A4F64547E5CEB8034247E841367177ADFDA2E897744E2EDA1E1D8C5AC81E9AD5C2F0C622A84F9BBDD81C9A51C42F9AF65FA72797BA962E8557C060E778567F6AEFC2959A4B1102C8829CC91A057CBA71B54E7A996CF4E89ED45A98C89FBF8DBB185C43F5D02AE8E262EE7804DBBDD1FB5B0AA8707EF0978478E308035D472C63A825389701D23F3ADAE5E5F6E69BDC7E2CCCFF174C4D00A2D8D6010EB88BEEE6E07255892C271961F677018C",
"common_name": "DigiCert Timestamp 2022 - 2",
"serial_number": "0C4D69724B94FA3C2A4A3D2907803D5A",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "c1b349871880f9359e1e241630313de9"
},
{
"name": "SHA1",
"value": "f387224d8633829235a994bcbd8f96e9fe1c7c73"
},
{
"name": "SHA256",
"value": "C7F4E1BE32288920ABE2263ABE1AC4FC4FE6781C2D64D04C807557A023B5B6FA"
}
],
"issuer": {
"valid_from": "2022-03-23T00:00:00Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2037-03-22T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "BA:16:D9:6D:4D:85:2F:73:29:76:9A:2F:75:8C:6A:20:8F:9E:C8:6F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Time Stamping"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedRootG4.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedRootG4.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.4.2\nPolicy: 2.16.840.1.114412.7.1\n"
}
],
"signature": "7D598EC093B66F98A94422017E66D6D82142E1B0182E104D13CF3053CEBF18FBC7505DE24B29FB708A0DAA2969FC69C1CF1D07E93E60C8D80BE55C5BD76D87FA842025343167CDB612966FC4504C621D0C0882A816BDA956CF15738D012225CE95693F4777FB727414D7FFAB4F8A2C7AAB85CD435FED60B6AA4F91669E2C9EE08AACE5FD8CBC6426876C92BD9D7CD0700A7CEFA8BC754FBA5AF7A910B25DE9FF285489F0D58A717665DACCF072A323FAC0278244AE99271BAB241E26C1B7DE2AEBF69EB1799981A35686AB0A45C9DFC48DA0E798FBFBA69D72AFC4C7C1C16A71D9C6138009C4B69FCD878724BB4FA349B9776691F1729CE94B0252A7377E9353AC3B1D08490F94CD397ADDFF256399272C3D3F6BA7F166C341CD4FB6409B212140D0B71324CDDC1D783AE49EADE5347192D7266BE43873ABA6014FBD3F3B78AD4CADFBC4957BED0A5F33398741787A38E99CE1DD23FD1D28D3C7F9E8F1985FFB2BD87EF2469D752C1E272C26DB6F157B1E198B36B893D4E6F2179959CA70F037BF9800DF20164F27FB606716A166BADD55C03A2986B098A02BED9541B73AD5159831B462090F0ABD81D913FEBFA4D1F357D9BC04FA82DE32DF0489F000CD5DC2F9D0237F000BE4760226D9F0657642A6298709472BE67F1AA4850FFC9896F655542B1F80FAC0F20E2BE5D6FBA92F44154AE7130E1DDB37381AA12BF6EDD67CFC",
"common_name": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
"serial_number": "073637B724547CD847ACFD28662A5E5B",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "9e3e4fa44117441dba73c28e983fc05f"
},
{
"name": "SHA1",
"value": "b6c8af834d4e53b673c76872aa8c950c7c54df5f"
},
{
"name": "SHA256",
"value": "281734D4592D1291D27190709CB510B07E22C405D5E0D6119B70E73589F98ACF"
}
],
"issuer": {
"valid_from": "2013-08-01T12:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2038-01-15T12:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
}
],
"signature": "BB61D97DA96CBE17C4911BC3A1A2008DE364680F56CF77AE70F9FD9A4A99B9C9785C0C0C5FE4E61429560B36495D4463E0AD9C9618661B230D3D79E96D6BD654F8D23CC14340AE1D50F552FC903BBB9899696BC7C1A7A868A427DC9DF927AE3085B9F6674D3A3E8F5939225344EBC85D03CAED507A7D62210A80C87366D1A005605FE8A5B4A7AFA8F76D359C7C5A8AD6A23899F3788BF44DD2200BDE04EE8C9B4781720DC01432EF30592EAEE071F256E46A976F92506D968D687A9AB236147A06F224B9091150D708B1B8897A8423614229E5A3CDA22041D7D19C64D9EA26A18B14D74C19B25041713D3F4D7023860C4ADC81D2CC3294840D0809971C4FC0EE6B207430D2E03934108521150108E85532DE7149D92817504DE6BE4DD175ACD0CAFB41B843A5AAD3C305444F2C369BE2FAE245B823536C066F67557F46B54C3F6E285A7926D2A4A86297D21EE2ED4A8BBC1BFD474A0DDF67667EB25B41D03BE4F43BF40463E9EFC2540051A08A2AC9CE78CCD5EA870418B3CEAF4988AFF39299B6B3E6610FD28500E7501AE41B959D19A1B99CB19BB1001EEFD00F4F426CC90ABCEE43FA3A71A5C84D26A535FD895DBC85621D32D2A02B54ED9A57C1DBFA10CF19B78B4A1B8F01B6279553E8B6896D5BBC68D423E88B51A256F9F0A680A0D61EB3BC0F0F537529AAEA1377E4DE8C8121AD07104711AD873D07D175BCCFF3667E",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "059B1B579E8E2132E23907BDA777755C",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "78f2fcaa601f2fb4ebc937ba532e7549"
},
{
"name": "SHA1",
"value": "ddfb16cd4931c973a2037d3fc83a4d7d775d05e4"
},
{
"name": "SHA256",
"value": "552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988"
}
],
"issuer": {
"valid_from": "2022-08-01T00:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2031-11-09T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: X509v3 Any Policy\n"
}
],
"signature": "70A0BF435C55E7385FA0A3741B3DB616D7F7BF5707BD9AACA1872CEC855EA91ABB22F8871A695422EDA488776DBD1A14F4134A7A2F2DB738EFF4FF80B9F8A1F7F272DE24BC5203C84ED02ADEFA2D56CFF9F4F7AC307A9A8BB25ED4CFD143449B4321EB9672A148B499CB9D4FA7060313772744D4E77FE859A8F0BF2F0BA6E9F2343CECF703C787A8D24C401935466A6954B0B8A1568EECA4D53DE8B1DCFD1CD8F4775A5C548C6FEFA1503DFC760968849F6FCADB208D35601C0203CB20B0AC58A00E4063C59822C1B259F5556BCF27AB6C76CE6F232DF47E716A236B22FF12B8542D277ED83AD9F0B68796FD5BD15CAC18C34D9F73B701A99F57AA5E28E2B994",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "0E9B188EF9D02DE7EFDB50E20840185A",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "8ddd0bc6d9d770eb6b2b671a862855cc"
},
{
"name": "SHA1",
"value": "a99d5b79e9f1cda59cdab6373169d5353f5874c6"
},
{
"name": "SHA256",
"value": "33846B545A49C9BE4903C60E01713C1BD4E4EF31EA65CD95D69E62794F30B941"
}
],
"issuer": "DigiCert Assured ID Root CA"
}
}
}
}
}
]
"certificate": {
"valid_from": "2022-04-29T00:00:00Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2024-05-01T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "58:E5:82:F0:BE:FD:83:68:8C:A4:4A:5E:AA:80:78:F7:FE:80:36:1B"
},
{
"is_critical": "False",
"name": "X509v3 Subject Alternative Name",
"value": "othername:<unsupported>"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl\n\nFull Name:\n URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.3\n CPS: http://www.digicert.com/CPS\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt\n"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
}
],
"signature": "1DB129B746C0E2F211D37F527B6B81B1553ABB96493CFCF6C9F68F7B1CC4F0C8E0E2FAFDC3AF766BCA16B5C64FF9325CCD8C2D0B1F55B7CD60C234D4F935CCBBEFFFADBB0999BE73C2A1F18419C7499C18199F0378DE5A04EBA61FAE9F00F0C64C7377E573CC4FCCD38B8CA1CB7ECC35F7971CFEA51E71E474E8E2EF8BBAD13CB3E69A079D04B5FFED4123BCA21ADD0723F9255052F01CBCCF065ADEA3EB8D572D32674EF270BB846421BA1B899D310131556C2E532E6B3862E80BC333F410FC127E109D98044E21AC63D5CBE7D8E7B02E89875892E09FBFD496592ED387DAFD41CCD9BB7E49125222D0024B1D10A584CFF59D03C806F08A2843CFD57CC9B8DDAC0DE1FA069EF38C7DDA4A98E3D56A9689F0DF2B1505AF8475F86A6A4D8393506AEAF105C8A01DC6518ED8BABB86D27B0828C788E61B097D78E9199FDA93F97B65641A57396444175A38103CA5B7EB4ECEF0CE52D1575D4C6DC45E62BE0AD28B759933D5475A356CB9903EB67454224CDDBE2A1CAA255E97B77DC00517DF49D13AE7D8368E030A420E3E9CB43BDDE9E9DCC4D2BAC6F27F8F27DDA37ABB48C7982F5B768C8A849A1F5F08DE000463F63D2A36210AF5B6706801FBBF49A385E3CA4C8369353482596926A3B6FFCC1487E821AC2684571C72ED9DF7A0FA713DF3D45FF9257722B500A4C6936FC2E5D9116CEB4116AD6DC268316888E6286EE92D3B",
"common_name": "Adobe Inc.",
"serial_number": "0C2896110788B129825FB1D1F6BAACA3",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "318362c1c531fb204e985e5b8fa561ef"
},
{
"name": "SHA1",
"value": "b428bb409b67d9a4f701735cf06536c0c8c0f8f6"
},
{
"name": "SHA256",
"value": "8CA6CFA8D13913048FEA73CAF4BAC4485C0005AAB2B87F461B6B5ED32F9A9270"
}
],
"issuer": {
"valid_from": "2021-04-29T00:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2036-04-28T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedRootG4.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertTrustedRootG4.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.3\nPolicy: 2.23.140.1.4.1\n"
}
],
"signature": "3A23443D8D0876EE8FBC3A99D356E0021AA5F84834F32CB6E67466F79472B100CAAF6C302713129E90449F4BFD9EA37C26D537BC3A5D486D95D53F49F427BB16814550FD9CBDB685E0767E3771CB22F75AAA90CFF5936AE3EB20D1D55079889A8A8AC1B6BDA148187EDCD8801A111918CD61998156F6C9E376E7C4E41B5F43F83E94FF76393D9ED499CF4ADD28EB5F26A1955848D51AFED7273FFD90D17686DD1CB0605CF30DA8EEE089A1BD39E1384EDA6EBB369DFBE521535AC3CAE96AF1A23EDB43B833C84F38149299F5DDCE546DD95D02141F40337C03E295B2C221757352CB46D8C4341CA2A54B8DCD6F76372C853F1ACE26E918BE9007B0437F9588208270F0CCCAEFFD29355C1F893855F7378A8B09A1CB0BE9311AFF2E195C3971E1BE9CA70A06D62667B792E64E5FDE7AAC49CF2EA47492ADDB3CA49C861FE3C1561B2B23FF8FB5EA887B706BE6A0BAFD3A3F45A6C4E81691528B41C048844B964DAB4440E38DF01528CEEDF11856072A2F10C40C08643C338FAE288C3CCB8F880B0DBF3BF4CE1E7B8EEFB5EBCBB7F07713E6E7283FAC12AEA52F226C41F9825C1566CC6C0ECAC586C3F626330C074BA0D307026A6A4030484B34A85120BBAD1B8508E2590D6DCA05502BEA4A1C9EA5FDA0A71F0674E7F2D65290FDAF854821F9573BB49C03ED8645F4B4616EBF68E2266086EAC8AFA9FE941DE7631B3A8656784E",
"common_name": "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
"serial_number": "08AD40B260D29C4C9F5ECDA9BD93AED9",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "d91299e84355cd8d5a86795a0118b6e9"
},
{
"name": "SHA1",
"value": "7b0f360b775f76c94a12ca48445aa2d2a875701c"
},
{
"name": "SHA256",
"value": "46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B"
}
],
"issuer": {
"valid_from": "2013-08-01T12:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2038-01-15T12:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
}
],
"signature": "BB61D97DA96CBE17C4911BC3A1A2008DE364680F56CF77AE70F9FD9A4A99B9C9785C0C0C5FE4E61429560B36495D4463E0AD9C9618661B230D3D79E96D6BD654F8D23CC14340AE1D50F552FC903BBB9899696BC7C1A7A868A427DC9DF927AE3085B9F6674D3A3E8F5939225344EBC85D03CAED507A7D62210A80C87366D1A005605FE8A5B4A7AFA8F76D359C7C5A8AD6A23899F3788BF44DD2200BDE04EE8C9B4781720DC01432EF30592EAEE071F256E46A976F92506D968D687A9AB236147A06F224B9091150D708B1B8897A8423614229E5A3CDA22041D7D19C64D9EA26A18B14D74C19B25041713D3F4D7023860C4ADC81D2CC3294840D0809971C4FC0EE6B207430D2E03934108521150108E85532DE7149D92817504DE6BE4DD175ACD0CAFB41B843A5AAD3C305444F2C369BE2FAE245B823536C066F67557F46B54C3F6E285A7926D2A4A86297D21EE2ED4A8BBC1BFD474A0DDF67667EB25B41D03BE4F43BF40463E9EFC2540051A08A2AC9CE78CCD5EA870418B3CEAF4988AFF39299B6B3E6610FD28500E7501AE41B959D19A1B99CB19BB1001EEFD00F4F426CC90ABCEE43FA3A71A5C84D26A535FD895DBC85621D32D2A02B54ED9A57C1DBFA10CF19B78B4A1B8F01B6279553E8B6896D5BBC68D423E88B51A256F9F0A680A0D61EB3BC0F0F537529AAEA1377E4DE8C8121AD07104711AD873D07D175BCCFF3667E",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "059B1B579E8E2132E23907BDA777755C",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "78f2fcaa601f2fb4ebc937ba532e7549"
},
{
"name": "SHA1",
"value": "ddfb16cd4931c973a2037d3fc83a4d7d775d05e4"
},
{
"name": "SHA256",
"value": "552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988"
}
],
"issuer": {
"valid_from": "2022-06-09T00:00:00Z",
"signature_algorithm": "sha384WithRSAEncryption",
"valid_to": "2031-11-09T23:59:59Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Time Stamping"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.digicert.com\nCA Issuers - URI:http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 2.23.140.1.4.2\nPolicy: 2.16.840.1.114412.7.1\n"
}
],
"signature": "9A1602A501EF81FB0DB458B278ADA82319D97337DA609E51D7CBF82F40B9A31F7C404E333E903CE789017585E8627B1D56E071BADE5EC637BC795C62004DF8497A514D0632F3C5D2002A2720EA892E1539E02C3EF8757C2C824161350F23D0ED3595D288952943CBE0A658107C538E9F45C9203714C0ED19BA7E7739D25496C7A611DF3433F67552424B1C9D8D96D5956C471214245F2641FA1A46BDDEB0E5914703AC1808CBCBDB66897F2B9C65BFBE374EBE2DF39D4AC3CCCC475EC89595ADD1CBBB2A0620F93F72EA36EB4572927A297B14033CFB4DD648717A10118A0874CD6C1B045CD28A950376515053D62EF74A46C3AE102C714CB087B62737446044",
"common_name": "DigiCert Trusted Root G4",
"serial_number": "01240AFB1E380B8A16F14B719DF4D3C0",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "3291a2f1ac361c6bd3135018680eef08"
},
{
"name": "SHA1",
"value": "18c57901aa5ec47719c39400e1239a7ef12e9270"
},
{
"name": "SHA256",
"value": "4C913D04FB495DC36119552D6068F7B9891EFE40344E9E5C1E9132F65BAEFF7F"
}
],
"issuer": {
"valid_from": "2006-11-10T00:00:00Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2031-11-10T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
}
],
"signature": "A20EBCDFE2EDF0E372737A6494BFF77266D832E4427562AE87EBF2D5D9DE56B39FCCCE1428B90D97605C124C58E4D33D834945589735691AA847EA56C679AB12D8678184DF7F093C94E6B8262C20BD3DB32889F75FFF22E297841FE965EF87E0DFC16749B35DEBB2092AEB26ED78BE7D3F2BF3B726356D5F8901B6495B9F01059BAB3D25C1CCB67FC2F16F86C6FA6468EB812D94EB42B7FA8C1EDD62F1BE5067B76CBDF3F11F6B0C3607167F377CA95B6D7AF112466083D72704BE4BCE97BEC3672A6811DF80E70C3366BF130D146EF37F1F63101EFA8D1B256D6C8FA5B76101B1D2A326A110719DADE2C3F9C39951B72B0708CE2EE650B2A7FA0A452FA2F0F2",
"common_name": "DigiCert Assured ID Root CA",
"serial_number": "0CE7E0E517D846FE8FE560FC1BF03039",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "87ce0b7b2a0e4900e158719b37a89372"
},
{
"name": "SHA1",
"value": "0563b8630d62d75abbc8ab1e4bdfb5a899b24d43"
},
{
"name": "SHA256",
"value": "3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C"
}
],
"issuer": {
"valid_from": "2006-11-10T00:00:00Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2031-11-10T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature, Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F\n"
}
],
"signature": "A20EBCDFE2EDF0E372737A6494BFF77266D832E4427562AE87EBF2D5D9DE56B39FCCCE1428B90D97605C124C58E4D33D834945589735691AA847EA56C679AB12D8678184DF7F093C94E6B8262C20BD3DB32889F75FFF22E297841FE965EF87E0DFC16749B35DEBB2092AEB26ED78BE7D3F2BF3B726356D5F8901B6495B9F01059BAB3D25C1CCB67FC2F16F86C6FA6468EB812D94EB42B7FA8C1EDD62F1BE5067B76CBDF3F11F6B0C3607167F377CA95B6D7AF112466083D72704BE4BCE97BEC3672A6811DF80E70C3366BF130D146EF37F1F63101EFA8D1B256D6C8FA5B76101B1D2A326A110719DADE2C3F9C39951B72B0708CE2EE650B2A7FA0A452FA2F0F2",
"common_name": "DigiCert Assured ID Root CA",
"serial_number": "0CE7E0E517D846FE8FE560FC1BF03039",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "87ce0b7b2a0e4900e158719b37a89372"
},
{
"name": "SHA1",
"value": "0563b8630d62d75abbc8ab1e4bdfb5a899b24d43"
},
{
"name": "SHA256",
"value": "3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C"
}
],
"issuer": "DigiCert Assured ID Root CA"
}
}
}
}
}
}
},
"classification": "KNOWN",
"certificate_status": "undefined",
"sample_available": "False",
"first_seen": "2023-01-26 11:38:10",
"threat_level": "0",
"trust_factor": "5",
"sample_type": "PE/Exe/UPX",
"inserted_on": "2023-01-26 11:58:32",
"sha256": "a3cca01bc2b3dd37ead4879d60a5dde3fb70f41daa45bde3aef9a68ee60ded74",
"pe_sha256": "18854c7bcef20608507dc85a8bdce9fba6c29c6dcca4da1533925a7849fb0a9d",
"certificate_first_seen": "2022-06-22 08:00:40",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "318362c1c531fb204e985e5b8fa561ef"
},
{
"name": "SHA1",
"value": "b428bb409b67d9a4f701735cf06536c0c8c0f8f6"
},
{
"name": "SHA256",
"value": "8CA6CFA8D13913048FEA73CAF4BAC4485C0005AAB2B87F461B6B5ED32F9A9270"
}
],
"md5": "aafff0742bb0b7bbc54163b512347554",
"sha1": "797ddbf06404d87afd3b5280d8901b02308ead20",
"pe_sha1": "ad4dcd1fbc10a6f8b192c1c958dcc44926fb1e9f",
"sample_size": "2860856",
"last_seen": "2023-01-26 11:58:27"
}
],
"next_page": "167473431280124d78601aa15e3ab5bf324ea41f84c8cab689",
"request": {
"limit": 1,
"response_format": "json"
}
}