Closed Bug 1853719 Opened 15 days ago Closed 4 days ago

Once Revoked Let's Encrypt Certificate Actively Signing Malware

Categories

(CA Program :: CA Security Vulnerability, task)

Product:
CA Program
Component:
CA Security Vulnerability
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: lneubecker1972, Assigned: bwilson, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81

Steps to reproduce:

This old Let's Encrypt CA is actively signing malware.
File distributed by Rebellion
Reanalyze
96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
ISRG Root X1.cer
cabd2a79a1076a31f21d253635cb039d4329a5e8

Also, another version of this Certificate needs to be distrusted as well.
https://www.virustotal.com/gui/file/22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1/relations
It too is being dropped with malware.
0
/ 59
Community Score
File distributed by Linux and AVAST Software a.s.
Reanalyze
22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1
ISRG_Root_X1.pem-22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1
Size
1.89 KB
Last Analysis Date
19 days ago
pem
known-distributor
legit
via-tor
DETECTION
DETAILS
RELATIONS
COMMUNITY
1
Basic properties
MD5
118ecd744d864b32ffdb48b2e29f1d7f
SHA-1
4de9627fe9ace4acce27eaa1a0837cd3db55704b
SHA-256
22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1
SSDEEP
48:Lrcq1tTs2Ik6QqGecLD9FqfulrBIXHqO1UjwfL3DIE:Lrcq1ewpq3EZFXrBaRXIE
TLSH
T1BF410868CEA32A39B5E1C5E9E3DAAA41094C026DE5C3FA910E603859A8632F879401CD
File type
PEM related
certificate
pem
Magic
PEM certificate
TrID
file seems to be plain text/ASCII (0%)
File size
1.89 KB (1939 bytes)
History
First Seen In The Wild
2019-01-29 13:27:19 UTC
First Submission
2018-03-22 14:16:05 UTC
Last Submission
2023-09-03 09:17:15 UTC
Last Analysis
2023-08-29 17:41:11 UTC
Names
isrgrootx1.crt
cabd2a79a1076a31f21d253635cb039d4329a5e8.pem
isrgrootx1.pem
DST Root CA X3.crt
isrgrootx1.pem.txt
isrg_root_x1_ca.cer
cabd2a79a1076a31f21d253635cb039d4329a5e8.cer
isrgrootx1.pem_271670234
I4mA1niP.exe
CaCert.pem
9314791.crt
DST_Root_CA_X3.crt
ISGR ROOT X1.cer
ISRG2.pem
ISRG_Root_X1.crt
4042bcee.0
isgr.mobileconfig
r2.crt
ISRG_Root_X1.pem
ISRG_Root_X1.cer
ISRG_Root_X1.crt.src
96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6.crt
File distributed by Linux and AVAST Software a.s.

Actual results:

https://www.virustotal.com/gui/file/96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6/community
VT graph https://www.virustotal.com/graph/g05288acc02164c94ac26800a488dfd335173e08d873349f7a724ddaf25fdb93e
https://github.com/dontsovcmc/waterius/issues/165 This Russian code relies upon old certificates from Digicert and Let's Encrypt to write a custom kernel to the DSP chips. It uses Mosquito / MQTT to send information via mesh networks to Moscow.
OCSP The CA No OCSP URL available n/a n/a 2023-09-18 15:57:59 UTC

Expected results:

This certificate should not have been added back to the public trust.
https://crt.sh/?SHA256=96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
Rejected Rejected Let's Encrypt https://oak.ct.letsencrypt.org/2022
This certificate was rejected in 2022 going back to 2017.
https://ct.googleapis.com/logs/argon2017

Version: 3 (0x2)
Serial Number:
82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: (CA ID: 7394)
commonName = ISRG Root X1
organizationName = Internet Security Research Group
countryName = US
Validity
Not Before: Jun 4 11:04:38 2015 GMT
Not After : Jun 4 11:04:38 2035 GMT
Subject: (CA ID: 7394)
commonName = ISRG Root X1
organizationName = Internet Security Research Group
countryName = US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ad:e8:24:73:f4:14:37:f3:9b:9e:2b:57:28:1c:
87:be:dc:b7:df:38:90:8c:6e:3c:e6:57:a0:78:f7:
75:c2:a2:fe:f5:6a:6e:f6:00:4f:28:db:de:68:86:
6c:44:93:b6:b1:63:fd:14:12:6b:bf:1f:d2:ea:31:
9b:21:7e:d1:33:3c:ba:48:f5:dd:79:df:b3:b8:ff:
12:f1:21:9a:4b:c1:8a:86:71:69:4a:66:66:6c:8f:
7e:3c:70:bf:ad:29:22:06:f3:e4:c0:e6:80:ae:e2:
4b:8f:b7:99:7e:94:03:9f:d3:47:97:7c:99:48:23:
53:e8:38:ae:4f:0a:6f:83:2e:d1:49:57:8c:80:74:
b6:da:2f:d0:38:8d:7b:03:70:21:1b:75:f2:30:3c:
fa:8f:ae:dd:da:63:ab:eb:16:4f:c2:8e:11:4b:7e:
cf:0b:e8:ff:b5:77:2e:f4:b2:7b:4a:e0:4c:12:25:
0c:70:8d:03:29:a0:e1:53:24:ec:13:d9:ee:19:bf:
10:b3:4a:8c:3f:89:a3:61:51:de:ac:87:07:94:f4:
63:71:ec:2e:e2:6f:5b:98:81:e1:89:5c:34:79:6c:
76:ef:3b:90:62:79:e6:db:a4:9a:2f:26:c5:d0:10:
e1:0e:de:d9:10:8e:16:fb:b7:f7:a8:f7:c7:e5:02:
07:98:8f:36:08:95:e7:e2:37:96:0d:36:75:9e:fb:
0e:72:b1:1d:9b:bc:03:f9:49:05:d8:81:dd:05:b4:
2a:d6:41:e9:ac:01:76:95:0a:0f:d8:df:d5:bd:12:
1f:35:2f:28:17:6c:d2:98:c1:a8:09:64:77:6e:47:
37:ba:ce:ac:59:5e:68:9d:7f:72:d6:89:c5:06:41:
29:3e:59:3e:dd:26:f5:24:c9:11:a7:5a:a3:4c:40:
1f:46:a1:99:b5:a7:3a:51:6e:86:3b:9e:7d:72:a7:
12:05:78:59:ed:3e:51:78:15:0b:03:8f:8d:d0:2f:
05:b2:3e:7b:4a:1c:4b:73:05:12:fc:c6:ea:e0:50:
13:7c:43:93:74:b3:ca:74:e7:8e:1f:01:08:d0:30:
d4:5b:71:36:b4:07:ba:c1:30:30:5c:48:b7:82:3b:
98:a6:7d:60:8a:a2:a3:29:82:cc:ba:bd:83:04:1b:
a2:83:03:41:a1:d6:05:f1:1b:c2:b6:f0:a8:7c:86:
3b:46:a8:48:2a:88:dc:76:9a:76:bf:1f:6a:a5:3d:
19:8f:eb:38:f3:64:de:c8:2b:0d:0a:28:ff:f7:db:
e2:15:42:d4:22:d0:27:5d:e1:79:fe:18:e7:70:88:
ad:4e:e6:d9:8b:3a:c6:dd:27:51:6e:ff:bc:64:f5:
33:43:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
Signature Algorithm: sha256WithRSAEncryption
55:1f:58:a9:bc:b2:a8:50:d0:0c:b1:d8:1a:69:20:27:29:08:
ac:61:75:5c:8a:6e:f8:82:e5:69:2f:d5:f6:56:4b:b9:b8:73:
10:59:d3:21:97:7e:e7:4c:71:fb:b2:d2:60:ad:39:a8:0b:ea:
17:21:56:85:f1:50:0e:59:eb:ce:e0:59:e9:ba:c9:15:ef:86:
9d:8f:84:80:f6:e4:e9:91:90:dc:17:9b:62:1b:45:f0:66:95:
d2:7c:6f:c2:ea:3b:ef:1f:cf:cb:d6:ae:27:f1:a9:b0:c8:ae:
fd:7d:7e:9a:fa:22:04:eb:ff:d9:7f:ea:91:2b:22:b1:17:0e:
8f:f2:8a:34:5b:58:d8:fc:01:c9:54:b9:b8:26:cc:8a:88:33:
89:4c:2d:84:3c:82:df:ee:96:57:05:ba:2c:bb:f7:c4:b7:c7:
4e:3b:82:be:31:c8:22:73:73:92:d1:c2:80:a4:39:39:10:33:
23:82:4c:3c:9f:86:b2:55:98:1d:be:29:86:8c:22:9b:9e:e2:
6b:3b:57:3a:82:70:4d:dc:09:c7:89:cb:0a:07:4d:6c:e8:5d:
8e:c9:ef:ce:ab:c7:bb:b5:2b:4e:45:d6:4a:d0:26:cc:e5:72:
ca:08:6a:a5:95:e3:15:a1:f7:a4:ed:c9:2c:5f:a5:fb:ff:ac:
28:02:2e:be:d7:7b:bb:e3:71:7b:90:16:d3:07:5e:46:53:7c:
37:07:42:8c:d3:c4:96:9c:d5:99:b5:2a:e0:95:1a:80:48:ae:
4c:39:07:ce:cc:47:a4:52:95:2b:ba:b8:fb:ad:d2:33:53:7d:
e5:1d:4d:6d:d5:a1:b1:c7:42:6f:e6:40:27:35:5c:a3:28:b7:
07:8d:e7:8d:33:90:e7:23:9f:fb:50:9c:79:6c:46:d5:b4:15:
b3:96:6e:7e:9b:0c:96:3a:b8:52:2d:3f:d6:5b:e1:fb:08:c2:
84:fe:24:a8:a3:89:da:ac:6a:e1:18:2a:b1:a8:43:61:5b:d3:
1f:dc:3b:8d:76:f2:2d:e8:8d:75:df:17:33:6c:3d:53:fb:7b:
cb:41:5f:ff:dc:a2:d0:61:38:e1:96:b8:ac:5d:8b:37:d7:75:
d5:33:c0:99:11:ae:9d:41:c1:72:75:84:be:02:41:42:5f:67:
24:48:94:d1:9b:27:be:07:3f:b9:b8:4f:81:74:51:e1:7a:b7:
ed:9d:23:e2:be:e0:d5:28:04:13:3c:31:03:9e:dd:7a:6c:8f:
c6:07:18:c6:7f:de:47:8e:3f:28:9e:04:06:cf:a5:54:34:77:
bd:ec:89:9b:e9:17:43:df:5b:db:5f:fe:8e:1e:57:a2:cd:40:
9d:7e:62:22:da:de:18:27

https://github.com/robstradling/authroot.stl/blame/master/authroot.tsv was added 2 years ago

Line 270 CABD2A79A1076A31F21D253635CB039D4329A5E8 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 73B6876195F5D18E048510422AEF04E3 79B459E67BB6E5E40173800888C81A58F6E99B6E ISRG Root X1 CN=ISRG Root X1 4096 2015-06-04 11:04:38 2035-06-04 11:04:38 Client Authentication, Server Authentication
2 years ago Produced at 2021-09-10 16:09:29;

Also, the certificate 69729B8E15A86EFC177A57AFB7171DFC64ADD28C2FCA8CF1507E34453CCB1470 added as an alternate version.

Dear Lee,
Can you provide more evidence that there has been a private key compromise or misuse? It appears from what has been included in this bug so far is that one or more public certificates may have been bundled with malware. That is insufficient reason to open a bug because anyone can copy and misuse a public certificate. In other words, we're primarily concerned with how the private key is handled and used--not the public key and corresponding certificate. Once we understand this situation better, then we can take appropriate action, but for now, the allegation "Let's Encrypt CA is actively signing malware" is unsubstantiated.
Thanks,
Ben

Assignee: nobody → bwilson
Status: UNCONFIRMED → NEW
Type: defect → task
Component: CA Certificate Root Program → CA Security Vulnerability
Ever confirmed: true
Flags: needinfo?(lneubecker1972)
Status: NEW → ASSIGNED

I intend to close this on Wed. 27-Sept-2023 as Invalid.

Flags: needinfo?(bwilson)
Status: ASSIGNED → RESOLVED
Closed: 4 days ago
Flags: needinfo?(bwilson)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.