WoSign was also caught red-handed backdating certificates to avoid the SHA1 deprecation.

So you can't trust that information either. As mentioned in a different thread, whitelisting certificates extracted from CT logs is the only really viable choice here.