SlideShare a Scribd company logo

Log Stealers - Shopping time for Threat Actors!

Speck&Tech
Speck&Tech

ABSTRACT: Log stealers are a type of malware that steals user credentials from a compromised computer. Criminals deliver stealers through a cracked version of software, causing the user to install them without even realizing it. They can recover usernames and passwords saved in browsers, as well as personal data, cookies, and system information. Logs stolen in this way are then offered for sale in various deep and dark web marketplaces. With our OSINT and CTI platform SATAYO, we monitor any evidence related to our customers to protect and safeguard their business perimeter. BIO #1: I am Mirko, a Technical Consultant at Würth Phoenix. I work in the Cyber Security Team together with Francesco, but we usually handle different things. I'm mainly part of the Blue Team where I develop procedures, documentation, and features for our SOC. I also analyze multiple interesting pieces of evidence and have a lot of fun :) BIO #2: I'm Francesco and I'm currently working as a technical consultant at Würth Phoenix with Mirko. Here I mainly develop the Cyber Threat Intelligence platform SATAYO, my "little child" - even if it's not so little anymore - but I also analyze the evidence found and help the customers understand and mitigate them.

Technology
1 of 35
Download to read offline
Log Stealers Shopping time for Threat Actors! Mirko Ioris & Francesco Pavanello - Cyber Security Technical Consultants
What is a log stealer malware? Log (or information) stealer malware is a type of Trojan that gathers sensitive data from the compromised system and sends it to the attacker. Typical targets are login credentials, credit card information, crypto wallets and browser information (cookies, history, autofill). https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem
Log stealer malware infection chain § YouTube video on stolen account § Websites masquerading as blogs to deliver password-protected archives § Software installation pages to deliver password- protected archives § Phishing emails § Google ADS https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem
Log Stealers
Redline § Available from: February 2020 (on WWH Club and BHF forum) § Owners: Glade aka REDGlade § Telegram channel: https://t.me/REDLINESELLER | https://t.me/redlinesupport_new § Nationality: Russian § Other info: More than 2 Million records on Russian Market § Service cost: from 100$ to 200$ per month
Redline https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904 Redline communication with the C2 server for retrieving configuration and send the stolen data. Other stealers use similar methodologies.
§ Available from: 20/05/2019, version 2.0 from 15/09/2022 (on XSS forum) § Owners: @raccoonstealer on XSS forum § Other info: More than 1 Million records on Russian Market § Nationality: Ukrainian § Service cost: 200$ / month § Telegram channel: https://t.me/miaranimator | https://t.me/gr33nl1ght Raccoon
§ At least 50 million unique credentials stolen worldwide § FBI disclosure site on https://raccoon.ic3.gov/home Raccoon
Marketplaces
Telegram markets § Independent sellers § Go here https://github.com/fastfire/deepdarkCTI/blob/main/telegram.md and search for 'logs'
2Easy Market § More than 850.000 records § Paid access § Catalogue: logs only § Log name format: prefix+unique numbers chars (i.e. 2easy_logs_651587.zip) § Deposit available in: Bitcoin BTC, Bitcoincash BCH, Dash DASH, Dogecoin DOGE, Ethereum ETH, Ethereumclassic ETC, Litecoin LTC, Monero XMR, Zcash § Can search for: Seller, Date, Country, Word Available metadata: Links, Seller, Country, Installed Date, Price USD, Seller Rating § Online Support + Telegram chat for updates
Genesis Market § More than 460.000 records § Invitation access § Catalogue: logs only § Deposit available in: Bitcoin BTC, Litecoin LTC, Monero XMR, Dashs § Offers tools like Genesis Security Plugin & Genesium Browser § Log name format: 32 hexadecimal chars (i.e. 7B034E8C77F92627192802CCCE2AB3DD.zip) § Can search for: Bot Name, Name, Domain, IP, Country, OS, Price § Available metadata: Links, Country, # of Resources, # of Browsers, Installed Date, Updated Date, IP (first 2 triplets), OS, Price USD § Online Support `
Russian Market § More than 7.000.000 records § Paid access § Catalogue: logs, RDP access, PayPal accounts, credit cards § Log name format: prefix+unique numbers chars (i.e. LOGID- 5260493.zip) § Deposit available in: Bitcoin BTC, Ethereum ETH, Litecoin LTC § Can search for: stealer, state, ISP, System, City, Outlook, Country, Zip, Links § Available metadata: Links, Stealer, Country, Structure, Installed Date, Size, Vendor, Price USD, Online Support
Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
Market Scraper
Market scraper § A research should be done in OPSEC mode § Online § Keywords based the real domains: wuerth-phoenix.com à rth-ph § A lot of garbage § Offline § Real domains § Evidence of interest § Useful Python libraries and API § Selenium § Pyppeteer & Beautifulsoup § Requests & Beautifulsoup § Undetectedchromedriver § 2Captcha API (charged)
Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution
Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution
Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution § Research using keywords
Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution § Research using keywords § Export of results in JSON format
Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution § Research using keywords § Export of results in JSON format § Offline § Filtering results § Saving evidence on the database
SATAYO integration
SATAYO integration We have developed scrapers able to monitor the 3 major marketplaces (Russian, 2Easy, Genesis).
Evidence Analysis § Compromised system information § Identity of the victim § Credentials found within the log § Optional login test § Mitigation and suggestions
Fun Facts
Traffers analysis Open Shodan and search using this dork: http.html:"stealer"
Traffers analysis Open Shodan and search using this dork: http.html:"stealer"
2easy analysis Open Shodan and search using this dork: http.html:“2easy.shop"
2easy analysis Open Shodan and search using this dork: http.html:“2easy.shop"
Contact information § Mirko Ioris § - mirko.ioris@wuerth-phoenix.com § - linkedin.com/in/mirkoioris18 § - @Mikkos § Francesco Pavanello § - francesco.pavanello@wuerth-phoenix.com § - linkedin.com/in/francescopavanello § - @frapava98
Thank you Grazie Danke #WEINNOVATE

Recommended

Secure software development presentation
Secure software development presentationSecure software development presentation
Secure software development presentationMahdi Dolati
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 

Recommended

Secure software development presentation
Secure software development presentationSecure software development presentation
Secure software development presentationMahdi Dolati
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxInfosec
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE - ATT&CKcon
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseDon Murdoch GSE CyberGuardian CISSP
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentInfocyte
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
NPTs
NPTsNPTs
NPTsBrandon Levene
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At ScaleMayank Dhiman
 

More Related Content

What's hot

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxInfosec
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE - ATT&CKcon
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentInfocyte
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 

What's hot (20)

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptx
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAse
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Software security
Software securitySoftware security
Software security
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise Assessment
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 

Similar to Log Stealers - Shopping time for Threat Actors!

Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At ScaleMayank Dhiman
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
 
Intrigue Core: Scaling Assessment Automation
Intrigue Core: Scaling Assessment AutomationIntrigue Core: Scaling Assessment Automation
Intrigue Core: Scaling Assessment AutomationJonathan Cran
 
From russia final_bluehat10
From russia final_bluehat10From russia final_bluehat10
From russia final_bluehat10F _
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringChris Gates
 
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...Peter Kálnai
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"Jishnu Pradeep
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Hacken_Ecosystem
 
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL ClassifierAutomating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL ClassifierRoberto Sponchioni
 
Hitbkl 2012
Hitbkl 2012Hitbkl 2012
Hitbkl 2012F _
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
Metadata in the Blockchain: The OP_RETURN Explosion
Metadata in the Blockchain: The OP_RETURN ExplosionMetadata in the Blockchain: The OP_RETURN Explosion
Metadata in the Blockchain: The OP_RETURN ExplosionCoin Sciences Ltd
 
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case StudiesRSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case StudiesWayne Huang
 

Similar to Log Stealers - Shopping time for Threat Actors! (20)

NPTs
NPTsNPTs
NPTs
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At Scale
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
 
2023-May.pptx
2023-May.pptx2023-May.pptx
2023-May.pptx
 
Intrigue Core: Scaling Assessment Automation
Intrigue Core: Scaling Assessment AutomationIntrigue Core: Scaling Assessment Automation
Intrigue Core: Scaling Assessment Automation
 
From russia final_bluehat10
From russia final_bluehat10From russia final_bluehat10
From russia final_bluehat10
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Rapport ICO Rating
Rapport ICO RatingRapport ICO Rating
Rapport ICO Rating
 
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
 
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL ClassifierAutomating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
 
Hitbkl 2012
Hitbkl 2012Hitbkl 2012
Hitbkl 2012
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
Metadata in the Blockchain: The OP_RETURN Explosion
Metadata in the Blockchain: The OP_RETURN ExplosionMetadata in the Blockchain: The OP_RETURN Explosion
Metadata in the Blockchain: The OP_RETURN Explosion
 
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case StudiesRSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
 

More from Speck&Tech

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresSpeck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Speck&Tech
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaSpeck&Tech
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesSpeck&Tech
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designSpeck&Tech
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerSpeck&Tech
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsSpeck&Tech
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Speck&Tech
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Speck&Tech
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with careSpeck&Tech
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsSpeck&Tech
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computersSpeck&Tech
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computersSpeck&Tech
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsSpeck&Tech
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologySpeck&Tech
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating WoodSpeck&Tech
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXSpeck&Tech
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceSpeck&Tech
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right routeSpeck&Tech
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Speck&Tech
 

More from Speck&Tech (20)

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scala
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web Services
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information design
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as power
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomics
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with care
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language Models
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computers
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computers
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUs
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technology
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating Wood
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIX
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for science
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right route
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Log Stealers - Shopping time for Threat Actors!

  • 1. Log Stealers Shopping time for Threat Actors! Mirko Ioris & Francesco Pavanello - Cyber Security Technical Consultants
  • 2. What is a log stealer malware? Log (or information) stealer malware is a type of Trojan that gathers sensitive data from the compromised system and sends it to the attacker. Typical targets are login credentials, credit card information, crypto wallets and browser information (cookies, history, autofill). https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem
  • 3. Log stealer malware infection chain § YouTube video on stolen account § Websites masquerading as blogs to deliver password-protected archives § Software installation pages to deliver password- protected archives § Phishing emails § Google ADS https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem
  • 5. Redline § Available from: February 2020 (on WWH Club and BHF forum) § Owners: Glade aka REDGlade § Telegram channel: https://t.me/REDLINESELLER | https://t.me/redlinesupport_new § Nationality: Russian § Other info: More than 2 Million records on Russian Market § Service cost: from 100$ to 200$ per month
  • 6. Redline https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904 Redline communication with the C2 server for retrieving configuration and send the stolen data. Other stealers use similar methodologies.
  • 7. § Available from: 20/05/2019, version 2.0 from 15/09/2022 (on XSS forum) § Owners: @raccoonstealer on XSS forum § Other info: More than 1 Million records on Russian Market § Nationality: Ukrainian § Service cost: 200$ / month § Telegram channel: https://t.me/miaranimator | https://t.me/gr33nl1ght Raccoon
  • 8. § At least 50 million unique credentials stolen worldwide § FBI disclosure site on https://raccoon.ic3.gov/home Raccoon
  • 10. Telegram markets § Independent sellers § Go here https://github.com/fastfire/deepdarkCTI/blob/main/telegram.md and search for 'logs'
  • 11. 2Easy Market § More than 850.000 records § Paid access § Catalogue: logs only § Log name format: prefix+unique numbers chars (i.e. 2easy_logs_651587.zip) § Deposit available in: Bitcoin BTC, Bitcoincash BCH, Dash DASH, Dogecoin DOGE, Ethereum ETH, Ethereumclassic ETC, Litecoin LTC, Monero XMR, Zcash § Can search for: Seller, Date, Country, Word Available metadata: Links, Seller, Country, Installed Date, Price USD, Seller Rating § Online Support + Telegram chat for updates
  • 12. Genesis Market § More than 460.000 records § Invitation access § Catalogue: logs only § Deposit available in: Bitcoin BTC, Litecoin LTC, Monero XMR, Dashs § Offers tools like Genesis Security Plugin & Genesium Browser § Log name format: 32 hexadecimal chars (i.e. 7B034E8C77F92627192802CCCE2AB3DD.zip) § Can search for: Bot Name, Name, Domain, IP, Country, OS, Price § Available metadata: Links, Country, # of Resources, # of Browsers, Installed Date, Updated Date, IP (first 2 triplets), OS, Price USD § Online Support `
  • 13. Russian Market § More than 7.000.000 records § Paid access § Catalogue: logs, RDP access, PayPal accounts, credit cards § Log name format: prefix+unique numbers chars (i.e. LOGID- 5260493.zip) § Deposit available in: Bitcoin BTC, Ethereum ETH, Litecoin LTC § Can search for: stealer, state, ISP, System, City, Outlook, Country, Zip, Links § Available metadata: Links, Stealer, Country, Structure, Installed Date, Size, Vendor, Price USD, Online Support
  • 14. Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
  • 15. Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
  • 16. Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
  • 17. Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
  • 18. Log Example Stealers organize logs in a ZIP folder. There is no standard format but usually the following are the information contained:
  • 20. Market scraper § A research should be done in OPSEC mode § Online § Keywords based the real domains: wuerth-phoenix.com à rth-ph § A lot of garbage § Offline § Real domains § Evidence of interest § Useful Python libraries and API § Selenium § Pyppeteer & Beautifulsoup § Requests & Beautifulsoup § Undetectedchromedriver § 2Captcha API (charged)
  • 21. Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution
  • 22. Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution
  • 23. Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution § Research using keywords
  • 24. Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution § Research using keywords § Export of results in JSON format
  • 25. Market scraper § A script divided in 2 phases: § Online § Login & captcha resolution § Research using keywords § Export of results in JSON format § Offline § Filtering results § Saving evidence on the database
  • 27. SATAYO integration We have developed scrapers able to monitor the 3 major marketplaces (Russian, 2Easy, Genesis).
  • 28. Evidence Analysis § Compromised system information § Identity of the victim § Credentials found within the log § Optional login test § Mitigation and suggestions
  • 30. Traffers analysis Open Shodan and search using this dork: http.html:"stealer"
  • 31. Traffers analysis Open Shodan and search using this dork: http.html:"stealer"
  • 32. 2easy analysis Open Shodan and search using this dork: http.html:“2easy.shop"
  • 33. 2easy analysis Open Shodan and search using this dork: http.html:“2easy.shop"
  • 34. Contact information § Mirko Ioris § - mirko.ioris@wuerth-phoenix.com § - linkedin.com/in/mirkoioris18 § - @Mikkos § Francesco Pavanello § - francesco.pavanello@wuerth-phoenix.com § - linkedin.com/in/francescopavanello § - @frapava98