From Stealer Logs to Real Lives: Exposing "Victim Profiling" Behind the Breach
Stealer logs play a key role in cyberattacks, enabling account takeovers, identity theft, and targeted intrusions. For this reason, threat intelligence analysts examine data from these logs — such as stolen credentials, cookies, or tokens — for defensive purposes, including early warning and alerting. In this talk, we present a novel, complementary approach to traditional analyses, focusing on victim profiling and aiming to detect patterns that could predict stealer log activity before it occurs. Over the past year, we have analyzed more than 30 terabytes of data, allowing us to draw conclusions from over 10 million devices affected by major stealer log families: LummaC2 (73%), RedLine (15%), StealC, Vidar, and Raccoon Stealer. We will address victimology aspects and demonstrate how large-scale analysis of stealer log metadata and contents.
Ponente(s):


