Cybercrime is now based on a tightly organised underground economy. The players operating here are often organisations that are in no way inferior to legal companies in terms of their structure and also have well-structured product ranges. The products on offer include phishing as a service, ransomware as a service and log-in data in a subscription model. One particularly interesting type of ransomware is so-called stealerware, which criminals can use to obtain access data very easily. A particularly large collection of stealerware was the so-called NAZ.API. 

In this presentation, we will shed some light on the structures of the underground economy, explain how credentials are obtained and spread, and look specifically at the structure of stealer logs. Finally, we will ...