Leaked Credential Collection Sources
The Leaked Credentials add-on for Avanan collects leaked credentials from multiple sources across both the open web and underground ecosystems. These include:
-
Telegram: Channels and groups that share credentials, fullz (complete identity profiles), and malware logs.
-
File-sharing platforms: Services such as GoFile are commonly used to distribute malware logs and credential dumps.
-
VirusTotal (VT): Credential data extracted from malware samples submitted to the platform.
-
Cybercrime forums: A curated set of high-value deep and dark web forums that directly or indirectly contribute to credential exposure. These include, but are not limited to:
-
DarkForums
-
Exploit
-
Cracked
-
Cracking
-
BHF
-
Dread
-
Leakbase
-
BreachForums
-
This multi-source approach enables the comprehensive and timely aggregation of compromised credentials, enhancing visibility across a broad threat landscape.
This list is partial and is continuously updated to reflect changes in adversary infrastructure and intelligence collection capabilities.