Threat Types & Sources (Infostealer, Breach, Paste, etc.)
Threat Types & Sources (Infostealer, Breach, Paste, etc.)
Selki classifies threats based on where an exposed identity was found and how the data was compromised.
Understanding exposure types helps your security team evaluate urgency, investigate context, and prioritize remediation according to real-world risk.
Below are the primary threat types and sources detected by Selki.
1. Infostealer Malware
Infostealers are one of the most dangerous and active sources of real-world credential compromise.
These malware families infect devices — often via malicious downloads, fake installers, cracked software, or phishing — and exfiltrate:
- emails
- passwords (plaintext or hashed)
- session tokens
- browser-stored credentials
- autofill data
- cookies
- hostnames and device fingerprints
This data is then sold or traded in cybercrime markets.
Why infostealer threats are critical:
- the data is recent and accurate
- usually includes plaintext passwords
- often contains multiple credentials from the same user
- indicates full device compromise
- attackers reuse the stolen credentials quickly
Infostealers are almost always High or Critical severity.
2. Breach Dumps
Breach dumps come from large-scale database compromises affecting external platforms used by your employees or customers.
They may include:
- emails
- hashed passwords
- usernames
- personal information
- partial authentication data
Risk considerations:
- older breaches are lower risk
- recent breaches may still be exploited
- password reuse drastically increases danger
Selki automatically correlates breach data to your monitored domains.
3. Paste Sites and Public Repositories
These include accidental or intentional leaks on:
- public pastebins
- text-sharing sites
- configuration repositories
- public Git commits
- forums or open datasets
These exposures often result from:
- human error
- misconfigurations
- debugging or test dumps pushed publicly
- internal credentials mistakenly made public
Risk varies depending on content and recency.
4. Credential Aggregation Dumps
Large credential collections scraped or aggregated from multiple leaks and breaches.
Characteristics include:
- mass-compiled credentials
- varying quality and recency
- potential reused passwords
These exposures are usually Medium risk, except when passwords match active employee accounts.
5. Cross-Source Exposures
When the same identity appears across multiple exposure types:
- infostealer + breach
- paste + breach
- repeated infostealer logs
- multi-incident exposures over time
This significantly raises severity because it indicates:
- repeated compromise
- password reuse
- persistent attacker interest
- compromised device + external breach overlap
Selki treats multi-source exposures as higher risk.
6. What Selki Shows in Threat Details
Each threat displays:
- Exposure type (infostealer, breach, paste, etc.)
- Hostname (for infostealers)
- Password available (yes/no)
- Occurrences (count of findings)
- Source metadata
- First seen / Last seen timestamps
These fields help analysts understand the origin and urgency of the threat.
7. How Source Types Impact Workflow
Exposure Type | Typical Severity | Recommended Action |
|---|---|---|
Infostealer | High–Critical | Immediate password reset + device check |
Recent Breach | Medium–High | Notify user + enforce reset |
Old Breach | Low–Medium | Review for password reuse |
Paste / Public | Varies | Investigate context |
Multi-Source | Critical | Full remediation & monitoring |
Summary
Threat types and sources help you understand how and where a credential was compromised.
Selki categorizes exposures to give you precise context, enabling faster triage and effective risk mitigation.
Next Article
➡ Article 7 – Threat Details Page (Full Explanation)
Updated on: 01/12/2025
Thank you!