I published the following diary on isc.sans.edu: “Info-Stealer Using webhook.site to Exfiltrate Data“:
We already reported multiple times that, when you offer an online (cloud) service, there are a lot of chances that it will be abused for malicious purposes. I spotted an info-stealer that exfiltrates data through webhook.site. Today, many Python scripts use Discard as a C2 communication channel. This time, something different and that looks definitively less suspicious… [Read more]
