I published the following diary on isc.sans.edu: “Info-Stealer Using webhook.site to Exfiltrate Data“:
We already reported multiple times that, when you offer an online (cloud) service, there are a lot of chances that it will be abused for malicious purposes. I spotted an info-stealer that exfiltrates data through webhook.site
. Today, many Python scripts use Discard as a C2 communication channel. This time, something different and that looks definitively less suspicious… [Read more]
![](https://blog.rootshell.be/wp-content/uploads/2021/12/isc-20211201-1-1024x935.png)