T1567

Exfiltration Over Web Service

discovered 2026-07-14

The stolen asyncapi-bot PAT was exfiltrated from the CI runner to a rentry.co dead-drop URL (slug 'elzotebo') before automated review flagged the malicious PR.

View on MITRE ATT&CK

Campaigns