*.blob.core.windows.net

Phishing Download Exfiltration

Attackers have the ability to choose a customized subdomain on blob.core.windows.net for blob storage. Attackers abuse this functionality by hosting .html files using the blob.core.windows.net subdomain and therefore creating fake login pages that capture credentials.

None

Attackers can upload exfiltrated data onto applications hosted on *.blob.core.windows.net

Malicious tools can be stored on *.blob.core.windows.net and downloaded when required.

https://www.joesandbox.com/analysis/464535/0/html