Attackers can use *.mybluemix.net to host their phishing websites. They can be used for credential harvesting or redirecting users to a malicious websites.
Command and Control
Attackers can use *.mybluemix.net for C&C purposes.
Exfiltration
None
Download
Malicious tools can be stored on *.mybluemix.net and downloaded when required.