Attackers have the ability to choose a customized subdomain on web.core.windows.net. Attackers abuse this functionality by hosting phishing websites using the web.core.windows.net subdomain.
Command and Control
*.web.core.windows.net can be used as C&C servers.
Attackers can upload exfiltrated data onto applications hosted on *.web.core.windows.net
Malicious tools can be stored on *.web.core.windows.net and downloaded when required.
Last Update: 2021-11-10