Attackers can use a *.appdomain.cloud subdomain to host their phishing websites. They can be used for credential harvesting or redirecting users to a malicious websites.
Command and Control
Attackers can use *.appdomain.cloud for C&C purposes.
Attackers can use *.appdomain.cloud as storage and upload exfiltrated files there.
Malicious tools can be stored on *.appdomain.cloud and downloaded when required.
Last Update: 2021-11-21