ioc · domain

subreviews[.]azurewebsites[.]net

Azure App Service C2 subdomain associated with Tickler backdoor activity. Microsoft's August 2024 Peach Sandstorm report lists this in the IOC appendix alongside other actor-controlled azurewebsites.net subdomains used to abuse fraudulent Azure tenants for command-and-control.

family: Tickler
first seen: Mar 31, 2024
publisher: Microsoft

source citation