The usage of cloud has grown exponentially. Cloud offers a great deal of flexibility, reliability, accessibility, and uptime to the services running on it. Enterprises now use Cloud for storing critical data, confidential data and collaborating data with shared users. The adoption of the cloud has also given full scope for cybercriminals, malware authors, and threat actors to launch attacks and stay under the radar. The recent Cloud report released by Netskope mentions that in an enterprise, an average of one thousand or more cloud services are in use, which includes both sanctioned (IT approved) and unsanctioned apps (shadow IT apps). Gartner’s security predictions say that by 2020, more than a third of successful attacks experienced by enterprises will be in their shadow IT resources. Accordingly, we see a surge in malware using Cloud services. The usage of the Cloud is not only limited to an attack delivery surface, but also as an infrastructure hosting surface where threat actors can host Command and Control (C&C ) servers inferring Cloud as a potential attack vector.