S0661Windows

S0661FoggyWeb

Platforms
1
ATT&CK
14.1
References
2

Description

[FoggyWeb](https://attack.mitre.org/software/S0661) is a passive and highly-targeted backdoor capable of remotely exfiltrating sensitive information from a compromised Active Directory Federated Services (AD FS) server. It has been used by [APT29](https://attack.mitre.org/groups/G0016) since at least early April 2021.(Citation: MSTIC FoggyWeb September 2021)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT29g0016100%live

References

  1. https://attack.mitre.org/software/S0661
  2. https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SDBbot
Software
FatDuke
Software
RainyDay
Software
BoxCaon
Software
EVILNUM
Software
Ferocious
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.