Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:25:04 UTC
Home > List all groups > List all tools > List all groups using tool FoggyWeb
 Tool: FoggyWeb
Names FoggyWeb
Category Malware
Type Backdoor, Info stealer, Exfiltration
Description
(Microsoft) FoggyWeb is a passive and highly targeted backdoor capable of remotely
exfiltrating sensitive information from a compromised AD FS server. It can also receive
additional malicious components from a command-and-control (C2) server and execute
them on the compromised server.
Information
MITRE ATT&CK Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool FoggyWeb
Changed Name Country Observed
APT groups
 APT 29, Cozy Bear, The Dukes 2008-Feb 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3ed49155-5353-44ac-aadc-f29df4e720c2
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3ed49155-5353-44ac-aadc-f29df4e720c2
Page 1 of 1