CredoMap (516ffd19-72b9-43a1-b866-bb075fdcb137)
CredoMap is a credential-stealing malware developed by the Russian espionage actor APT28. The malware harvests cookies and credentials from select web browsers and exfiltrates the information via the IMAP email protocol. CredoMap was observed being used in attack campaigns in Ukraine in 2022.[CERTFR-2023-CTI-009][SecurityScorecard CredoMap September 2022]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT28 (5b1a5b9e-4722-41fc-a15d-196a549e3ac5) | Tidal Groups | CredoMap (516ffd19-72b9-43a1-b866-bb075fdcb137) | Tidal Software | 1 |