FoggyWeb (bc11844e-0348-4eed-a48a-0554d68db38c)

FoggyWeb is a passive and highly-targeted backdoor capable of remotely exfiltrating sensitive information from a compromised Active Directory Federated Services (AD FS) server. It has been used by APT29 since at least early April 2021.^{[MSTIC FoggyWeb September 2021]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447)	Tidal Groups	FoggyWeb (bc11844e-0348-4eed-a48a-0554d68db38c)	Tidal Software	1