 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: MagicWeb| Names | MagicWeb | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Microsoft) MagicWeb goes beyond the collection capabilities of FoggyWeb by facilitating covert access directly. MagicWeb is a malicious DLL that allows manipulation of the claims passed in tokens generated by an Active Directory Federated Services (AD FS) server. It manipulates the user authentication certificates used for authentication, not the signing certificates used in attacks like Golden SAML. | |
| Information | <https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/> | |
Last change to this tool card: 12 September 2022
Download this tool card in JSON format
Previous: MagicRAT
Next: MailPassView
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | APT 29, Cozy Bear, The Dukes |  | 2008-Feb 2024  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |