ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool SessionGopher

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SessionGopher

NamesSessionGopher
CategoryTools
TypeCredential stealer
DescriptionSessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems, jump boxes, or point-of-sale terminals.
Information<https://github.com/Arvanaghi/SessionGopher>

Last change to this tool card: 23 June 2020

Download this tool card in JSON format

Previous: ServHelper
Next: ShadowHammer

All groups using tool SessionGopher

ChangedNameCountryObserved

APT groups

 Wizard Spider, Gold BlackburnRussia2014-Aug 2021 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key