Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:14:30 UTC
Home > List all groups > List all tools > List all groups using tool SessionGopher
 Tool: SessionGopher
Names SessionGopher
Category Tools
Type Credential stealer
Description
SessionGopher is a PowerShell tool that finds and decrypts saved session information for
remote access tools. It has WMI functionality built in so it can be run remotely. Its best use
case is to identify systems that may connect to Unix systems, jump boxes, or point-of-sale
terminals.
Information <https://github.com/Arvanaghi/SessionGopher>
Last change to this tool card: 24 June 2020
Download this tool card in JSON format
All groups using tool SessionGopher
Changed Name Country Observed
APT groups
  Wizard Spider, Gold Blackburn 2014-May 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b5341898-0eab-48d9-897b-208caed2fbc7
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b5341898-0eab-48d9-897b-208caed2fbc7
Page 1 of 1