{ "id": "b23ae9c3-c599-4f56-af58-6845fa9240ad", "created_at": "2026-04-06T00:19:38.179206Z", "updated_at": "2026-04-10T03:29:17.036945Z", "deleted_at": null, "sha1_hash": "c89c36b864cb14acc9fa2c5d58c1ac0077738093", "title": "IGT supertool - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 57677, "plain_text": "IGT supertool - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:46:53 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool IGT supertool\n Tool: IGT supertool\nNames\nIGT supertool\nInformation Gathering Tool\nCategory Malware\nType Reconnaissance, Credential stealer\nDescription\n(Kaspersky) A noteworthy addition to the Poseidon toolkit is the IGT supertool (Information\nGathering toolkit), a bulking 15 megabyte executable that orchestrates a series of different\ninformation collections steps, exfiltration, and the cleanup of components. This tool appears to\nbe designed to operate on high-value corporate systems like Domain Controllers or IIS servers\nthat act as repositories of valuable information, particularly for lateral movement. The\nInformation Gathering Tool (IGT) tool is coded in Delphi and includes powershell and SQL\ncomponents across a dozen different drops. This tool contains several other executable files\nmade in different programming languages ranging from Visual Basic 6 to C#, each one\nperforming a very clear task devised by the group when trying to obtain more information\nfrom an objective. The main purpose of the IGT tool is to make an inventory of the system,\nsaving information from the network interfaces and addresses, credentials belonging to the\nDomain and database server, services being run from the OS and everything that could help\nthe Poseidon Group make its attack more customized to its victim.\nInformation\nLast change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool IGT supertool\nChanged Name Country Observed\nAPT groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b\nPage 1 of 2\n\nPoseidon Group 2005-Feb 2016\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b" ], "report_names": [ "listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b" ], "threat_actors": [ { "id": "144584b0-60b7-437d-9f90-4d46291b0572", "created_at": "2022-10-25T15:50:23.513946Z", "updated_at": "2026-04-10T02:00:05.391788Z", "deleted_at": null, "main_name": "Poseidon Group", "aliases": [ "Poseidon Group" ], "source_name": "MITRE:Poseidon Group", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "4100052f-ccdc-4ee8-b950-434af1c9cef1", "created_at": "2022-10-25T16:07:24.07095Z", "updated_at": "2026-04-10T02:00:04.858608Z", "deleted_at": null, "main_name": "Poseidon Group", "aliases": [ "G0033" ], "source_name": "ETDA:Poseidon Group", "tools": [ "IGT supertool", "Information Gathering Tool" ], "source_id": "ETDA", "reports": null }, { "id": "1c95dd3a-26ea-4ec3-b8a1-831baafe7e8b", "created_at": "2023-01-06T13:46:38.466445Z", "updated_at": "2026-04-10T02:00:02.986899Z", "deleted_at": null, "main_name": "Poseidon Group", "aliases": [ "G0033" ], "source_name": "MISPGALAXY:Poseidon Group", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434778, "ts_updated_at": 1775791757, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c89c36b864cb14acc9fa2c5d58c1ac0077738093.pdf", "text": "https://archive.orkl.eu/c89c36b864cb14acc9fa2c5d58c1ac0077738093.txt", "img": "https://archive.orkl.eu/c89c36b864cb14acc9fa2c5d58c1ac0077738093.jpg" } }