IGT supertool - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:46:53 UTC
Home > List all groups > List all tools > List all groups using tool IGT supertool
 Tool: IGT supertool
Names
IGT supertool
Information Gathering Tool
Category Malware
Type Reconnaissance, Credential stealer
Description
(Kaspersky) A noteworthy addition to the Poseidon toolkit is the IGT supertool (Information
Gathering toolkit), a bulking 15 megabyte executable that orchestrates a series of different
information collections steps, exfiltration, and the cleanup of components. This tool appears to
be designed to operate on high-value corporate systems like Domain Controllers or IIS servers
that act as repositories of valuable information, particularly for lateral movement. The
Information Gathering Tool (IGT) tool is coded in Delphi and includes powershell and SQL
components across a dozen different drops. This tool contains several other executable files
made in different programming languages ranging from Visual Basic 6 to C#, each one
performing a very clear task devised by the group when trying to obtain more information
from an objective. The main purpose of the IGT tool is to make an inventory of the system,
saving information from the network interfaces and addresses, credentials belonging to the
Domain and database server, services being run from the OS and everything that could help
the Poseidon Group make its attack more customized to its victim.
Information
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
All groups using tool IGT supertool
Changed Name Country Observed
APT groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b
Page 1 of 2

Poseidon Group 2005-Feb 2016
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aec9cf8f-47ca-4f6e-af5d-e12865e5bd4b
Page 2 of 2