SessionGopher (179ed67a-6142-49c2-8e71-927b9c47e6f5)
SessionGopher is an open-source PowerShell tool that, according to its GitHub project page, can be used to surface and decrypt saved session information for remote access tools like PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP.[GitHub Arvanaghi SessionGopher]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| SessionGopher (179ed67a-6142-49c2-8e71-927b9c47e6f5) | Tidal Software | BianLian Ransomware Group (a2add2a0-2b54-4623-a380-a9ad91f1f2dd) | Tidal Groups | 1 |