Skip to content

Hide Navigation Hide TOC

NirSoft (efa5fff4-f6db-4719-91c7-97dbe93099a8)

NirSoft is a self-described "freeware" utility that can be used to recover passwords.[NirSoft Website] According to U.S. cybersecurity authorities, ransomware actors such as those associated with the Royal ransomware operation have used the NirSoft utility to harvest passwords for malicious purposes.[#StopRansomware: Royal Ransomware | CISA]

Cluster A Galaxy A Cluster B Galaxy B Level
Phobos Ransomware Actors (f138c814-48c0-4638-a4d6-edc48e7ac23a) Tidal Groups NirSoft (efa5fff4-f6db-4719-91c7-97dbe93099a8) Tidal Software 1
NirSoft (efa5fff4-f6db-4719-91c7-97dbe93099a8) Tidal Software BlackSuit Ransomware Actors (1d751794-ce94-4936-bf45-4ab86d0e3b6e) Tidal Groups 1