LaZagne
LaZagne is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows systems. LaZagne is publicly available on GitHub.[1]
ID: S0349
Type: TOOL
Platforms: Linux, macOS, Windows
Version: 1.0
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| Enterprise | T1003 | Credential Dumping |
LaZagne can perform credential dumping to obtain account and password information.[1] |
| Enterprise | T1503 | Credentials from Web Browsers |
LaZagne can obtain credentials from web browsers such as Google Chrome, Internet Explorer, and Firefox.[1] |
| Enterprise | T1081 | Credentials in Files |
LaZagne can obtain credentials from browsers, chats, databases, mail, and WiFi.[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0077 | Leafminer | [2] |
| G0049 | OilRig | [3] |
| G0022 | APT3 | [4] |
| G0069 | MuddyWater | [5] |
| G0064 | APT33 | [6] |
References
- Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.
- Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.
- Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.