The sub-techniques beta is now live! Read the release blog post for more info.


LaZagne is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows systems. LaZagne is publicly available on GitHub.[1]

ID: S0349
Type: TOOL
Platforms: Linux, macOS, Windows
Version: 1.0
Created: 30 January 2019
Last Modified: 24 June 2019

Techniques Used

Domain ID Name Use
Enterprise T1003 Credential Dumping

LaZagne can perform credential dumping to obtain account and password information.[1]

Enterprise T1503 Credentials from Web Browsers

LaZagne can obtain credentials from web browsers such as Google Chrome, Internet Explorer, and Firefox.[1]

Enterprise T1081 Credentials in Files

LaZagne can obtain credentials from browsers, chats, databases, mail, and WiFi.[1]

Groups That Use This Software

ID Name References
G0077 Leafminer [2]
G0049 OilRig [3]
G0022 APT3 [4]
G0069 MuddyWater [5]
G0064 APT33 [6]