The sub-techniques beta is now live! Read the release blog post for more info.
SOFTWARE
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. LaZagne

LaZagne

LaZagne is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows systems. LaZagne is publicly available on GitHub.[1]

ID: S0349
Type: TOOL
Platforms: Linux, macOS, Windows
Version: 1.0
Created: 30 January 2019
Last Modified: 24 June 2019
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1003 Credential Dumping

LaZagne can perform credential dumping to obtain account and password information.[1]
Enterprise T1503 Credentials from Web Browsers

LaZagne can obtain credentials from web browsers such as Google Chrome, Internet Explorer, and Firefox.[1]
Enterprise T1081 Credentials in Files

LaZagne can obtain credentials from browsers, chats, databases, mail, and WiFi.[1]

Groups That Use This Software

ID Name References
G0077 Leafminer [2]
G0049 OilRig [3]
G0022 APT3 [4]
G0069 MuddyWater [5]
G0064 APT33 [6]

References

  1. Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.
  2. Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.
  3. Mandiant. (2018). Mandiant M-Trends 2018. Retrieved July 9, 2018.
  1. Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.
  2. Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.
  3. Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.