NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / LazyScripter

LazyScripter

G0140 MITRE ATT&CK →

Overview

LazyScripter is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.

TTPs — 20 techniques across 6 tactics

Resource Development

T1583.001 Domains
T1583.006 Web Services
T1588.001 Malware
T1608.001 Upload Malware

Initial Access

T1566.001 Spearphishing Attachment
T1566.002 Spearphishing Link

Execution

T1059.001 PowerShell
T1059.003 Windows Command Shell
T1059.005 Visual Basic
T1059.007 JavaScript
T1204.001 Malicious Link
T1204.002 Malicious File

Persistence

T1547.001 Registry Run Keys / Startup Folder

Stealth

T1027.010 Command Obfuscation
T1036 Masquerading
T1218.005 Mshta
T1218.011 Rundll32

Command and Control

T1071.004 DNS
T1102 Web Service
T1105 Ingress Tool Transfer

Tools & malware (7)

Remcos · QuasarRAT · njRAT · ngrok · Empire · Koadic · KOCTOPUS

Reporting (1)

LazyScripter: From Empire to double RAT — Jazi, H