← threatfilter.dev / all groups / LazyScripter
LazyScripter
Overview
LazyScripter is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.
TTPs — 20 techniques across 6 tactics
Resource Development
-
T1583.001Domains -
T1583.006Web Services -
T1588.001Malware -
T1608.001Upload Malware
Initial Access
-
T1566.001Spearphishing Attachment -
T1566.002Spearphishing Link
Execution
-
T1059.001PowerShell -
T1059.003Windows Command Shell -
T1059.005Visual Basic -
T1059.007JavaScript -
T1204.001Malicious Link -
T1204.002Malicious File
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1027.010Command Obfuscation -
T1036Masquerading -
T1218.005Mshta -
T1218.011Rundll32
Command and Control
-
T1071.004DNS -
T1102Web Service -
T1105Ingress Tool Transfer
Tools & malware (7)
Remcos · QuasarRAT · njRAT · ngrok · Empire · Koadic · KOCTOPUS
Reporting (1)
- LazyScripter: From Empire to double RAT — Jazi, H