Description
[LazyScripter](https://attack.mitre.org/groups/G0140) is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.(Citation: MalwareBytes LazyScripter Feb 2021)
Techniques Used (TTPs)
- T1204.001 — Malicious Link (execution)
- T1218.005 — Mshta (defense-evasion)
- T1608.001 — Upload Malware (resource-development)
- T1204.002 — Malicious File (execution)
- T1102 — Web Service (command-and-control)
- T1059.007 — JavaScript (execution)
- T1583.001 — Domains (resource-development)
- T1059.005 — Visual Basic (execution)
- T1071.004 — DNS (command-and-control)
- T1588.001 — Malware (resource-development)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1036 — Masquerading (defense-evasion)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1059.001 — PowerShell (execution)
- T1059.003 — Windows Command Shell (execution)
- T1027.010 — Command Obfuscation (defense-evasion)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1218.011 — Rundll32 (defense-evasion)
- T1566.002 — Spearphishing Link (initial-access)
- T1583.006 — Web Services (resource-development)
Total TTPs: 20