Update lazagne.md

microsoft · Sep 10, 2020 · cc7b7b8 · cc7b7b8
1 parent 07fdef2
commit cc7b7b8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Credential Access/lazagne.md b/Credential Access/lazagne.md
@@ -2,7 +2,7 @@
 
 This query was originally published in the threat analytics report, *Ryuk ransomware*. There is also a related [blog](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/).
 
-[Ryuk](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Ryuk&threatId=-2147232689) is human-operated ransomware. Muck like [DoppelPaymer](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/) ransomware, Ryuk is spread manually, often on networks that are already infected with Trickbot.
+[Ryuk](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Ryuk&threatId=-2147232689) is human-operated ransomware. Much like [DoppelPaymer](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/) ransomware, Ryuk is spread manually, often on networks that are already infected with Trickbot.
 
 During a typical Ryuk campaign, an operator will use [LaZagne](https://github.com/AlessandroZ/LaZagne), a credential theft tool, to access stored passwords for service accounts. The accounts are then used to jump from desktop clients to servers or domain controllers, allowing for better reconnaissance, faster movement, and a more severe impact on the target.