Skip to content

Hide Navigation Hide TOC

LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)

LoFiSe has been used by ToddyCat since at least 2023 to identify and collect files of interest on targeted systems.(Citation: Kaspersky ToddyCat Check Logs October 2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48) Malware 1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48) Malware 1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48) Malware 1
LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48) Malware 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48) Malware 1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2