LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)

LoFiSe has been used by ToddyCat since at least 2023 to identify and collect files of interest on targeted systems.(Citation: Kaspersky ToddyCat Check Logs October 2023)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)	Malware	1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)	Malware	1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)	Malware	1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)	Malware	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	LoFiSe - S1101 (452da2d9-706c-4185-ad6f-f5edaf4b9f48)	Malware	1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2