LoFiSe
ID: S1101
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 19 January 2024
Last Modified: 19 January 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | 从本地系统获取数据 |
LoFiSe can collect files of interest from targeted systems.[1] |
|
| Enterprise | T1574 | .002 | 劫持执行流: DLL Side-Loading |
LoFiSe has been executed as a file named DsNcDiag.dll through side-loading.[1] |
| Enterprise | T1560 | 归档收集数据 |
LoFiSe can collect files into password-protected ZIP-archives for exfiltration.[1] |
|
| Enterprise | T1074 | .001 | 数据分段: Local Data Staging |
LoFiSe can save files to be evaluated for further exfiltration in the |
| Enterprise | T1083 | 文件和目录发现 |
LoFiSe can monitor the file system to identify files less than 6.4 MB in size with file extensions including .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .rtf, .tif, .odt, .ods, .odp, .eml, and .msg.[1] |
|
| Enterprise | T1119 | 自动化收集 |
LoFiSe can collect all the files from the working directory every three hours and place them into a password-protected archive for further exfiltration.[1] |
|