{"description": "Enterprise techniques used by LoFiSe, ATT&CK software S1101 (v1.0)", "name": "LoFiSe (S1101)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1560", "comment": "[LoFiSe](https://attack.mitre.org/software/S1101) can collect files into password-protected ZIP-archives for exfiltration.(Citation: Kaspersky ToddyCat Check Logs October 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1119", "comment": "[LoFiSe](https://attack.mitre.org/software/S1101) can collect all the files from the working directory every three hours and place them into a password-protected archive for further exfiltration.(Citation: Kaspersky ToddyCat Check Logs October 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1005", "comment": "[LoFiSe](https://attack.mitre.org/software/S1101) can collect files of interest from targeted systems.(Citation: Kaspersky ToddyCat Check Logs October 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1074", "showSubtechniques": true}, {"techniqueID": "T1074.001", "comment": "[LoFiSe](https://attack.mitre.org/software/S1101) can save files to be evaluated for further exfiltration in the `C:\\Programdata\\Microsoft\\` and \t`C:\\windows\\temp\\` folders.\n (Citation: Kaspersky ToddyCat Check Logs October 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1083", "comment": "[LoFiSe](https://attack.mitre.org/software/S1101) can monitor the file system to identify files less than 6.4 MB in size with file extensions including .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .rtf, .tif, .odt, .ods, .odp, .eml, and .msg.(Citation: Kaspersky ToddyCat Check Logs October 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1574", "showSubtechniques": true}, {"techniqueID": "T1574.001", "comment": "[LoFiSe](https://attack.mitre.org/software/S1101) has been executed as a file named DsNcDiag.dll through side-loading.(Citation: Kaspersky ToddyCat Check Logs October 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by LoFiSe", "color": "#66b1ff"}]}