LoFiSe

Description

(Kaspersky) This is a component designed to find and collect files of interest on targeted systems. The name LoFiSe derived from the mutex name used by this tool (‘MicrosoftLocalFileService’). The tool itself is a DLL file named DsNcDiag.dll that is launched using the DLL side-loading technique. The legitimate executable file with digital signature and original name nclauncher.exe from the software package Pulse Secure Network Connect 8.3 is used as a loader.

Names

Name
LoFiSe

Type

Exfiltration

Information

https://securelist.com/toddycat-keep-calm-and-check-logs/110696/

Mitre Attack

https://attack.mitre.org/software/S1101

Other Information

Uuid

c10afbe6-aae7-4f65-a2a9-ca61f34ae80b

Last Card Change

2024-06-19

Threat Intelligence Garden

Explorer

LoFiSe

LoFiSe

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks