Common Information
| Type | Value |
|---|---|
| Value |
Client Configurations - T1592.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may gather information about the victim's client configurations that can be used during targeting. Information about client configurations may include a variety of details and settings, including operating system/version, virtualization, architecture (ex: 32 or 64 bit), language, and/or time zone. Adversaries may gather this information in various ways, such as direct collection actions via [Active Scanning](https://attack.mitre.org/techniques/T1595) (ex: listening ports, server banners, user agent strings) or [Phishing for Information](https://attack.mitre.org/techniques/T1598). Adversaries may also compromise sites then include malicious content designed to collect host information from visitors.(Citation: ATT ScanBox) Information about the client configurations may also be exposed to adversaries via online or other accessible data sets (ex: job postings, network maps, assessment reports, resumes, or purchase invoices). Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Develop Capabilities](https://attack.mitre.org/techniques/T1587) or [Obtain Capabilities](https://attack.mitre.org/techniques/T1588)), and/or initial access (ex: [Supply Chain Compromise](https://attack.mitre.org/techniques/T1195) or [External Remote Services](https://attack.mitre.org/techniques/T1133)). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-07-05 | 3 | The Story of regreSSHion: A Resurfaced sshd Vulnerability | ||
| Details | Website | 2023-09-15 | 25 | Bumblebee Loader Resurfaces in New Campaign | ||
| Details | Website | 2023-05-23 | 0 | Faster AWS cloud connections with TLS 1.3 | Amazon Web Services | ||
| Details | Website | 2023-04-24 | 6 | No Portals Needed | ||
| Details | Website | 2022-08-01 | 624 | Vulnerability Summary for the Week of July 25, 2022 | CISA | ||
| Details | Website | 2022-07-22 | 3 | UNKNOWN | ||
| Details | Website | 2022-07-14 | 41 | Rapid Response: The Ngrok Incident Guide | ||
| Details | Website | 2021-05-08 | 36 | Tracking One Year of Malicious Tor Exit Relay Activities (Part II) | ||
| Details | Website | 2021-04-21 | 36 | Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03) | ||
| Details | Website | 2021-04-20 | 102 | Authentication Bypass Techniques and Pulse Secure Zero-Day | ||
| Details | Website | 2021-01-22 | 2 | Quote unquote - How not to encode passwords | ||
| Details | Website | 2020-05-28 | 19 | Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta | ||
| Details | Website | 2017-11-15 | 0 | Always On VPN – DirectAccess+ for Windows 10 | ||
| Details | Website | 2014-10-01 | 0 | Universal SSL: How It Scales |