IOC Radar
TLP:WHITE3 IOCs

UNC3753 Targets US Law Firms with Vishing and RMM Tools

CP
Cyber Press
Published June 6, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYLockBitUNC3753INFRASTRUCTUREhelpdesk.comit.comitdesk.comCAPABILITYLockBitVICTIMunknown
Adversary(2)
Infrastructure(3)
Capability(1)
Victim

Attack Flow10 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1566
1/10
Phishing
ActionSend priming emails
Actors send benign invoice-themed emails to prime targets for a follow-up call.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise3

TypeIndicatorConfidenceScoreFirst Seen
Domainhelpdesk.com
intel-blogmalwarenetwork
High
55
Jun 7, 26
Domainit.com
intel-blogmalwarenetwork
High
58
Jun 7, 26
Domainitdesk.com
intel-blogmalwarenetwork
High
55
Jun 7, 26

IOC Relationship Graph

IOC Relationship Graph3 total IOCs
Domain
Domain3Actors2Malware1REPORTUNC3753 Targets US Law FirLockBitUNC3753LockBit
scroll to zoom · drag to pan · click IOC to open