ioc[.]one - OSINT Cyber Threat Intelligence Database

Screentime: Sometimes It Feels Like Somebody's Watching Me | Proofpoint US

Tags

cmtmf-attack-pattern:	Traffic Distribution
country:	Canada Germany Russia United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	1cf6b7c6-8391-4839-9225-45aa0aec93e6
Fingerprint	249b29118e7026a1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 8, 2023, 12:06 p.m.
Added to db	June 5, 2023, 1:33 p.m.
Last updated	Nov. 11, 2024, 6:26 a.m.
Headline	Screentime: Sometimes It Feels Like Somebody's Watching Me
Title	Screentime: Sometimes It Feels Like Somebody's Watching Me \| Proofpoint US
Detected Hints/Tags/Attributes	88/4/58

Source URLs

	Redirection	Url
Details	Source	https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me

URL Provider

Details	Provider	Source level domain
Details	proofpoint.com	www.proofpoint.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	354	✔	Proofpoint Threat Insight	https://www.proofpoint.com/us/threat-insight-blog.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	52	socket.io
Details	Domain	2	southfirstarea.com
Details	Domain	2	black-socks.org
Details	Domain	1	enigma-soft.com
Details	Domain	1	anyfisolusi.com
Details	Domain	2	moosdies.top
Details	Domain	2	peak-pjv.com
Details	Domain	2	otameyshan.com
Details	Domain	2	thebtcrevolution.com
Details	Domain	2	annemarieotey.com
Details	Domain	2	expresswebstores.com
Details	Domain	2	styleselect.com
Details	Domain	2	mikefaw.com
Details	Domain	2	fgpprlaw.com
Details	Domain	2	duncan-technologies.net
Details	Domain	2	virtualmediaoffice.com
Details	Domain	2	samsontech.mobi
Details	Domain	2	footballmeta.com
Details	Domain	2	gfcitservice.net
Details	Domain	2	listfoo.org
Details	Domain	2	duinvest.info
Details	Domain	2	shiptrax24.com
Details	Domain	2	repossessionheadquarters.org
Details	Domain	2	bluecentury.org
Details	File	1	document_24_jan-3559116.js
Details	File	4	ke.msi
Details	File	1	ocdservice.vbs
Details	File	1	lumina.exe
Details	File	59	app.js
Details	File	174	index.js
Details	File	2	au3.exe
Details	File	2	autohotkeyu32.exe
Details	File	1	action2_au3.exe
Details	File	2	financing.xlsm
Details	File	1	important_changes.xlsm
Details	File	2	persons.xlsx
Details	sha256	1	d934d109f5b446febf6aa6a675e9bcc41fade563e7998788824f56b3cc16d1ed
Details	sha256	1	29e447a6121dd2b1d1221821bd6c4b0e20c437c62264844e8bcbb9d4be35f013
Details	sha256	1	292344211976239c99d62be021af2f44840cd42dd4d70ad5097f4265b9d1ce01
Details	sha256	2	02049ab62c530a25f145c0a5c48e3932fa7412a037036a96d7198cc57cef1f40
Details	sha256	2	d0a4cd67f952498ad99d78bc081c98afbef92e5508daf723007533f000174a98
Details	sha256	1	6e53a93fc2968d90891db6059bac49e975c09546e19a54f1f93fb01a21318fdc
Details	sha256	2	322dccd18b5564ea000117e90dafc1b4bc30d256fe93b7cfd0d1bdf9870e0da6
Details	sha256	2	1f6de5072cc17065c284b21acf4d34b4506f86268395c807b8d4ab3d455b036b
Details	sha256	2	3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4
Details	sha256	2	3db3f919cad26ca155adf8c5d9cab3e358d51604b51b31b53d568e7bcf5301e2
Details	IPv4	1	178.20.45.197
Details	IPv4	1	185.180.199.229
Details	IPv4	1	1.1.33.10
Details	IPv4	2	79.137.198.60
Details	IPv4	4	109.107.173.72
Details	IPv4	4	89.208.105.255
Details	Url	2	http://79.137.198.60/1/ke.msi
Details	Url	2	http://109.107.173.72/%serial%
Details	Url	2	http://109.107.173.72/screenshot/%serial%
Details	Url	2	http://89.208.105.255/%serial%-du2
Details	Url	2	http://89.208.105.255/%serial%
Details	Url	1	http://89.208.105.255/download?path=e