{ "type": "URL", "indicator": "https://kotik.cc/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://kotik.cc/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4024529390, "indicator": "https://kotik.cc/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "677e2f9493627637bc42a073", "name": "jf_cf_frostovip.exe and 180^^^^^AAn_ok.exe", "description": "A report on a Windows malware attack has been published online by Microsoft and by Nextron Systems, the same company that developed the attack itself, and is being investigated by the US National Security Agency (NSA).", "modified": "2025-01-08T07:56:04.885000", "created": "2025-01-08T07:56:04.885000", "tags": [ "pejzasz", "sha1", "imphasz", "greedy file", "deletion using", "del id", "xjunior", "nextron", "example", "externalnet", "filedataports", "homenet" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4, "FileHash-SHA256": 59, "URL": 50, "domain": 2, "FileHash-MD5": 7, "FileHash-SHA1": 5 }, "indicator_count": 127, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "511 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 127 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/kotik.cc", "whois": "http://whois.domaintools.com/kotik.cc", "domain": "kotik.cc", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "677e2f9493627637bc42a073", "name": "jf_cf_frostovip.exe and 180^^^^^AAn_ok.exe", "description": "A report on a Windows malware attack has been published online by Microsoft and by Nextron Systems, the same company that developed the attack itself, and is being investigated by the US National Security Agency (NSA).", "modified": "2025-01-08T07:56:04.885000", "created": "2025-01-08T07:56:04.885000", "tags": [ "pejzasz", "sha1", "imphasz", "greedy file", "deletion using", "del id", "xjunior", "nextron", "example", "externalnet", "filedataports", "homenet" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4, "FileHash-SHA256": 59, "URL": 50, "domain": 2, "FileHash-MD5": 7, "FileHash-SHA1": 5 }, "indicator_count": 127, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "511 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://kotik.cc/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://kotik.cc/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780497372.6226048 }