{ "Event": { "analysis": "2", "date": "2017-02-22", "extends_uuid": "", "info": "Sinkholes servers with http header Server: malware-sinkhole", "publish_timestamp": "1487760601", "published": true, "threat_level_id": "4", "timestamp": "1487756912", "uuid": "58ad5d57-3058-48b8-8c08-553602de0b81", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1487756736", "to_ids": false, "type": "link", "uuid": "58ad5dc0-9790-45f4-840b-cf0402de0b81", "value": "https://censys.io/ipv4?q=80.http.get.headers.server%3Amalware-sinkhole" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1487756799", "to_ids": true, "type": "domain", "uuid": "58ad5dff-4d9c-4558-b06f-553702de0b81", "value": "oraclesoft.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1487756825", "to_ids": true, "type": "ip-dst", "uuid": "58ad5e19-6128-4ca4-9f54-2cec02de0b81", "value": "209.249.180.243" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1487756861", "to_ids": true, "type": "ip-dst", "uuid": "58ad5e3d-fad0-4b82-a0f9-2ced02de0b81", "value": "67.205.153.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1487756862", "to_ids": true, "type": "ip-dst", "uuid": "58ad5e3e-ae64-4c3b-8057-2ced02de0b81", "value": "209.249.180.246" }, { "category": "Network activity", "comment": "Resolving to 67.205.153.100", "deleted": false, "disable_correlation": false, "timestamp": "1487756912", "to_ids": true, "type": "domain", "uuid": "58ad5e70-201c-44ab-bba3-2cf002de0b81", "value": "nicklockluckydog.org" } ] } }