{ "Event": { "analysis": "1", "date": "2026-04-09", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-04-09", "publish_timestamp": "1775769081", "published": true, "threat_level_id": "3", "timestamp": "1775768845", "uuid": "026b6c1d-c2ca-41fa-8348-5f1c7dcd1ac1", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-09T02:56:21.514910+00:00", "timestamp": "1775703383", "to_ids": true, "type": "ip-src", "uuid": "f18e8e04-0ec0-4cd2-a2b6-43a803f31822", "value": "2001:470:2cc:1:451e:14ef:afd5:9f58", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-09T07:50:19.297629+00:00", "timestamp": "1775721021", "to_ids": true, "type": "ip-src", "uuid": "4bed269b-8a55-4b05-9db6-5f5116302058", "value": "64.62.197.77", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "haproxy: 165.154.164.21 connecting to (submission/TCP) 15x in hour, possible bruteforcing.", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-09T17:23:00.436343+00:00", "timestamp": "1775755382", "to_ids": true, "type": "ip-src", "uuid": "08e88ef2-7072-4b2b-ac19-2cad4b3f402d", "value": "165.154.164.21", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-09T20:54:36.198594+00:00", "timestamp": "1775768077", "to_ids": true, "type": "ip-src", "uuid": "42f015d2-9c00-46e0-94ec-19f0ecf79a1a", "value": "65.109.104.212", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-09T21:07:24.369755+00:00", "timestamp": "1775768845", "to_ids": true, "type": "ip-src", "uuid": "27cb7970-7b6c-48e6-aacc-6912fe3ec6a3", "value": "185.177.72.51", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] } ] } }