{
  "Event": {
    "analysis": "1",
    "date": "2026-04-20",
    "extends_uuid": "",
    "info": "KRVTZ-NET IDS alerts for 2026-04-20",
    "publish_timestamp": "1776709443",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1776709438",
    "uuid": "07cbee90-85e6-4b82-85d3-cf7afc0ec3d7",
    "Orgc": {
      "name": "Krawczyk Industries Limited",
      "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#00ce5f",
        "local": false,
        "name": "misp:event-type=\"observation\"",
        "relationship_type": ""
      },
      {
        "colour": "#50003a",
        "local": false,
        "name": "kill-chain:Reconnaissance",
        "relationship_type": ""
      },
      {
        "colour": "#009042",
        "local": false,
        "name": "misp:automation-level=\"unsupervised\"",
        "relationship_type": ""
      },
      {
        "colour": "#edbfa2",
        "local": false,
        "name": "type:OSINT', 'osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T00:06:15.665412+00:00",
        "timestamp": "1776643578",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "8a3ea6f7-e1d6-4a1b-8eca-014a3559195f",
        "value": "2001:470:1:fb5::2c0",
        "Tag": [
          {
            "colour": "#008a3f",
            "local": false,
            "name": "misp:threat-level=\"high-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T00:23:30.461230+00:00",
        "timestamp": "1776644611",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "fa0edc8d-1df8-4255-8e3d-952ce13631f1",
        "value": "65.49.1.192",
        "Tag": [
          {
            "colour": "#008a3f",
            "local": false,
            "name": "misp:threat-level=\"high-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SERVER Possible SQLi Attempt in User Agent (Inbound)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T04:19:16.372306+00:00",
        "timestamp": "1776658758",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "59bd6fea-6e64-4f2c-8da7-830160ed621c",
        "value": "146.70.198.109",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T06:54:50.322075+00:00",
        "timestamp": "1776668092",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "a2128a9e-b087-422a-8606-a78b35113029",
        "value": "134.185.82.181",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T10:19:08.168704+00:00",
        "timestamp": "1776680349",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "1d7bb080-d6d6-4993-b81c-d1761763954d",
        "value": "65.49.1.108",
        "Tag": [
          {
            "colour": "#008a3f",
            "local": false,
            "name": "misp:threat-level=\"high-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SERVER WEB-PHP phpinfo access",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T17:55:19.882708+00:00",
        "timestamp": "1776707721",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "92a6b149-0c7f-43aa-85dc-b12523c25208",
        "value": "100.27.223.113",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-20T18:23:55.490226+00:00",
        "timestamp": "1776709438",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "2328c5e5-fb7f-4ada-bbef-63c9a59fd135",
        "value": "129.150.44.188",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      }
    ]
  }
}