{ "Event": { "analysis": "1", "date": "2026-04-30", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-04-30", "publish_timestamp": "1777572900", "published": true, "threat_level_id": "3", "timestamp": "1777572900", "uuid": "096a3ffb-66fc-42cc-8038-cbeb2acdee6f", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T00:36:50.900559+00:00", "timestamp": "1777509412", "to_ids": true, "type": "ip-src", "uuid": "3b75a4b7-a29f-4684-bae7-ef25c793fa4a", "value": "18.169.25.68", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T00:53:30.689861+00:00", "timestamp": "1777510412", "to_ids": true, "type": "ip-src", "uuid": "6c4b9164-7af7-49df-9dff-4643e3d90082", "value": "2001:470:1:332::157", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T00:56:44.427189+00:00", "timestamp": "1777510606", "to_ids": true, "type": "ip-src", "uuid": "cf568972-97ed-432a-bd6c-82325369a24e", "value": "51.158.204.247", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Exabot Webcrawler User Agent", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T00:59:39.013676+00:00", "timestamp": "1777510780", "to_ids": true, "type": "ip-src", "uuid": "dff2b098-40cd-470a-bbfd-413073e946e4", "value": "31.57.42.39", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Exabot Webcrawler User Agent", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T00:59:51.068552+00:00", "timestamp": "1777510792", "to_ids": true, "type": "ip-src", "uuid": "1745516f-ac03-4b3b-99d8-fde4aebe940b", "value": "104.239.37.203", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T01:28:51.652684+00:00", "timestamp": "1777512533", "to_ids": true, "type": "ip-src", "uuid": "98a6c7b6-f118-4b5a-95d7-4aa4aa90e7bd", "value": "216.26.228.196", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T01:43:47.941138+00:00", "timestamp": "1777513430", "to_ids": true, "type": "ip-src", "uuid": "dc2e0b4e-fded-4dfe-a6d5-1ead6f2ef9fe", "value": "45.88.138.51", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Exabot Webcrawler User Agent", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T02:47:37.660812+00:00", "timestamp": "1777517259", "to_ids": true, "type": "ip-src", "uuid": "a2d21468-0b9a-4328-8efc-827680dbaba1", "value": "82.26.245.217", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T05:12:29.467432+00:00", "timestamp": "1777525950", "to_ids": true, "type": "ip-src", "uuid": "e8945c9c-2fc4-4449-b9ff-c0599da8b279", "value": "45.3.47.63", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TGI HUNT gitrepo HTTP Probe", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T14:25:59.363626+00:00", "timestamp": "1777559161", "to_ids": true, "type": "ip-src", "uuid": "f54acc7d-1f87-4366-92cf-4a07e4bbd7c6", "value": "45.11.248.97", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T16:36:39.000872+00:00", "timestamp": "1777567001", "to_ids": true, "type": "ip-src", "uuid": "ea16b8a7-c99f-4e1e-ab23-83b189d93fed", "value": "43.160.219.138", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Exabot Webcrawler User Agent", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T18:02:18.525858+00:00", "timestamp": "1777572139", "to_ids": true, "type": "ip-src", "uuid": "c711d098-c974-41ff-857e-9d31e844b919", "value": "166.88.169.36", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-30T18:14:57.901088+00:00", "timestamp": "1777572899", "to_ids": true, "type": "ip-src", "uuid": "2a903008-93c3-4436-b4a2-5d4ee293f124", "value": "65.111.14.56", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] } ] } }