{ "Event": { "analysis": "1", "date": "2026-04-17", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-04-17", "publish_timestamp": "1776442038", "published": true, "threat_level_id": "3", "timestamp": "1776442034", "uuid": "52e19573-cf07-4e06-bf85-7d14b4b230bd", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-16T23:53:30.555609+00:00", "timestamp": "1776383612", "to_ids": true, "type": "ip-src", "uuid": "12278e45-c798-4faf-a84c-f31f06df7aed", "value": "101.32.49.171", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TGI HUNT gitrepo HTTP Probe", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T03:56:37.436620+00:00", "timestamp": "1776398198", "to_ids": true, "type": "ip-src", "uuid": "eeeb15e1-f2f9-48fb-843f-cb893bba5d3e", "value": "195.164.49.68", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T04:49:23.793942+00:00", "timestamp": "1776401365", "to_ids": true, "type": "ip-src", "uuid": "a918eecd-e979-4306-94cd-ac59c3829e94", "value": "2001:470:1:332::5", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T06:55:51.585412+00:00", "timestamp": "1776408953", "to_ids": true, "type": "ip-src", "uuid": "c757396a-4649-4f09-b0f7-10ee8bf12360", "value": "130.12.180.144", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T07:49:02.576584+00:00", "timestamp": "1776412144", "to_ids": true, "type": "ip-src", "uuid": "76ec102a-60ed-4b07-ae2c-9f7467d9b491", "value": "195.178.110.103", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET MALWARE SysJoker User-Agent Observed", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T08:15:35.344396+00:00", "timestamp": "1776413737", "to_ids": true, "type": "ip-src", "uuid": "b82a986e-8942-4046-a5cd-ac66b36f2388", "value": "66.55.65.52", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET MALWARE Observed Coruna User-Agent (Outbound)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T09:54:42.603641+00:00", "timestamp": "1776419684", "to_ids": true, "type": "ip-src", "uuid": "884a6134-cf5f-4ae8-a608-6f1babd1fd24", "value": "103.213.96.228", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS Joolma Simple File Upload Plugin Remote Code Execution (CVE-2011-5148)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-17T16:07:12.640879+00:00", "timestamp": "1776442034", "to_ids": true, "type": "ip-src", "uuid": "2521aeb2-cf8b-4a3f-8f9b-ef01cc11d915", "value": "23.101.4.52", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] } ] } }