{
  "Event": {
    "analysis": "1",
    "date": "2026-05-01",
    "extends_uuid": "",
    "info": "KRVTZ-NET IDS alerts for 2026-05-01",
    "publish_timestamp": "1777668743",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1777668743",
    "uuid": "563ffbb5-30f9-48d0-ab91-a0e795b2f434",
    "Orgc": {
      "name": "Krawczyk Industries Limited",
      "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#00ce5f",
        "local": false,
        "name": "misp:event-type=\"observation\"",
        "relationship_type": ""
      },
      {
        "colour": "#50003a",
        "local": false,
        "name": "kill-chain:Reconnaissance",
        "relationship_type": ""
      },
      {
        "colour": "#009042",
        "local": false,
        "name": "misp:automation-level=\"unsupervised\"",
        "relationship_type": ""
      },
      {
        "colour": "#edbfa2",
        "local": false,
        "name": "type:OSINT', 'osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T00:09:11.472297+00:00",
        "timestamp": "1777594155",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "3bcfa08f-60b6-47a6-9942-67ae32c181e8",
        "value": "2001:470:1:c84::11",
        "Tag": [
          {
            "colour": "#008a3f",
            "local": false,
            "name": "misp:threat-level=\"high-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T00:40:15.503628+00:00",
        "timestamp": "1777596017",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "210c230d-e04c-4ab3-908d-b81aab4133a6",
        "value": "43.164.0.21",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T02:38:10.187096+00:00",
        "timestamp": "1777603093",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "79354a40-6b75-46c9-a435-ad3ab4f94d29",
        "value": "43.162.114.69",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T05:21:04.209933+00:00",
        "timestamp": "1777612866",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "d895219b-2bdd-4eee-ae47-51d6042a38c9",
        "value": "92.112.136.236",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T05:21:28.824806+00:00",
        "timestamp": "1777612890",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "88cdbdfe-e601-4bcb-bd34-f04345feb0f9",
        "value": "46.203.196.147",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T06:45:22.999643+00:00",
        "timestamp": "1777617924",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "af2c3ffe-aa5f-480a-bae3-56376bedd773",
        "value": "43.165.167.69",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T07:55:14.934355+00:00",
        "timestamp": "1777622117",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "98115e70-6472-4f44-abe0-76764e75fb4d",
        "value": "154.6.127.13",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T07:55:39.471230+00:00",
        "timestamp": "1777622141",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "c6a40e93-9ff5-43a8-b8ea-d4b8502bbe31",
        "value": "82.29.229.233",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T07:55:55.976210+00:00",
        "timestamp": "1777622157",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "5d54e596-9a38-4b72-b9c1-f2cb93c06b78",
        "value": "23.95.150.194",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T08:43:34.872357+00:00",
        "timestamp": "1777625016",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "05d6ac00-cfc0-4be3-baed-fef43d04e71e",
        "value": "104.253.81.59",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET INFO Request to Hidden Environment File - Inbound",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T09:23:22.817291+00:00",
        "timestamp": "1777627404",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "59b2f6e5-8765-4bad-bc3b-a0f2d4b6f58a",
        "value": "45.88.138.44",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Naver Webcrawler User-Agent (Naver.me)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T10:48:31.011985+00:00",
        "timestamp": "1777632513",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "47ec09bc-f289-4d11-b98d-ad7432955bce",
        "value": "125.209.235.186",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Naver Webcrawler User-Agent (Naver.me)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T10:48:56.005530+00:00",
        "timestamp": "1777632538",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "a9674da5-ad6b-4eb3-bcb6-35374bf3af72",
        "value": "114.111.32.186",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Naver Webcrawler User-Agent (Naver.me)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T10:49:21.367878+00:00",
        "timestamp": "1777632563",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "4e2b5e80-d069-4873-ad7f-9c0b794d6a23",
        "value": "114.111.32.45",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T16:43:46.134014+00:00",
        "timestamp": "1777653828",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "c1d331c4-1cf7-42b5-9868-d67e7bcafe60",
        "value": "43.161.234.148",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T16:56:50.285949+00:00",
        "timestamp": "1777654612",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "d3d2b8a8-1c17-45db-b155-3f0655952c01",
        "value": "43.161.217.205",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T17:03:34.334105+00:00",
        "timestamp": "1777655016",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "3781a62b-af2f-46b6-bd93-caa1fd70550f",
        "value": "43.165.7.74",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T17:04:50.601189+00:00",
        "timestamp": "1777655094",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "bbc2ca14-0578-45e2-a9af-5a4df96ee83a",
        "value": "43.164.190.124",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T17:47:21.850138+00:00",
        "timestamp": "1777657643",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "4ecf5573-3399-426b-856b-6f59541a597b",
        "value": "46.203.196.247",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T17:47:28.823028+00:00",
        "timestamp": "1777657650",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "4f528710-1fe8-412e-9561-76dcdad2011f",
        "value": "84.247.60.75",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Exabot Webcrawler User Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T17:47:39.778211+00:00",
        "timestamp": "1777657661",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "096b7980-fe0e-4e37-8bae-bf4f46d48828",
        "value": "209.242.202.233",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T18:57:15.343825+00:00",
        "timestamp": "1777661837",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "ae0de4c7-f23d-47ae-a395-c17e6c9cfd36",
        "value": "43.164.197.117",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET USER_AGENTS User-Agent (_TEST_)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T19:09:37.295173+00:00",
        "timestamp": "1777662579",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "8a36d5a0-d679-46b8-87ee-eeecb885b9ea",
        "value": "43.164.192.151",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET HUNTING Suspicious Empty User-Agent",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-05-01T20:52:21.811231+00:00",
        "timestamp": "1777668743",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "588723ab-2cbb-4fa9-b44a-45cdad1e4997",
        "value": "216.73.217.133",
        "Tag": [
          {
            "colour": "#007d3a",
            "local": false,
            "name": "misp:threat-level=\"low-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#50003a",
            "local": false,
            "name": "kill-chain:Reconnaissance",
            "relationship_type": ""
          }
        ]
      }
    ]
  }
}