{
  "Event": {
    "analysis": "1",
    "date": "2026-04-13",
    "extends_uuid": "",
    "info": "KRVTZ-NET IDS alerts for 2026-04-13",
    "publish_timestamp": "1776090398",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1776083287",
    "uuid": "684e874a-e143-4927-a9ac-b8cddfc06861",
    "Orgc": {
      "name": "Krawczyk Industries Limited",
      "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#00ce5f",
        "local": false,
        "name": "misp:event-type=\"observation\"",
        "relationship_type": ""
      },
      {
        "colour": "#50003a",
        "local": false,
        "name": "kill-chain:Reconnaissance",
        "relationship_type": ""
      },
      {
        "colour": "#009042",
        "local": false,
        "name": "misp:automation-level=\"unsupervised\"",
        "relationship_type": ""
      },
      {
        "colour": "#edbfa2",
        "local": false,
        "name": "type:OSINT', 'osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "ET INFO Request to Hidden Environment File - Inbound",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T00:06:35.628245+00:00",
        "timestamp": "1776038797",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "b5bd3d8e-616b-4550-94de-06cb5358feb1",
        "value": "185.213.174.123",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET INFO Request to Hidden Environment File - Inbound",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T00:35:17.204907+00:00",
        "timestamp": "1776040518",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "26bfead6-8ed3-4751-937a-2b1051c56edb",
        "value": "31.184.236.8",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Naver Webcrawler User-Agent (Naver.me)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T04:32:40.538810+00:00",
        "timestamp": "1776054762",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "7f5f524f-6e5a-4ef1-9702-800927f2d4bc",
        "value": "125.209.235.172",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET SCAN Naver Webcrawler User-Agent (Naver.me)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T04:34:15.092811+00:00",
        "timestamp": "1776054857",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "30d2375d-4089-434c-afce-71a94ccf1952",
        "value": "110.93.150.88",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T04:43:25.239686+00:00",
        "timestamp": "1776055407",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "6db15800-7f9e-4ccb-a309-f67e6c50d44d",
        "value": "143.110.245.106",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T06:00:37.571639+00:00",
        "timestamp": "1776060042",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "a4414192-8ca2-48d4-8738-89c9428e6834",
        "value": "139.59.76.102",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T06:16:45.558748+00:00",
        "timestamp": "1776061007",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "74715328-5805-44e5-9b38-a7b29b2b6be1",
        "value": "2a02:4780:5e:80b5::1",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T06:24:21.400286+00:00",
        "timestamp": "1776061462",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "1c850cde-c41c-45f8-8243-dbced7baa03e",
        "value": "88.80.135.10",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T06:32:15.285927+00:00",
        "timestamp": "1776061936",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "90346f34-8cce-4f6b-b308-c86a95dc4a49",
        "value": "2a02:4780:5e:a902::1",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T06:37:04.037098+00:00",
        "timestamp": "1776062225",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "0c0b6dac-f181-4193-8c0f-488b2b2d4307",
        "value": "2a02:4780:5e:af69::1",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T06:51:09.528205+00:00",
        "timestamp": "1776063070",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "fe910cb4-7efe-4384-98b2-34b2fd9c0849",
        "value": "20.0.138.86",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T08:59:07.491806+00:00",
        "timestamp": "1776070748",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "1e91fb38-e819-45e1-ab80-7bbc6b7df8f2",
        "value": "2a02:4780:5e:d2e0::1",
        "Tag": [
          {
            "colour": "#00833c",
            "local": false,
            "name": "misp:threat-level=\"medium-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)",
        "deleted": false,
        "disable_correlation": false,
        "last_seen": "2026-04-13T12:28:05.344232+00:00",
        "timestamp": "1776083287",
        "to_ids": true,
        "type": "ip-src",
        "uuid": "40939170-3462-40c8-ae95-6a444fd457ad",
        "value": "65.49.20.68",
        "Tag": [
          {
            "colour": "#008a3f",
            "local": false,
            "name": "misp:threat-level=\"high-risk\"",
            "relationship_type": ""
          },
          {
            "colour": "#a80079",
            "local": false,
            "name": "kill-chain:Exploitation",
            "relationship_type": ""
          }
        ]
      }
    ]
  }
}