{ "Event": { "analysis": "1", "date": "2026-03-27", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-03-27", "publish_timestamp": "1774630153", "published": true, "threat_level_id": "3", "timestamp": "1774630153", "uuid": "bdd34a3d-476b-4ded-9ab7-14efd69cbf2b", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T00:52:19.831885+00:00", "timestamp": "1774572741", "to_ids": true, "type": "ip-src", "uuid": "8ddb4b1c-c9f5-4825-b010-1fa7ab256f0c", "value": "2001:470:2cc:1:959:28a6:e155:b4f2", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS Joolma Simple File Upload Plugin Remote Code Execution (CVE-2011-5148)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T01:14:23.066193+00:00", "timestamp": "1774574064", "to_ids": true, "type": "ip-src", "uuid": "d5613914-53a3-485d-918e-fa8367b3b59f", "value": "20.100.177.179", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T03:57:15.894682+00:00", "timestamp": "1774583837", "to_ids": true, "type": "ip-src", "uuid": "f6e1d076-3c53-40a5-816e-0e7f3ce384c7", "value": "2001:470:1:fb5:2d38:c982:3ce0:2ab7", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET COINMINER Possible BitCoin Miner User-Agent (miner)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T04:06:03.288874+00:00", "timestamp": "1774584364", "to_ids": true, "type": "ip-src", "uuid": "65addca8-6acf-454a-96f8-ccf71078caa4", "value": "99.179.145.222", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T08:57:29.095688+00:00", "timestamp": "1774601850", "to_ids": true, "type": "ip-src", "uuid": "c89ed251-e5f5-4cbb-8a66-4312ae4a4194", "value": "20.28.209.17", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Naver Webcrawler User-Agent (Naver.me)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T09:01:46.242015+00:00", "timestamp": "1774602107", "to_ids": true, "type": "ip-src", "uuid": "7b46429d-a961-4142-84a8-f26cb7af3c61", "value": "125.209.235.179", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS Joolma Simple File Upload Plugin Remote Code Execution (CVE-2011-5148)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T09:11:18.894612+00:00", "timestamp": "1774602680", "to_ids": true, "type": "ip-src", "uuid": "96525ea0-920f-4a36-a87c-f15f4416f74c", "value": "20.151.201.236", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T09:52:38.098379+00:00", "timestamp": "1774605159", "to_ids": true, "type": "ip-src", "uuid": "38c8d890-c192-4857-83a7-bcf08b9f4a12", "value": "132.196.91.16", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-27T16:49:11.512219+00:00", "timestamp": "1774630153", "to_ids": true, "type": "ip-src", "uuid": "a6dd3175-96c1-44ee-b8d6-7c2ad1fdac50", "value": "45.84.222.18", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] } ] } }