{ "Event": { "analysis": "1", "date": "2026-05-19", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-05-19", "publish_timestamp": "1779229146", "published": true, "threat_level_id": "3", "timestamp": "1779229146", "uuid": "d5a1fc6c-990a-4fc4-84f8-fb5bc35116a1", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T02:01:58.707982+00:00", "timestamp": "1779156120", "to_ids": true, "type": "ip-src", "uuid": "5f511430-d94f-4445-8361-3b38f3f144be", "value": "13.211.173.34", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T02:44:21.881088+00:00", "timestamp": "1779158663", "to_ids": true, "type": "ip-src", "uuid": "754ed28e-022e-4631-9306-42688f06cc53", "value": "13.235.50.187", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T02:51:06.017396+00:00", "timestamp": "1779159068", "to_ids": true, "type": "ip-src", "uuid": "7a04c735-3442-4cdf-a6c2-e50a12090d25", "value": "64.62.156.172", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T03:35:58.722863+00:00", "timestamp": "1779161760", "to_ids": true, "type": "ip-src", "uuid": "18208a52-6342-467d-b39f-0fe24359f1d7", "value": "5.255.126.112", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T05:10:40.271511+00:00", "timestamp": "1779167441", "to_ids": true, "type": "ip-src", "uuid": "390bc67d-7a32-4362-9f75-8aef400f3b4f", "value": "172.245.66.3", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET COINMINER Possible BitCoin Miner User-Agent (miner)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T06:58:21.768137+00:00", "timestamp": "1779173903", "to_ids": true, "type": "ip-src", "uuid": "269bfeb8-e76c-402f-a8a5-79af29e5c7c1", "value": "148.113.197.72", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Exabot Webcrawler User Agent", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T07:11:42.359611+00:00", "timestamp": "1779174704", "to_ids": true, "type": "ip-src", "uuid": "12476eb4-2d9f-4844-9edf-4d69e5f7ab4e", "value": "104.232.209.39", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T13:24:55.744845+00:00", "timestamp": "1779197097", "to_ids": true, "type": "ip-src", "uuid": "b911329e-97bf-42c4-a955-b9201b102cef", "value": "2602:fb54:9a0::", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T13:34:06.788267+00:00", "timestamp": "1779197648", "to_ids": true, "type": "ip-src", "uuid": "a4421468-eb2c-4860-9c19-4726096aeb71", "value": "2602:fb54:1400::172", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T16:24:52.591693+00:00", "timestamp": "1779207894", "to_ids": true, "type": "ip-src", "uuid": "d8fc445e-85ad-4176-b172-68ba7398fc8b", "value": "5.255.124.156", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T16:29:28.491630+00:00", "timestamp": "1779208170", "to_ids": true, "type": "ip-src", "uuid": "532141a0-7c9b-4a00-83d1-1d3e623122f9", "value": "2602:fb54:9a3::", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS Joolma Simple File Upload Plugin Remote Code Execution (CVE-2011-5148)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T17:17:49.277147+00:00", "timestamp": "1779211070", "to_ids": true, "type": "ip-src", "uuid": "b04ec550-74a7-4676-a4c1-e963b452d78e", "value": "212.30.37.108", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T19:01:59.041243+00:00", "timestamp": "1779217321", "to_ids": true, "type": "ip-src", "uuid": "760db624-f9c6-4d04-b16b-4fcc0c71c6a2", "value": "185.153.151.165", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET HUNTING curl User-Agent to Dotted Quad", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T21:22:06.647290+00:00", "timestamp": "1779225728", "to_ids": true, "type": "ip-src", "uuid": "dc72012c-4e8a-4995-a4f2-d95d075080eb", "value": "47.84.115.39", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:00:33.809087+00:00", "timestamp": "1779228038", "to_ids": true, "type": "ip-src", "uuid": "71624450-1383-4cac-979b-410a486953f0", "value": "43.165.4.2", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:03:50.592911+00:00", "timestamp": "1779228232", "to_ids": true, "type": "ip-src", "uuid": "f72a8369-eb62-47ab-b360-a6d2994cd3c0", "value": "43.165.167.72", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:04:53.909983+00:00", "timestamp": "1779228295", "to_ids": true, "type": "ip-src", "uuid": "df4e95fd-6f00-4389-99e5-2c994dac8b86", "value": "43.163.104.54", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:05:28.592861+00:00", "timestamp": "1779228330", "to_ids": true, "type": "ip-src", "uuid": "12824a38-7d4c-49f7-a638-680021950779", "value": "43.165.125.66", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:07:05.719880+00:00", "timestamp": "1779228427", "to_ids": true, "type": "ip-src", "uuid": "f43f061b-3af8-4e81-b5c3-63de74b450bd", "value": "43.164.194.198", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:07:12.531438+00:00", "timestamp": "1779228434", "to_ids": true, "type": "ip-src", "uuid": "9914bc0c-9266-4e44-8f6f-0327df511fd4", "value": "101.33.81.73", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:11:17.483534+00:00", "timestamp": "1779228679", "to_ids": true, "type": "ip-src", "uuid": "5410093c-8839-4d1c-9d2b-e2382ce69de8", "value": "43.131.26.226", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:11:21.663215+00:00", "timestamp": "1779228683", "to_ids": true, "type": "ip-src", "uuid": "ff444076-a0b9-4da9-881e-e2e8d6c3e118", "value": "43.164.3.23", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:12:46.904497+00:00", "timestamp": "1779228769", "to_ids": true, "type": "ip-src", "uuid": "f165996b-c889-4d98-8f7f-a08bfa897fff", "value": "43.157.20.63", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:15:45.736277+00:00", "timestamp": "1779228947", "to_ids": true, "type": "ip-src", "uuid": "fea95288-0368-4845-a699-52f075e4def3", "value": "43.164.133.138", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:16:41.068476+00:00", "timestamp": "1779229003", "to_ids": true, "type": "ip-src", "uuid": "c341941c-39c0-4c04-913e-851864017047", "value": "43.132.214.228", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-05-19T22:19:04.274835+00:00", "timestamp": "1779229146", "to_ids": true, "type": "ip-src", "uuid": "84d929f5-b559-4391-bf21-c2c073088299", "value": "150.109.46.88", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] } ] } }