{ "Event": { "analysis": "1", "date": "2026-03-13", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-03-13", "publish_timestamp": "1773435141", "published": true, "threat_level_id": "3", "timestamp": "1773435140", "uuid": "d6292c9e-e1c1-4697-8a72-3d50562a29bb", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T02:26:34.852902+00:00", "timestamp": "1773368797", "to_ids": true, "type": "ip-src", "uuid": "60d02e7c-0650-4124-9522-deac122372f3", "value": "2001:470:1:c84::18", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T04:00:39.327129+00:00", "timestamp": "1773374445", "to_ids": true, "type": "ip-src", "uuid": "701c140e-cdfa-464f-b36c-f1fca3350f1e", "value": "144.91.109.68", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS Suspicious User-Agent (InfoBot)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T06:29:58.391728+00:00", "timestamp": "1773383400", "to_ids": true, "type": "ip-src", "uuid": "6737b63f-603b-48dc-a611-4e832aa4c543", "value": "34.74.242.206", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN SFTP/FTP Password Exposure via sftp-config.json", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T07:49:17.287040+00:00", "timestamp": "1773388158", "to_ids": true, "type": "ip-src", "uuid": "d7694bd1-613b-4e94-a55f-f52e73a0baad", "value": "2a09:bac5:55ff:1d0f::2e5:74", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request for Visual Studio Code sftp.json - Possible Information Leak", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T07:49:29.892751+00:00", "timestamp": "1773388171", "to_ids": true, "type": "ip-src", "uuid": "330be30f-ef2a-4ba2-97ac-7efba4faf62c", "value": "2a09:bac5:55fc:1d0f::2e5:74", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T11:38:14.222341+00:00", "timestamp": "1773401895", "to_ids": true, "type": "ip-src", "uuid": "df344598-3026-4db5-af61-2efb9a84cd8d", "value": "94.103.87.54", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T12:31:29.481346+00:00", "timestamp": "1773405091", "to_ids": true, "type": "ip-src", "uuid": "f3731f20-f2eb-4304-92c6-6a21d04cad5b", "value": "43.130.141.193", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SERVER ColdFusion componentutils access", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T15:54:11.290139+00:00", "timestamp": "1773417252", "to_ids": true, "type": "ip-src", "uuid": "74cf6760-9b76-40bf-9682-103c54718038", "value": "213.168.248.72", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T15:56:17.457438+00:00", "timestamp": "1773417379", "to_ids": true, "type": "ip-src", "uuid": "90220afb-de35-4817-b7cc-6e4a695b3525", "value": "185.167.96.92", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET USER_AGENTS User-Agent (_TEST_)", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T17:45:06.518378+00:00", "timestamp": "1773423908", "to_ids": true, "type": "ip-src", "uuid": "cb090eb8-7896-4f71-9a5e-3765e74674b2", "value": "43.164.196.57", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T18:53:19.497935+00:00", "timestamp": "1773428001", "to_ids": true, "type": "ip-src", "uuid": "51079c93-fa40-473c-b08d-d61fe340c7d5", "value": "67.213.208.25", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T20:38:24.895126+00:00", "timestamp": "1773434307", "to_ids": true, "type": "ip-src", "uuid": "ba940d71-c544-451d-8fa3-ca051295bacd", "value": "3.70.126.251", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SERVER ColdFusion componentutils access", "deleted": false, "disable_correlation": false, "last_seen": "2026-03-13T20:52:18.654189+00:00", "timestamp": "1773435140", "to_ids": true, "type": "ip-src", "uuid": "7a5d1056-4302-4f7f-a316-d4a4ef83193b", "value": "172.237.117.50", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] } ] } }