{ "Event": { "analysis": "1", "date": "2026-04-03", "extends_uuid": "", "info": "KRVTZ-NET IDS alerts for 2026-04-03", "publish_timestamp": "1775255918", "published": true, "threat_level_id": "3", "timestamp": "1775255906", "uuid": "d94d0ee5-923f-4ee2-a9bb-6daff7c10daf", "Orgc": { "name": "Krawczyk Industries Limited", "uuid": "593e9fc8-be28-4cb2-a79b-43f8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#00ce5f", "local": false, "name": "misp:event-type=\"observation\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#009042", "local": false, "name": "misp:automation-level=\"unsupervised\"", "relationship_type": "" }, { "colour": "#edbfa2", "local": false, "name": "type:OSINT', 'osint:lifetime=\"perpetual\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-02T23:30:54.304080+00:00", "timestamp": "1775172656", "to_ids": true, "type": "ip-src", "uuid": "238159be-e089-4d1c-ad8f-c21c2dce9089", "value": "2a09:bac1:36c0::2a6:16", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Web shell hunting (banned): /.well-known/link.php", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T00:44:37.935070+00:00", "timestamp": "1775177079", "to_ids": true, "type": "ip-src", "uuid": "9dbb3ae2-3851-4294-9a7b-b0053a50f5d0", "value": "20.220.210.206", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T04:09:24.979777+00:00", "timestamp": "1775189366", "to_ids": true, "type": "ip-src", "uuid": "dc0a421f-cd40-426b-a712-b381dbc1c873", "value": "2001:ac8:27:9:a433:b507:f1b8:5d05", "Tag": [ { "colour": "#007d3a", "local": false, "name": "misp:threat-level=\"low-risk\"", "relationship_type": "" }, { "colour": "#50003a", "local": false, "name": "kill-chain:Reconnaissance", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T05:28:40.618670+00:00", "timestamp": "1775194122", "to_ids": true, "type": "ip-src", "uuid": "d12d240a-ab1b-4352-a323-51855f6c059c", "value": "2001:470:2cc:1:5b75:1a53:224:17ed", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T06:15:12.128294+00:00", "timestamp": "1775196913", "to_ids": true, "type": "ip-src", "uuid": "56605485-cfd9-40c4-a8fe-c451b9a2ea92", "value": "2001:470:1:fb5:24bd:e33d:65e1:3520", "Tag": [ { "colour": "#008a3f", "local": false, "name": "misp:threat-level=\"high-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T11:23:16.119041+00:00", "timestamp": "1775215397", "to_ids": true, "type": "ip-src", "uuid": "060929f8-d5d6-465d-9aae-211dcfd65ec8", "value": "206.85.129.143", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T17:33:50.831895+00:00", "timestamp": "1775237632", "to_ids": true, "type": "ip-src", "uuid": "50812dc8-9e4d-408e-ae52-636c52c88f48", "value": "2001:19f0:6000:92a3:5400:6ff:fe06:2bea", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T18:25:08.191018+00:00", "timestamp": "1775240710", "to_ids": true, "type": "ip-src", "uuid": "e918a3af-a7a2-4c85-9742-e3cc95665ff0", "value": "65.21.108.15", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T19:50:46.018591+00:00", "timestamp": "1775245847", "to_ids": true, "type": "ip-src", "uuid": "5b1a950b-9811-477c-8967-d30a0e0221b9", "value": "185.177.72.31", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ET INFO Request to Hidden Environment File - Inbound", "deleted": false, "disable_correlation": false, "last_seen": "2026-04-03T22:38:23.881920+00:00", "timestamp": "1775255906", "to_ids": true, "type": "ip-src", "uuid": "3a3053af-6c26-4f01-805c-9c7a955fa807", "value": "201.42.31.74", "Tag": [ { "colour": "#00833c", "local": false, "name": "misp:threat-level=\"medium-risk\"", "relationship_type": "" }, { "colour": "#a80079", "local": false, "name": "kill-chain:Exploitation", "relationship_type": "" } ] } ] } }