techhelplist

## rdp-attackers-7-days-20200601.txt
# report generated Mon Jun  1 07:30:02 MDT 2020
# timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-05-25T13:30Z		172.107.162.74		ADMINISTRATOR
2020-05-25T13:30Z		185.202.1.131		CLAIR
2020-05-25T13:30Z		185.202.1.132		RIGOBERTO
2020-05-25T13:30Z		185.202.1.136		CHANG
2020-05-25T13:30Z		185.202.1.136		ZACHARIAH
2020-05-25T13:30Z		185.202.1.152		MSHCW
2020-05-25T13:30Z		185.202.1.152		MYSQL_ZKEYS
2020-05-25T13:30Z		185.202.1.159		ENQUIRIES

## rdp-attackers-7-days-20200525.txt
2020-05-18T13:30		141.98.83.40		AA123456
2020-05-18T13:30		185.153.197.2		ADMINISTRATOR
2020-05-18T13:30		185.153.199.131		FOLDER
2020-05-18T13:30		185.153.199.131		FRONT
2020-05-18T13:30		185.202.1.119		EDITOR
2020-05-18T13:30		185.202.1.129		TERRANCE
2020-05-18T13:30		185.202.1.131		JAY
2020-05-18T13:30		185.202.1.131		JIM
2020-05-18T13:30		185.202.1.133		DERRICK
2020-05-18T13:30		185.202.1.135		ANDY

## rdpers-ms-only-18may2020.txt
2020-05-12T04:42:04.875Z		104.208.242.187		admin
2020-05-12T08:12:43.373Z		104.208.242.187		admin
2020-05-12T14:13:51.253Z		104.208.242.187		admin
2020-05-12T10:55:25.028Z		104.208.242.187		admin
2020-05-12T18:14:05.394Z		104.208.242.187		admin
2020-05-12T02:38:30.820Z		104.208.242.187		admin
2020-05-12T05:13:36.554Z		104.208.242.187		admin
2020-05-12T02:08:12.755Z		104.208.242.187		admin
2020-05-11T13:43:53.269Z		104.208.242.187		admin
2020-05-11T16:16:18.505Z		104.208.242.187		admin

## rdp-attackers-7-days-20200518.txt
#report generated Mon May 18 07:30:01 MDT 2020
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-05-11T13:30Z		137.117.13.132		admin
2020-05-11T13:30Z		168.63.203.102		admin
2020-05-11T13:30Z		176.113.115.46		IADMIN_18
2020-05-11T13:30Z		180.180.245.245		ADMINISTRATOR
2020-05-11T13:30Z		185.202.1.119		MASTER
2020-05-11T13:30Z		185.202.1.119		TURNOS
2020-05-11T13:30Z		185.202.1.132		ADMINISTRATOR
2020-05-11T13:30Z		185.202.1.229		AVS

## rdp-attackers-7-days-20200511.txt
#report generated Mon May 11 07:30:01 MDT 2020
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-05-11T00:30:45.744Z		213.202.233.217		orders
2020-05-11T00:30:23.041Z		213.202.233.217		michelle
2020-05-06T20:42:47.156Z		91.241.19.25		THIS
2020-05-11T00:30:34.351Z		213.202.233.217		operator
2020-05-11T00:30:33.598Z		185.202.0.7		MATCH
2020-05-06T12:42:30.939Z		45.141.87.10		ADMINISTRATOR
2020-05-11T00:27:47.904Z		185.202.1.150		STA
2020-05-11T00:31:01.134Z		185.202.1.235		TSOFT

## rdp-attackers-7-days-20200504.txt
#report generated Mon May  4 07:30:01 MDT 2020
#timestamp       	IpAddress     		TargetUserName
2020-04-27T13:30Z	190.0.1.90		ADMINISTRATOR
2020-04-27T13:30Z	190.0.1.90		USER
2020-04-27T13:30Z	194.61.24.121		RECEPTION
2020-04-27T13:30Z	194.61.24.121		STEPHANIE
2020-04-27T13:30Z	212.92.105.227		IDAMEMBERSERVICES
2020-04-27T13:30Z	212.92.105.227		NEIGHBORS
2020-04-27T13:30Z	212.92.105.227		SEGURIDAD
2020-04-27T13:30Z	212.92.106.126		HASKELLANDREW

## rdp-attackers-7-days-20200427.txt
#report generated Mon Apr 27 07:30:01 MDT 2020
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-04-21T08:15:06.474Z		45.141.84.89		administrador
2020-04-21T08:15:36.462Z		185.209.0.107		ADRAIN
2020-04-20T14:57:08.655Z		185.209.0.15		ADMINISTRATOR
2020-04-20T15:49:52.408Z		185.202.1.81		administrator
2020-04-21T08:15:12.438Z		185.202.1.128		TRACI
2020-04-20T15:49:54.587Z		185.202.1.128		LACEY
2020-04-20T14:57:17.255Z		185.209.0.85		ADMINISTRATOR
2020-04-23T19:40:32.130Z		37.115.185.171		Administrator

## rdp-attackers-7-days-20200420.txt
#report generated Mon Apr 20 07:30:01 MDT 2020

2020-04-13T13Z	103.25.196.51		ADMINISTRATOR
2020-04-13T13Z	106.54.233.169		ADMINISTRATOR
2020-04-13T13Z	109.228.50.55		ADMINISTRATOR
2020-04-13T13Z	118.218.82.86		ADMINISTRATOR
2020-04-13T13Z	119.75.44.106		LFOWLER
2020-04-13T13Z	119.75.44.106		MCUDIAMAT
2020-04-13T13Z	12.49.43.181		ADMINISTRATOR
2020-04-13T13Z	12.49.43.182		ADMINISTRATOR

## googleapis-phishes-17apr2020.txt

93 phishes, 1 adwind malware

https://firebasestorage.googleapis.com/v0/b/website-36d25.appspot.com/o/PO_RFQ_1407000525xlsx.jar?alt=media&token=bd527770-a983-4990-b45a-d690eef9f3ab

https://firebasestorage.googleapis.com/v0/b/aabb-d6079.appspot.com/o/dio.htm?alt=media&token=23968cac-8f9b-4150-a883-c8cbe30228b6
https://firebasestorage.googleapis.com/v0/b/aller-92d5b.appspot.com/o/ays.htm?alt=media&token=71382c31-ec6a-4f39-a99a-44cae586639b
https://firebasestorage.googleapis.com/v0/b/app-mic038930020sever.appspot.com/o/index.html?alt=media&token=0c73e36b-9e2c-4aac-95c9-d2c1b444c57a
https://firebasestorage.googleapis.com/v0/b/app00008589.appspot.com/o/index.html?alt=media&token=d330103f-d6bb-415b-a86b-cee8eed4802f
https://firebasestorage.googleapis.com/v0/b/app101-75709.appspot.com/o/en.htm?alt=media&token=d8e9c0ed-cc85-46e0-94e4-8b2e4fc5c14d

## iot-malware-2020-04-16-a.txt
http://37.49.226.127/Cipher.sh
http://37.49.226.127/mips
http://37.49.226.127/mipsel
http://37.49.226.127/sh4
http://37.49.226.127/x86
http://37.49.226.127/arm7
http://37.49.226.127/arm6
http://37.49.226.127/i686
http://37.49.226.127/i586
http://37.49.226.127/m68k
	# report generated Mon Jun 1 07:30:02 MDT 2020
	# timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-05-25T13:30Z 172.107.162.74 ADMINISTRATOR
	2020-05-25T13:30Z 185.202.1.131 CLAIR
	2020-05-25T13:30Z 185.202.1.132 RIGOBERTO
	2020-05-25T13:30Z 185.202.1.136 CHANG
	2020-05-25T13:30Z 185.202.1.136 ZACHARIAH
	2020-05-25T13:30Z 185.202.1.152 MSHCW
	2020-05-25T13:30Z 185.202.1.152 MYSQL_ZKEYS
	2020-05-25T13:30Z 185.202.1.159 ENQUIRIES
	2020-05-18T13:30 141.98.83.40 AA123456
	2020-05-18T13:30 185.153.197.2 ADMINISTRATOR
	2020-05-18T13:30 185.153.199.131 FOLDER
	2020-05-18T13:30 185.153.199.131 FRONT
	2020-05-18T13:30 185.202.1.119 EDITOR
	2020-05-18T13:30 185.202.1.129 TERRANCE
	2020-05-18T13:30 185.202.1.131 JAY
	2020-05-18T13:30 185.202.1.131 JIM
	2020-05-18T13:30 185.202.1.133 DERRICK
	2020-05-18T13:30 185.202.1.135 ANDY
	2020-05-12T04:42:04.875Z 104.208.242.187 admin
	2020-05-12T08:12:43.373Z 104.208.242.187 admin
	2020-05-12T14:13:51.253Z 104.208.242.187 admin
	2020-05-12T10:55:25.028Z 104.208.242.187 admin
	2020-05-12T18:14:05.394Z 104.208.242.187 admin
	2020-05-12T02:38:30.820Z 104.208.242.187 admin
	2020-05-12T05:13:36.554Z 104.208.242.187 admin
	2020-05-12T02:08:12.755Z 104.208.242.187 admin
	2020-05-11T13:43:53.269Z 104.208.242.187 admin
	2020-05-11T16:16:18.505Z 104.208.242.187 admin
	#report generated Mon May 18 07:30:01 MDT 2020
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-05-11T13:30Z 137.117.13.132 admin
	2020-05-11T13:30Z 168.63.203.102 admin
	2020-05-11T13:30Z 176.113.115.46 IADMIN_18
	2020-05-11T13:30Z 180.180.245.245 ADMINISTRATOR
	2020-05-11T13:30Z 185.202.1.119 MASTER
	2020-05-11T13:30Z 185.202.1.119 TURNOS
	2020-05-11T13:30Z 185.202.1.132 ADMINISTRATOR
	2020-05-11T13:30Z 185.202.1.229 AVS
	#report generated Mon May 11 07:30:01 MDT 2020
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-05-11T00:30:45.744Z 213.202.233.217 orders
	2020-05-11T00:30:23.041Z 213.202.233.217 michelle
	2020-05-06T20:42:47.156Z 91.241.19.25 THIS
	2020-05-11T00:30:34.351Z 213.202.233.217 operator
	2020-05-11T00:30:33.598Z 185.202.0.7 MATCH
	2020-05-06T12:42:30.939Z 45.141.87.10 ADMINISTRATOR
	2020-05-11T00:27:47.904Z 185.202.1.150 STA
	2020-05-11T00:31:01.134Z 185.202.1.235 TSOFT
	#report generated Mon May 4 07:30:01 MDT 2020
	#timestamp IpAddress TargetUserName
	2020-04-27T13:30Z 190.0.1.90 ADMINISTRATOR
	2020-04-27T13:30Z 190.0.1.90 USER
	2020-04-27T13:30Z 194.61.24.121 RECEPTION
	2020-04-27T13:30Z 194.61.24.121 STEPHANIE
	2020-04-27T13:30Z 212.92.105.227 IDAMEMBERSERVICES
	2020-04-27T13:30Z 212.92.105.227 NEIGHBORS
	2020-04-27T13:30Z 212.92.105.227 SEGURIDAD
	2020-04-27T13:30Z 212.92.106.126 HASKELLANDREW
	#report generated Mon Apr 27 07:30:01 MDT 2020
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-04-21T08:15:06.474Z 45.141.84.89 administrador
	2020-04-21T08:15:36.462Z 185.209.0.107 ADRAIN
	2020-04-20T14:57:08.655Z 185.209.0.15 ADMINISTRATOR
	2020-04-20T15:49:52.408Z 185.202.1.81 administrator
	2020-04-21T08:15:12.438Z 185.202.1.128 TRACI
	2020-04-20T15:49:54.587Z 185.202.1.128 LACEY
	2020-04-20T14:57:17.255Z 185.209.0.85 ADMINISTRATOR
	2020-04-23T19:40:32.130Z 37.115.185.171 Administrator
	#report generated Mon Apr 20 07:30:01 MDT 2020

	2020-04-13T13Z 103.25.196.51 ADMINISTRATOR
	2020-04-13T13Z 106.54.233.169 ADMINISTRATOR
	2020-04-13T13Z 109.228.50.55 ADMINISTRATOR
	2020-04-13T13Z 118.218.82.86 ADMINISTRATOR
	2020-04-13T13Z 119.75.44.106 LFOWLER
	2020-04-13T13Z 119.75.44.106 MCUDIAMAT
	2020-04-13T13Z 12.49.43.181 ADMINISTRATOR
	2020-04-13T13Z 12.49.43.182 ADMINISTRATOR

	93 phishes, 1 adwind malware

	https://firebasestorage.googleapis.com/v0/b/website-36d25.appspot.com/o/PO_RFQ_1407000525xlsx.jar?alt=media&token=bd527770-a983-4990-b45a-d690eef9f3ab

	https://firebasestorage.googleapis.com/v0/b/aabb-d6079.appspot.com/o/dio.htm?alt=media&token=23968cac-8f9b-4150-a883-c8cbe30228b6
	https://firebasestorage.googleapis.com/v0/b/aller-92d5b.appspot.com/o/ays.htm?alt=media&token=71382c31-ec6a-4f39-a99a-44cae586639b
	https://firebasestorage.googleapis.com/v0/b/app-mic038930020sever.appspot.com/o/index.html?alt=media&token=0c73e36b-9e2c-4aac-95c9-d2c1b444c57a
	https://firebasestorage.googleapis.com/v0/b/app00008589.appspot.com/o/index.html?alt=media&token=d330103f-d6bb-415b-a86b-cee8eed4802f
	https://firebasestorage.googleapis.com/v0/b/app101-75709.appspot.com/o/en.htm?alt=media&token=d8e9c0ed-cc85-46e0-94e4-8b2e4fc5c14d
	http://37.49.226.127/Cipher.sh
	http://37.49.226.127/mips
	http://37.49.226.127/mipsel
	http://37.49.226.127/sh4
	http://37.49.226.127/x86
	http://37.49.226.127/arm7
	http://37.49.226.127/arm6
	http://37.49.226.127/i686
	http://37.49.226.127/i586
	http://37.49.226.127/m68k