techhelplist

## rdp-attackers-december2019-a.txt
#report generated Mon Dec  2 07:30:01 MST 2019
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-11-25T14:30Z		104.238.162.111		ADMINISTRATOR
2019-11-25T14:30Z		185.156.177.119		QAAZURE
2019-11-25T14:30Z		185.209.0.15		TSYSEVADMIN
2019-11-25T14:30Z		185.209.0.22		TLCADMIN
2019-11-25T14:30Z		185.209.0.28		VANTAGEADMIN
2019-11-25T14:30Z		185.209.0.29		KMFADMIN
2019-11-25T14:30Z		185.209.0.29		MCCAULEYADMIN
2019-11-25T14:30Z		185.209.0.30		ATIADMIN

## iot-malware-2020-04-16-a.txt
http://37.49.226.127/Cipher.sh
http://37.49.226.127/mips
http://37.49.226.127/mipsel
http://37.49.226.127/sh4
http://37.49.226.127/x86
http://37.49.226.127/arm7
http://37.49.226.127/arm6
http://37.49.226.127/i686
http://37.49.226.127/i586
http://37.49.226.127/m68k

## rdp-attackers-7-days-20200601.txt
# report generated Mon Jun  1 07:30:02 MDT 2020
# timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-05-25T13:30Z		172.107.162.74		ADMINISTRATOR
2020-05-25T13:30Z		185.202.1.131		CLAIR
2020-05-25T13:30Z		185.202.1.132		RIGOBERTO
2020-05-25T13:30Z		185.202.1.136		CHANG
2020-05-25T13:30Z		185.202.1.136		ZACHARIAH
2020-05-25T13:30Z		185.202.1.152		MSHCW
2020-05-25T13:30Z		185.202.1.152		MYSQL_ZKEYS
2020-05-25T13:30Z		185.202.1.159		ENQUIRIES

## rdp-attackers-7-days-20200525.txt
2020-05-18T13:30		141.98.83.40		AA123456
2020-05-18T13:30		185.153.197.2		ADMINISTRATOR
2020-05-18T13:30		185.153.199.131		FOLDER
2020-05-18T13:30		185.153.199.131		FRONT
2020-05-18T13:30		185.202.1.119		EDITOR
2020-05-18T13:30		185.202.1.129		TERRANCE
2020-05-18T13:30		185.202.1.131		JAY
2020-05-18T13:30		185.202.1.131		JIM
2020-05-18T13:30		185.202.1.133		DERRICK
2020-05-18T13:30		185.202.1.135		ANDY

## rdpers-ms-only-18may2020.txt
2020-05-12T04:42:04.875Z		104.208.242.187		admin
2020-05-12T08:12:43.373Z		104.208.242.187		admin
2020-05-12T14:13:51.253Z		104.208.242.187		admin
2020-05-12T10:55:25.028Z		104.208.242.187		admin
2020-05-12T18:14:05.394Z		104.208.242.187		admin
2020-05-12T02:38:30.820Z		104.208.242.187		admin
2020-05-12T05:13:36.554Z		104.208.242.187		admin
2020-05-12T02:08:12.755Z		104.208.242.187		admin
2020-05-11T13:43:53.269Z		104.208.242.187		admin
2020-05-11T16:16:18.505Z		104.208.242.187		admin

## rdp-attackers-7-days-20200518.txt
#report generated Mon May 18 07:30:01 MDT 2020
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-05-11T13:30Z		137.117.13.132		admin
2020-05-11T13:30Z		168.63.203.102		admin
2020-05-11T13:30Z		176.113.115.46		IADMIN_18
2020-05-11T13:30Z		180.180.245.245		ADMINISTRATOR
2020-05-11T13:30Z		185.202.1.119		MASTER
2020-05-11T13:30Z		185.202.1.119		TURNOS
2020-05-11T13:30Z		185.202.1.132		ADMINISTRATOR
2020-05-11T13:30Z		185.202.1.229		AVS

## rdp-attackers-7-days-20200511.txt
#report generated Mon May 11 07:30:01 MDT 2020
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-05-11T00:30:45.744Z		213.202.233.217		orders
2020-05-11T00:30:23.041Z		213.202.233.217		michelle
2020-05-06T20:42:47.156Z		91.241.19.25		THIS
2020-05-11T00:30:34.351Z		213.202.233.217		operator
2020-05-11T00:30:33.598Z		185.202.0.7		MATCH
2020-05-06T12:42:30.939Z		45.141.87.10		ADMINISTRATOR
2020-05-11T00:27:47.904Z		185.202.1.150		STA
2020-05-11T00:31:01.134Z		185.202.1.235		TSOFT

## rdp-attackers-7-days-20200330.txt
#report generated Mon Mar 30 07:30:01 MDT 2020
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2020-03-23T23:05:32.224Z		46.119.160.160		Administrator
2020-03-26T09:03:09.339Z		103.120.28.252		ADMINISTRATOR
2020-03-26T14:43:02.285Z		185.202.1.81		admin
2020-03-23T13:38:20.551Z		121.241.7.34		Scan
2020-03-26T09:03:11.619Z		5.183.93.57		YRJADMIN
2020-03-26T22:12:52.861Z		185.153.196.64		USER5
2020-03-23T23:05:40.231Z		209.45.61.241		ADMINISTRATOR
2020-03-26T14:43:07.191Z		46.119.184.167		Administrator

## rdp-attackers-7-days-20200217.txt
#report generated Mon Feb 17 07:30:02 MST 2020
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2020-02-10T14:30Z		124.158.9.38		ADMINISTRATOR
2020-02-10T14:30Z		185.209.0.40		RESMAC
2020-02-10T14:30Z		185.209.0.57		MSWORDUSER
2020-02-10T14:30Z		185.209.0.57		WINDOWS
2020-02-10T14:30Z		185.209.0.85		NPS
2020-02-10T14:30Z		185.209.0.85		PESTAMACH
2020-02-10T14:30Z		185.209.0.96		ADMIN

## rdp-attackers-7-days-20200504.txt
#report generated Mon May  4 07:30:01 MDT 2020
#timestamp       	IpAddress     		TargetUserName
2020-04-27T13:30Z	190.0.1.90		ADMINISTRATOR
2020-04-27T13:30Z	190.0.1.90		USER
2020-04-27T13:30Z	194.61.24.121		RECEPTION
2020-04-27T13:30Z	194.61.24.121		STEPHANIE
2020-04-27T13:30Z	212.92.105.227		IDAMEMBERSERVICES
2020-04-27T13:30Z	212.92.105.227		NEIGHBORS
2020-04-27T13:30Z	212.92.105.227		SEGURIDAD
2020-04-27T13:30Z	212.92.106.126		HASKELLANDREW
	#report generated Mon Dec 2 07:30:01 MST 2019
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-11-25T14:30Z 104.238.162.111 ADMINISTRATOR
	2019-11-25T14:30Z 185.156.177.119 QAAZURE
	2019-11-25T14:30Z 185.209.0.15 TSYSEVADMIN
	2019-11-25T14:30Z 185.209.0.22 TLCADMIN
	2019-11-25T14:30Z 185.209.0.28 VANTAGEADMIN
	2019-11-25T14:30Z 185.209.0.29 KMFADMIN
	2019-11-25T14:30Z 185.209.0.29 MCCAULEYADMIN
	2019-11-25T14:30Z 185.209.0.30 ATIADMIN
	http://37.49.226.127/Cipher.sh
	http://37.49.226.127/mips
	http://37.49.226.127/mipsel
	http://37.49.226.127/sh4
	http://37.49.226.127/x86
	http://37.49.226.127/arm7
	http://37.49.226.127/arm6
	http://37.49.226.127/i686
	http://37.49.226.127/i586
	http://37.49.226.127/m68k
	# report generated Mon Jun 1 07:30:02 MDT 2020
	# timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-05-25T13:30Z 172.107.162.74 ADMINISTRATOR
	2020-05-25T13:30Z 185.202.1.131 CLAIR
	2020-05-25T13:30Z 185.202.1.132 RIGOBERTO
	2020-05-25T13:30Z 185.202.1.136 CHANG
	2020-05-25T13:30Z 185.202.1.136 ZACHARIAH
	2020-05-25T13:30Z 185.202.1.152 MSHCW
	2020-05-25T13:30Z 185.202.1.152 MYSQL_ZKEYS
	2020-05-25T13:30Z 185.202.1.159 ENQUIRIES
	2020-05-18T13:30 141.98.83.40 AA123456
	2020-05-18T13:30 185.153.197.2 ADMINISTRATOR
	2020-05-18T13:30 185.153.199.131 FOLDER
	2020-05-18T13:30 185.153.199.131 FRONT
	2020-05-18T13:30 185.202.1.119 EDITOR
	2020-05-18T13:30 185.202.1.129 TERRANCE
	2020-05-18T13:30 185.202.1.131 JAY
	2020-05-18T13:30 185.202.1.131 JIM
	2020-05-18T13:30 185.202.1.133 DERRICK
	2020-05-18T13:30 185.202.1.135 ANDY
	2020-05-12T04:42:04.875Z 104.208.242.187 admin
	2020-05-12T08:12:43.373Z 104.208.242.187 admin
	2020-05-12T14:13:51.253Z 104.208.242.187 admin
	2020-05-12T10:55:25.028Z 104.208.242.187 admin
	2020-05-12T18:14:05.394Z 104.208.242.187 admin
	2020-05-12T02:38:30.820Z 104.208.242.187 admin
	2020-05-12T05:13:36.554Z 104.208.242.187 admin
	2020-05-12T02:08:12.755Z 104.208.242.187 admin
	2020-05-11T13:43:53.269Z 104.208.242.187 admin
	2020-05-11T16:16:18.505Z 104.208.242.187 admin
	#report generated Mon May 18 07:30:01 MDT 2020
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-05-11T13:30Z 137.117.13.132 admin
	2020-05-11T13:30Z 168.63.203.102 admin
	2020-05-11T13:30Z 176.113.115.46 IADMIN_18
	2020-05-11T13:30Z 180.180.245.245 ADMINISTRATOR
	2020-05-11T13:30Z 185.202.1.119 MASTER
	2020-05-11T13:30Z 185.202.1.119 TURNOS
	2020-05-11T13:30Z 185.202.1.132 ADMINISTRATOR
	2020-05-11T13:30Z 185.202.1.229 AVS
	#report generated Mon May 11 07:30:01 MDT 2020
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-05-11T00:30:45.744Z 213.202.233.217 orders
	2020-05-11T00:30:23.041Z 213.202.233.217 michelle
	2020-05-06T20:42:47.156Z 91.241.19.25 THIS
	2020-05-11T00:30:34.351Z 213.202.233.217 operator
	2020-05-11T00:30:33.598Z 185.202.0.7 MATCH
	2020-05-06T12:42:30.939Z 45.141.87.10 ADMINISTRATOR
	2020-05-11T00:27:47.904Z 185.202.1.150 STA
	2020-05-11T00:31:01.134Z 185.202.1.235 TSOFT
	#report generated Mon Mar 30 07:30:01 MDT 2020
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-03-23T23:05:32.224Z 46.119.160.160 Administrator
	2020-03-26T09:03:09.339Z 103.120.28.252 ADMINISTRATOR
	2020-03-26T14:43:02.285Z 185.202.1.81 admin
	2020-03-23T13:38:20.551Z 121.241.7.34 Scan
	2020-03-26T09:03:11.619Z 5.183.93.57 YRJADMIN
	2020-03-26T22:12:52.861Z 185.153.196.64 USER5
	2020-03-23T23:05:40.231Z 209.45.61.241 ADMINISTRATOR
	2020-03-26T14:43:07.191Z 46.119.184.167 Administrator
	#report generated Mon Feb 17 07:30:02 MST 2020
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2020-02-10T14:30Z 124.158.9.38 ADMINISTRATOR
	2020-02-10T14:30Z 185.209.0.40 RESMAC
	2020-02-10T14:30Z 185.209.0.57 MSWORDUSER
	2020-02-10T14:30Z 185.209.0.57 WINDOWS
	2020-02-10T14:30Z 185.209.0.85 NPS
	2020-02-10T14:30Z 185.209.0.85 PESTAMACH
	2020-02-10T14:30Z 185.209.0.96 ADMIN
	#report generated Mon May 4 07:30:01 MDT 2020
	#timestamp IpAddress TargetUserName
	2020-04-27T13:30Z 190.0.1.90 ADMINISTRATOR
	2020-04-27T13:30Z 190.0.1.90 USER
	2020-04-27T13:30Z 194.61.24.121 RECEPTION
	2020-04-27T13:30Z 194.61.24.121 STEPHANIE
	2020-04-27T13:30Z 212.92.105.227 IDAMEMBERSERVICES
	2020-04-27T13:30Z 212.92.105.227 NEIGHBORS
	2020-04-27T13:30Z 212.92.105.227 SEGURIDAD
	2020-04-27T13:30Z 212.92.106.126 HASKELLANDREW