techhelplist

## rdp-attackers-7-days-20200210.txt
#report generated Mon Feb 10 07:30:02 MST 2020
#timestamp               winlogbeat_winlog_event_data_IpAddress          winlogbeat_winlog_event_data_TargetUserName
2020-02-03T14:30Z		103.80.67.154		Barry
2020-02-03T14:30Z		165.22.220.145		support
2020-02-03T14:30Z		185.156.177.205		VIRTUAL
2020-02-03T14:30Z		185.209.0.108		ADMIN
2020-02-03T14:30Z		185.209.0.119		ADMINISTRATOR
2020-02-03T14:30Z		185.209.0.124		ADMINISTRATOR
2020-02-03T14:30Z		185.209.0.15		GLOBALIS
2020-02-03T14:30Z		185.209.0.15		MTAAD

## rdp-attackers-7-days-20200203.txt
#report generated Mon Feb  3 07:30:01 MST 2020
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2020-01-27T14:30Z		103.114.107.199		ADMINISTRATOR
2020-01-27T14:30Z		134.209.153.117		inventory33accting
2020-01-27T14:30Z		139.59.82.232		accting
2020-01-27T14:30Z		18.195.137.252		administrator
2020-01-27T14:30Z		185.209.0.109		ADMINISTRATOR
2020-01-27T14:30Z		185.209.0.15		OLIVERROO
2020-01-27T14:30Z		185.209.0.22		FOODPOT

## rdp-attackers-7-days-20200127.txt
2020-01-20T14:30Z    138.201.134.152      ADMINISTRATOR
2020-01-20T14:30Z    167.86.78.88      ADMINISTRATOR
2020-01-20T14:30Z    176.222.228.109      ADMIN
2020-01-20T14:30Z    176.222.228.109      ADMINISTRATOR
2020-01-20T14:30Z    184.105.6.238     ADM1N
2020-01-20T14:30Z    184.105.6.238     ADMIN
2020-01-20T14:30Z    184.105.6.238     USER
2020-01-20T14:30Z    185.209.0.104     ADMIN
2020-01-20T14:30Z    185.209.0.109     ADMINISTRATOR
2020-01-20T14:30Z    185.209.0.114     ADMIN

## rdp-attackers-7-days-20200120.txt
2020-01-13T15:00Z   139.180.146.170 ADMINISTRATOR
2020-01-13T15:00Z   167.114.229.156 ADMIN
2020-01-13T15:00Z   167.86.78.88    USER
2020-01-13T15:00Z   174.128.40.2    ADMINISTRATOR
2020-01-13T15:00Z   176.222.228.109 ADMIN
2020-01-13T15:00Z   176.222.228.109 USER
2020-01-13T15:00Z   185.156.177.61  INSTALL
2020-01-13T15:00Z   185.209.0.103   ADMINISTRATOR
2020-01-13T15:00Z   185.209.0.109   ADMINISTRATOR
2020-01-13T15:00Z   185.209.0.114   ADMINISTRATOR

## rdp-attackers-7-days-20200113.txt
#report generated Mon Jan 13 10:08:06 MST 2020
#timestamp  winlogbeat_winlog_event_data_IpAddress  winlogbeat_winlog_event_data_TargetUserName

2020-01-06T17:08Z  112.166.7.171  ADMINISTRATOR
2020-01-06T17:08Z  185.156.177.104    administrator
2020-01-06T17:08Z  185.156.177.179    ADMINISTRATOR
2020-01-06T17:08Z  185.156.177.24  DSB
2020-01-06T17:08Z  185.156.177.61  SHIPPING
2020-01-06T17:08Z  185.209.0.109  ADMINISTRATOR
2020-01-06T17:08Z  185.209.0.15  JRODRIGUEZ

## rdp-attackers-7-days-20200106.txt
# report generated Mon Jan  6 10:15:03 MST 2020
# timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2019-12-30T17:15Z		107.180.68.119		ADMINISTRATOR
2019-12-30T17:15Z		12.149.106.82		OPERATOR
2019-12-30T17:15Z		129.213.96.204		TEST
2019-12-30T17:15Z		174.128.40.2		ADMINISTRATOR
2019-12-30T17:15Z		185.153.196.3		administrator
2019-12-30T17:15Z		185.156.177.100		WILMOT
2019-12-30T17:15Z		185.156.177.140		JOHN

## rdp-attackers-december2019-e.txt
#report generated Tue Dec 31 08:01:23 MST 2019
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2019-12-24T15:01Z		133.242.53.124		ADMINISTRATOR
2019-12-24T15:01Z		157.245.60.56		USER
2019-12-24T15:01Z		181.30.30.34		UNIR
2019-12-24T15:01Z		185.209.0.15		ASSISTANT
2019-12-24T15:01Z		185.209.0.22		CLAIRE
2019-12-24T15:01Z		185.209.0.22		ROSA
2019-12-24T15:01Z		185.209.0.28		NAOMI

## rdp-attackers-december2019-d.txt
# report generated Mon Dec 23 07:30:01 MST 2019
# timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2019-12-16T14:30		104.130.148.67		administrator
2019-12-16T14:30		183.102.117.132		ADMINISTRATOR
2019-12-16T14:30		185.156.177.95		PALBIP
2019-12-16T14:30		185.209.0.15		BRENT
2019-12-16T14:30		185.209.0.15		FRANCISCO
2019-12-16T14:30		185.209.0.25		FRANCISCO
2019-12-16T14:30		185.209.0.62		ALEXANDER

## rdp-attackers-december2019-c.txt
#report generated Mon Dec 16 11:27:55 MST 2019
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2019-12-09T18:27Z		112.166.7.171		ADMINISTRATOR
2019-12-09T18:27Z		34.66.230.36		ADMINISTRATOR
2019-12-09T18:28Z		104.172.87.157		administrator
2019-12-09T18:28Z		112.166.7.171		ADMINISTRATOR
2019-12-09T18:28Z		163.172.105.102		NETMON
2019-12-09T18:28Z		174.128.40.2		ADMINISTRATOR
2019-12-09T18:28Z		176.36.205.248		ADMINISTRATOR

## sophos_central_alert_graylog2_extractor.txt
{
  "extractors": [
    {
      "title": "sophos_json_extractor",
      "extractor_type": "json",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "",
	#report generated Mon Feb 10 07:30:02 MST 2020
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2020-02-03T14:30Z 103.80.67.154 Barry
	2020-02-03T14:30Z 165.22.220.145 support
	2020-02-03T14:30Z 185.156.177.205 VIRTUAL
	2020-02-03T14:30Z 185.209.0.108 ADMIN
	2020-02-03T14:30Z 185.209.0.119 ADMINISTRATOR
	2020-02-03T14:30Z 185.209.0.124 ADMINISTRATOR
	2020-02-03T14:30Z 185.209.0.15 GLOBALIS
	2020-02-03T14:30Z 185.209.0.15 MTAAD
	#report generated Mon Feb 3 07:30:01 MST 2020
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2020-01-27T14:30Z 103.114.107.199 ADMINISTRATOR
	2020-01-27T14:30Z 134.209.153.117 inventory33accting
	2020-01-27T14:30Z 139.59.82.232 accting
	2020-01-27T14:30Z 18.195.137.252 administrator
	2020-01-27T14:30Z 185.209.0.109 ADMINISTRATOR
	2020-01-27T14:30Z 185.209.0.15 OLIVERROO
	2020-01-27T14:30Z 185.209.0.22 FOODPOT
	2020-01-20T14:30Z 138.201.134.152 ADMINISTRATOR
	2020-01-20T14:30Z 167.86.78.88 ADMINISTRATOR
	2020-01-20T14:30Z 176.222.228.109 ADMIN
	2020-01-20T14:30Z 176.222.228.109 ADMINISTRATOR
	2020-01-20T14:30Z 184.105.6.238 ADM1N
	2020-01-20T14:30Z 184.105.6.238 ADMIN
	2020-01-20T14:30Z 184.105.6.238 USER
	2020-01-20T14:30Z 185.209.0.104 ADMIN
	2020-01-20T14:30Z 185.209.0.109 ADMINISTRATOR
	2020-01-20T14:30Z 185.209.0.114 ADMIN
	2020-01-13T15:00Z 139.180.146.170 ADMINISTRATOR
	2020-01-13T15:00Z 167.114.229.156 ADMIN
	2020-01-13T15:00Z 167.86.78.88 USER
	2020-01-13T15:00Z 174.128.40.2 ADMINISTRATOR
	2020-01-13T15:00Z 176.222.228.109 ADMIN
	2020-01-13T15:00Z 176.222.228.109 USER
	2020-01-13T15:00Z 185.156.177.61 INSTALL
	2020-01-13T15:00Z 185.209.0.103 ADMINISTRATOR
	2020-01-13T15:00Z 185.209.0.109 ADMINISTRATOR
	2020-01-13T15:00Z 185.209.0.114 ADMINISTRATOR
	#report generated Mon Jan 13 10:08:06 MST 2020
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2020-01-06T17:08Z 112.166.7.171 ADMINISTRATOR
	2020-01-06T17:08Z 185.156.177.104 administrator
	2020-01-06T17:08Z 185.156.177.179 ADMINISTRATOR
	2020-01-06T17:08Z 185.156.177.24 DSB
	2020-01-06T17:08Z 185.156.177.61 SHIPPING
	2020-01-06T17:08Z 185.209.0.109 ADMINISTRATOR
	2020-01-06T17:08Z 185.209.0.15 JRODRIGUEZ
	# report generated Mon Jan 6 10:15:03 MST 2020
	# timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2019-12-30T17:15Z 107.180.68.119 ADMINISTRATOR
	2019-12-30T17:15Z 12.149.106.82 OPERATOR
	2019-12-30T17:15Z 129.213.96.204 TEST
	2019-12-30T17:15Z 174.128.40.2 ADMINISTRATOR
	2019-12-30T17:15Z 185.153.196.3 administrator
	2019-12-30T17:15Z 185.156.177.100 WILMOT
	2019-12-30T17:15Z 185.156.177.140 JOHN
	#report generated Tue Dec 31 08:01:23 MST 2019
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2019-12-24T15:01Z 133.242.53.124 ADMINISTRATOR
	2019-12-24T15:01Z 157.245.60.56 USER
	2019-12-24T15:01Z 181.30.30.34 UNIR
	2019-12-24T15:01Z 185.209.0.15 ASSISTANT
	2019-12-24T15:01Z 185.209.0.22 CLAIRE
	2019-12-24T15:01Z 185.209.0.22 ROSA
	2019-12-24T15:01Z 185.209.0.28 NAOMI
	# report generated Mon Dec 23 07:30:01 MST 2019
	# timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2019-12-16T14:30 104.130.148.67 administrator
	2019-12-16T14:30 183.102.117.132 ADMINISTRATOR
	2019-12-16T14:30 185.156.177.95 PALBIP
	2019-12-16T14:30 185.209.0.15 BRENT
	2019-12-16T14:30 185.209.0.15 FRANCISCO
	2019-12-16T14:30 185.209.0.25 FRANCISCO
	2019-12-16T14:30 185.209.0.62 ALEXANDER
	#report generated Mon Dec 16 11:27:55 MST 2019
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2019-12-09T18:27Z 112.166.7.171 ADMINISTRATOR
	2019-12-09T18:27Z 34.66.230.36 ADMINISTRATOR
	2019-12-09T18:28Z 104.172.87.157 administrator
	2019-12-09T18:28Z 112.166.7.171 ADMINISTRATOR
	2019-12-09T18:28Z 163.172.105.102 NETMON
	2019-12-09T18:28Z 174.128.40.2 ADMINISTRATOR
	2019-12-09T18:28Z 176.36.205.248 ADMINISTRATOR
	{
	"extractors": [
	{
	"title": "sophos_json_extractor",
	"extractor_type": "json",
	"converters": [],
	"order": 0,
	"cursor_strategy": "copy",
	"source_field": "message",
	"target_field": "",