techhelplist

## rdp-attackers-december2019-b.txt
#report generated Mon Dec  9 07:30:01 MST 2019
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName

2019-12-02T14:30Z		111.223.82.101		ADMINISTRATOR
2019-12-02T14:30Z		185.81.128.112		AMY
2019-12-02T14:30Z		193.188.22.143		AQNETGCS
2019-12-02T14:30Z		194.61.24.18		Administrator
2019-12-02T14:31Z		185.156.177.206		AZURE
2019-12-02T14:31Z		185.156.177.61		CLUSTER
2019-12-02T14:31Z		185.156.177.96		TONI

## rdp-attackers-december2019-a.txt
#report generated Mon Dec  2 07:30:01 MST 2019
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-11-25T14:30Z		104.238.162.111		ADMINISTRATOR
2019-11-25T14:30Z		185.156.177.119		QAAZURE
2019-11-25T14:30Z		185.209.0.15		TSYSEVADMIN
2019-11-25T14:30Z		185.209.0.22		TLCADMIN
2019-11-25T14:30Z		185.209.0.28		VANTAGEADMIN
2019-11-25T14:30Z		185.209.0.29		KMFADMIN
2019-11-25T14:30Z		185.209.0.29		MCCAULEYADMIN
2019-11-25T14:30Z		185.209.0.30		ATIADMIN

## rdp-attackers-november2019-d.txt
#report generated Mon Nov 25 07:30:01 MST 2019
#timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-11-18T14:30Z		133.242.53.124		ADMINISTRATOR
2019-11-18T14:30Z		185.156.177.99		MYSQL
2019-11-18T14:30Z		185.209.0.15		VADMIN
2019-11-18T14:30Z		185.209.0.29		BKADMIN
2019-11-18T14:30Z		185.209.0.30		KEVINADMIN
2019-11-18T14:30Z		185.209.0.43		SWIRIADMIN
2019-11-18T14:30Z		185.209.0.61		WSI
2019-11-18T14:30Z		185.209.0.62		BCADMIN

## rdp-attackers-november2019-c.txt
#report generated Mon Nov 18 07:30:01 MST 2019
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-11-13T23:34:41.280Z		198.211.12.198		DAN
2019-11-14T04:59:40.920Z		204.48.30.58		ADMINISTRATOR
2019-11-14T04:59:43.999Z		178.161.241.145		ADMINISTRATOR
2019-11-14T05:01:38.052Z		218.86.124.102		USER3
2019-11-13T20:13:18.722Z		193.188.22.148		PTHIGPEN
2019-11-13T23:35:55.064Z		82.102.27.55		DOCK
2019-11-14T05:03:39.588Z		204.48.30.58		ADMINISTRATOR
2019-11-13T20:22:48.788Z		193.188.22.38		TIGER

## rdp-attackers-november2019-b.txt
    #report generated Tue Nov 12 08:10:02 MST 2019
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-11-05T22:25Z		212.92.116.56		BEADMIN
2019-11-05T22:25Z		66.186.160.54		ADMINISTRATOR
2019-11-05T22:25Z		38.109.219.108		ADMINISTRATOR
2019-11-05T22:27Z		61.145.216.210		ADMINISTRATOR
2019-11-06T16:10Z		193.188.23.18		UMIT
2019-11-06T16:10Z		171.100.62.42		ADMINISTRATOR
2019-11-05T22:27Z		85.214.139.159		ADMINISTRATOR
2019-11-06T23:08Z		212.92.122.246		SUPPORT

## rdp-attackers-november2019-a.txt
#report generated Mon Nov  4 07:55:56 MST 2019
timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-11-03T05:40:09.942Z		35.247.253.29		Buchhaltung
2019-11-03T05:40:06.633Z		121.131.228.72		TEST
2019-11-03T05:33:19.017Z		193.188.22.82		ADMIN
2019-11-03T05:40:17.758Z		193.188.22.82		ADMIN
2019-11-03T05:40:14.052Z		38.109.219.108		ADMINISTRATOR
2019-11-03T05:32:39.914Z		212.92.105.77		AJONES
2019-11-03T05:32:45.387Z		212.92.105.217		KSMITH
2019-10-28T15:32:30.877Z		193.188.22.119		ADMINS

## rdp-attackers-october2019-c.txt


timestamp		winlogbeat_winlog_event_data_IpAddress		winlogbeat_winlog_event_data_TargetUserName
2019-10-27T05:15:42.219Z		83.240.199.229		ADMINISTRATOR
2019-10-27T05:19:02.238Z		85.209.3.205		Administrator
2019-10-27T05:21:59.346Z		85.209.3.205		Administrator
2019-10-27T05:22:02.133Z		85.209.3.205		Administrator
2019-10-27T05:22:56.545Z		38.109.219.108		ADMINISTRATOR
2019-10-27T05:25:32.708Z		85.209.3.205		Administrator
2019-10-27T05:27:34.641Z		212.92.105.77		TS

## rdp-attackers-october2019-b.txt
timestamp	winlogbeat_event_data_IpAddress	winlogbeat_event_data_TargetUserName
2019-10-11T07:14:22.612Z	217.147.235.52	ROOT
2019-10-11T07:14:22.211Z	212.92.106.86	QUICKBOOKS
2019-10-11T07:43:42.731Z	171.100.62.42	ADMINISTRATOR
2019-10-11T07:43:42.931Z	185.209.0.15	EJOHNSON
2019-10-11T07:45:47.430Z	212.92.106.86	PRUEBA
2019-10-11T07:14:22.952Z	212.92.106.86	JIM
2019-10-11T07:14:23.674Z	165.22.79.44	Administrator
2019-10-11T07:43:43.253Z	157.245.167.16	Administrateur
2019-10-11T07:14:23.920Z	212.92.106.86	TV

## rdp-attackers-october2019-a.txt
timestamp	winlogbeat_event_data_IpAddress	winlogbeat_event_data_TargetUserName
2019-09-30T15:55:55.369Z	212.92.122.46	IAN
2019-09-30T15:55:56.855Z	212.92.122.16	CONFERENCEROOM
2019-09-30T16:03:31.680Z	45.141.84.19	DEVEL
2019-09-30T16:05:07.020Z	84.201.142.42	user
2019-09-30T16:05:00.159Z	212.92.112.41	INTERVIEW
2019-09-30T16:06:36.985Z	212.92.112.41	INSTALLER
2019-09-30T16:06:44.288Z	212.92.122.16	SHARON
2019-09-30T16:10:35.720Z	185.230.127.237	DEMO
2019-09-30T16:13:38.885Z	74.208.152.133	ADMINISTRATOR

## rdp-attackers-september2019-e.txt
timestamp	winlogbeat_event_data_IpAddress	winlogbeat_event_data_TargetUserName
2019-09-30T04:34:03.972Z	31.184.249.177	admin
2019-09-30T04:40:41.038Z	14.98.4.242	ADMINISTRATOR
2019-09-30T04:40:41.874Z	103.249.227.246	ADMINISTRATOR
2019-09-25T22:17:02.382Z	212.92.122.216	SHOP
2019-09-25T22:17:01.868Z	212.92.114.68	111
2019-09-30T04:31:07.510Z	212.92.114.48	TESTING
2019-09-30T04:40:51.379Z	212.92.122.26	MICROS
2019-09-30T04:34:01.119Z	212.92.114.48	PAYROLL
2019-09-30T04:33:07.836Z	193.188.22.211	CLUSTER
	#report generated Mon Dec 9 07:30:01 MST 2019
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName

	2019-12-02T14:30Z 111.223.82.101 ADMINISTRATOR
	2019-12-02T14:30Z 185.81.128.112 AMY
	2019-12-02T14:30Z 193.188.22.143 AQNETGCS
	2019-12-02T14:30Z 194.61.24.18 Administrator
	2019-12-02T14:31Z 185.156.177.206 AZURE
	2019-12-02T14:31Z 185.156.177.61 CLUSTER
	2019-12-02T14:31Z 185.156.177.96 TONI
	#report generated Mon Dec 2 07:30:01 MST 2019
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-11-25T14:30Z 104.238.162.111 ADMINISTRATOR
	2019-11-25T14:30Z 185.156.177.119 QAAZURE
	2019-11-25T14:30Z 185.209.0.15 TSYSEVADMIN
	2019-11-25T14:30Z 185.209.0.22 TLCADMIN
	2019-11-25T14:30Z 185.209.0.28 VANTAGEADMIN
	2019-11-25T14:30Z 185.209.0.29 KMFADMIN
	2019-11-25T14:30Z 185.209.0.29 MCCAULEYADMIN
	2019-11-25T14:30Z 185.209.0.30 ATIADMIN
	#report generated Mon Nov 25 07:30:01 MST 2019
	#timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-11-18T14:30Z 133.242.53.124 ADMINISTRATOR
	2019-11-18T14:30Z 185.156.177.99 MYSQL
	2019-11-18T14:30Z 185.209.0.15 VADMIN
	2019-11-18T14:30Z 185.209.0.29 BKADMIN
	2019-11-18T14:30Z 185.209.0.30 KEVINADMIN
	2019-11-18T14:30Z 185.209.0.43 SWIRIADMIN
	2019-11-18T14:30Z 185.209.0.61 WSI
	2019-11-18T14:30Z 185.209.0.62 BCADMIN
	#report generated Mon Nov 18 07:30:01 MST 2019
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-11-13T23:34:41.280Z 198.211.12.198 DAN
	2019-11-14T04:59:40.920Z 204.48.30.58 ADMINISTRATOR
	2019-11-14T04:59:43.999Z 178.161.241.145 ADMINISTRATOR
	2019-11-14T05:01:38.052Z 218.86.124.102 USER3
	2019-11-13T20:13:18.722Z 193.188.22.148 PTHIGPEN
	2019-11-13T23:35:55.064Z 82.102.27.55 DOCK
	2019-11-14T05:03:39.588Z 204.48.30.58 ADMINISTRATOR
	2019-11-13T20:22:48.788Z 193.188.22.38 TIGER
	#report generated Tue Nov 12 08:10:02 MST 2019
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-11-05T22:25Z 212.92.116.56 BEADMIN
	2019-11-05T22:25Z 66.186.160.54 ADMINISTRATOR
	2019-11-05T22:25Z 38.109.219.108 ADMINISTRATOR
	2019-11-05T22:27Z 61.145.216.210 ADMINISTRATOR
	2019-11-06T16:10Z 193.188.23.18 UMIT
	2019-11-06T16:10Z 171.100.62.42 ADMINISTRATOR
	2019-11-05T22:27Z 85.214.139.159 ADMINISTRATOR
	2019-11-06T23:08Z 212.92.122.246 SUPPORT
	#report generated Mon Nov 4 07:55:56 MST 2019
	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-11-03T05:40:09.942Z 35.247.253.29 Buchhaltung
	2019-11-03T05:40:06.633Z 121.131.228.72 TEST
	2019-11-03T05:33:19.017Z 193.188.22.82 ADMIN
	2019-11-03T05:40:17.758Z 193.188.22.82 ADMIN
	2019-11-03T05:40:14.052Z 38.109.219.108 ADMINISTRATOR
	2019-11-03T05:32:39.914Z 212.92.105.77 AJONES
	2019-11-03T05:32:45.387Z 212.92.105.217 KSMITH
	2019-10-28T15:32:30.877Z 193.188.22.119 ADMINS


	timestamp winlogbeat_winlog_event_data_IpAddress winlogbeat_winlog_event_data_TargetUserName
	2019-10-27T05:15:42.219Z 83.240.199.229 ADMINISTRATOR
	2019-10-27T05:19:02.238Z 85.209.3.205 Administrator
	2019-10-27T05:21:59.346Z 85.209.3.205 Administrator
	2019-10-27T05:22:02.133Z 85.209.3.205 Administrator
	2019-10-27T05:22:56.545Z 38.109.219.108 ADMINISTRATOR
	2019-10-27T05:25:32.708Z 85.209.3.205 Administrator
	2019-10-27T05:27:34.641Z 212.92.105.77 TS
	timestamp winlogbeat_event_data_IpAddress winlogbeat_event_data_TargetUserName
	2019-10-11T07:14:22.612Z 217.147.235.52 ROOT
	2019-10-11T07:14:22.211Z 212.92.106.86 QUICKBOOKS
	2019-10-11T07:43:42.731Z 171.100.62.42 ADMINISTRATOR
	2019-10-11T07:43:42.931Z 185.209.0.15 EJOHNSON
	2019-10-11T07:45:47.430Z 212.92.106.86 PRUEBA
	2019-10-11T07:14:22.952Z 212.92.106.86 JIM
	2019-10-11T07:14:23.674Z 165.22.79.44 Administrator
	2019-10-11T07:43:43.253Z 157.245.167.16 Administrateur
	2019-10-11T07:14:23.920Z 212.92.106.86 TV
	timestamp winlogbeat_event_data_IpAddress winlogbeat_event_data_TargetUserName
	2019-09-30T15:55:55.369Z 212.92.122.46 IAN
	2019-09-30T15:55:56.855Z 212.92.122.16 CONFERENCEROOM
	2019-09-30T16:03:31.680Z 45.141.84.19 DEVEL
	2019-09-30T16:05:07.020Z 84.201.142.42 user
	2019-09-30T16:05:00.159Z 212.92.112.41 INTERVIEW
	2019-09-30T16:06:36.985Z 212.92.112.41 INSTALLER
	2019-09-30T16:06:44.288Z 212.92.122.16 SHARON
	2019-09-30T16:10:35.720Z 185.230.127.237 DEMO
	2019-09-30T16:13:38.885Z 74.208.152.133 ADMINISTRATOR
	timestamp winlogbeat_event_data_IpAddress winlogbeat_event_data_TargetUserName
	2019-09-30T04:34:03.972Z 31.184.249.177 admin
	2019-09-30T04:40:41.038Z 14.98.4.242 ADMINISTRATOR
	2019-09-30T04:40:41.874Z 103.249.227.246 ADMINISTRATOR
	2019-09-25T22:17:02.382Z 212.92.122.216 SHOP
	2019-09-25T22:17:01.868Z 212.92.114.68 111
	2019-09-30T04:31:07.510Z 212.92.114.48 TESTING
	2019-09-30T04:40:51.379Z 212.92.122.26 MICROS
	2019-09-30T04:34:01.119Z 212.92.114.48 PAYROLL
	2019-09-30T04:33:07.836Z 193.188.22.211 CLUSTER