https://community.isc2.org/t5/Tech-Talk/GoldBrute-Botnet-Brute-Forcing-RDP-Servers/m-p/23522#M1371 <P>Hope you all are keep tabs on the RDP vulnerability (CVE-2019–0708).&nbsp;<SPAN><A href="https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d" target="_blank" rel="noopener">Morphus Labs</A>&nbsp;is reporting that the&nbsp;</SPAN><SPAN>GoldBrute botnet is brute forcing vulnerable RDP servers from a Shodan list. The C2 uses (104[.]156[.]249[.]231) to&nbsp;exchange data via an AES encrypted WebSocket connection to port 8333. Bots&nbsp;</SPAN><SPAN>download a 80mb Java class called “GoldBrute” and&nbsp;</SPAN><SPAN>include the complete Java Runtime(!)</SPAN></P> Mon, 09 Oct 2023 09:13:49 GMT AppDefects 2023-10-09T09:13:49Z https://community.isc2.org/t5/Tech-Talk/GoldBrute-Botnet-Brute-Forcing-RDP-Servers/m-p/23522#M1371 <P>Hope you all are keep tabs on the RDP vulnerability (CVE-2019–0708).&nbsp;<SPAN><A href="https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d" target="_blank" rel="noopener">Morphus Labs</A>&nbsp;is reporting that the&nbsp;</SPAN><SPAN>GoldBrute botnet is brute forcing vulnerable RDP servers from a Shodan list. The C2 uses (104[.]156[.]249[.]231) to&nbsp;exchange data via an AES encrypted WebSocket connection to port 8333. Bots&nbsp;</SPAN><SPAN>download a 80mb Java class called “GoldBrute” and&nbsp;</SPAN><SPAN>include the complete Java Runtime(!)</SPAN></P> Mon, 09 Oct 2023 09:13:49 GMT https://community.isc2.org/t5/Tech-Talk/GoldBrute-Botnet-Brute-Forcing-RDP-Servers/m-p/23522#M1371 AppDefects 2023-10-09T09:13:49Z