Hope you all are keep tabs on the RDP vulnerability (CVE-2019–0708). Morphus Labs is reporting that the GoldBrute botnet is brute forcing vulnerable RDP servers from a Shodan list. The C2 uses (104[.]156[.]249[.]231) to exchange data via an AES encrypted WebSocket connection to port 8333. Bots download a 80mb Java class called “GoldBrute” and include the complete Java Runtime(!)