Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion
‎06-11-2019 07:37 AM
‎06-11-2019 07:37 AM

GoldBrute Botnet Brute Forcing RDP Servers

Hope you all are keep tabs on the RDP vulnerability (CVE-2019–0708). Morphus Labs is reporting that the GoldBrute botnet is brute forcing vulnerable RDP servers from a Shodan list. The C2 uses (104[.]156[.]249[.]231) to exchange data via an AES encrypted WebSocket connection to port 8333. Bots download a 80mb Java class called “GoldBrute” and include the complete Java Runtime(!)

Reply
0 Kudos
0 Replies