A new botnet has been found searching the internet for poorly configured Remote Desktop Protocols (RDP). After the BlueKeep vulnerability was published, attackers have started searching for the RDP’s that can be exploited in an attempt to collect the information and sell it on the DarkNet. GoldBrute looks for the RDP’s and if it is capable of accessing it through a brute-force style attack, then it drops a malicious malware in the system that creates more bots to widen the search. After each individual bot has collected a total of 80 vulnerable system, it sends the information to its command and control server then continues on with its search. It is estimated that GoldBrute has already collected over 1.5 million IP addresses that are vulnerable. These systems will, most likely, be sold to the highest bidder on the DarkNet for one of any number of attacks. The IP address used for communication is located in New Jersey, but that is very likely to be a false IP address.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is