Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
Medium
Analysis Summary
A botnet named GoldBrute. It is currently attempting to brute-force credentials on Internet-accessible RDP servers. The number of servers the botnet is attempting to exploit is reportedly in the region of 1.5 million. If a server is successfully compromised, the server will then download and install the botnet code. The botnet is written in Java and the required Java runtime is part of the botnet code download. The infected server will communicate with the C&C server using an encrypted (AES) websocket on port 8333 and then scan random IP addresses to locate further systems with exposed RDP services. An interesting feature of the botnet is the manner in which it assigns servers to attempt to brute force with each bot trying only one username and password per target system.
Impact
Credential theft
Indicators of Compromise
IP(s) / Hostname(s)
Malware Hash (MD5/SHA1/SH256)
Remediation