A botnet is currently scanning the internet in search of poorly protected Windows machines with Remote Desktop Protocol (RDP) connection enabled. Called GoldBrute, the malware compiled a list of over 1.5 million unique systems and systematically tests access on them with brute-force or credential stuffing attacks. A researcher says that there is only one command and control (C2) server using the IP address 104.156.]249.231, which indicates a location in New Jersey, United States.
Source: https://www.bleepingcomputer.com/news/security/new-goldbrute-botnet-is-trying-to-hack-15-million-rdp-servers/