?????????:???????????????????????

??????????1??????????????17?? ???????????????????????17?????????,???????????

??????????????

2024?????12?18??????,??CNCERT????????????????(

???????????????????????

(??????????????)??????????????????????????

2024????8????????????19???????????????,?,????????????/?????????????????????????????2024?????????????????????????????????8???????????21?,?????????????/????????????

(??)?????

2024????8?21????????????????12??,????????????????????????????,???,????????????,?/xxx/xxxx?flag=syn_user_policy????????????????????,????????/xxx/xxxStats?

(?)?

2024?11?????????6?????2024?????11?8??????????????????2024???11????16??????????????,??????????????????????????????276???????????????????????????????????????????

???????

(???)?

?IP???????????????,?,?,???????????????,??????????????????

(???????????)??????????

2024????????????11??????????6???????????????????11?????16???????,??3?IP??????,????????,???????????????????,??????????????????????????????????,????,???????????????4.98GB?

???

(?????)?

????,?????22??8??????,??????????10??????????20?,????????,??

(?)???????

?5?IP????,??????????????,????????????

(????)?

????????????????????????,????????,??????

??????????????,?????????????????,???????????

(??????????????????????????????????)????

?,???????,??????????????,?276??????,????????,??????????????????

????????IP???????????

?????????????

2024????12???????18?,?????????CNCERT?????(

?????????????????????????

(?)?

??????????Exchange???2?????????????????????Exchange????????????????,?,?,?????????

(?)?

?????????????,???????????????????2???????????????????????,?????,????,?/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,??????????????????????????????????????????,?,??

(?????????)?30???????????????

??,???,????,???????????????SSH?SMB?30?????????????????????????????????????;????,?????????????????????????????????????????????,?websocket+SSH?,????????????????,?????????????????WeChatxxxxxxxx.exe????????????2?PIPE??????????,???

?????

(????)?????????

?,????????????????,?????????,?,????????????,??????????????????

(??????????????????)????????

???????????????3?????,??????????????????????????????????????,2023?????????5???2????,?(95.179.XX.XX)???????,??????,???????,?????,??????????????????????“???????????”?“?”?“??????????????????”?“?????(????????????????????????????+???????????????????????????)”?“?IP????????????”?“????”????????????????????????

(?????)?????????????????????

???????????????????????,??????????????????,2023????????????????????7????26???,??????????(65.21.XX.XX)?,???,????????????????,??????????????,????1.03GB?????,???????????????????????“?”???????????“tip4XXXXXXXX.php”?

(??????????????)??????????????

?????????????,?,??,???????????????????????????????????????SSH????????????,??????????,????????????????????????????

????????

(???????????????????)??????????????????????

????????,????22???????????8???????????????????,??10?20?,??????,????????????????????????????

(???)????????

2023??5??2023?????10?,??????????????30??????????????,??????IP?,???????????????????????

(??????????????)??

?2???????????PIPE??“c:\windows\system32\”????????,?.net???????????????????????????,?,?KB,???????TLS??????????????????,???????????????https?,?????????????websocket+SSH?????????????,?????

????IP????????????????????????