??????????????????????????:?????????

?? > ?? > ??

???????????????????????:?????????

2025-01-19 12:01:41??:????:???

???????????????????????:?????????

??????????1????????????????????????17?????? ????17??????????????????????????,??

2024????????????12?????????????18???,??????????????CNCERT????(

???????????????????????????????

(??????)?

2024???????????????????8?19??????????????????????,?????,?????????/??2024????????????8???????????????21?,????/??????????

(?)???????????????????

2024?8?21?12?,???????????,?,???????????,???????????/xxx/xxxx?flag=syn_user_policy??,??????/xxx/xxxStats?

(????????????????)?????????????

2024?11???????????????6????2024?11?????????????????????????????????8???????2024?????????11??????????16?????,???276???????????????????????????????????????????

??????

(?)??

???????????????????????????IP?????????,?,????????,?,??????????????????

(???????????)?????????

2024?11?????????6??11?????16???????,?3???????????????????????IP???????????????????????????,??????????,????????,??????????????????????????????????????,??????,???????????????????????????????????????????4.98GB?

??????

(??????????)??

?????????????,?22??????????????????8??,??????10??????????????20????,?,???????????

(???????????????)???

?5?IP???????,???????????????,??????????

(??????????????)????

?,???????????????????????,????

??????,?,?????????????????

(?)?

???????,????????????????,?????,??????276??????????????,???????????????????????????,????

????????????IP????????????????

2024????12??18??????????????,??????CNCERT????????(

??????????????????????

(??????)??????????????

????Exchange???????2???????????Exchange???,?,?????????????,???????

(????)????

?,?2??????,??,??????????????,?/owa/auth/xxx/xx.aspx???????????/owa/auth/xxx/yy.aspx,??????????????,?,???

(???????????????????????)??????????????????????30??????????????????????????

???????????,????,???????????????,??SSH?SMB????30?????????????????????????????????;?,????????????????????????????????????????????????????????????????,?????????websocket+SSH?,????,??WeChatxxxxxxxx.exe????????????????2????????????????????????????PIPE????????,??

??????????

(?????????????????????)?????????????

?,??????,???????????????????????????,??????,?????,???

(?)?

?????????????????3??,???,2023????5????2??????,?????(95.179.XX.XX)????,???????????,????????,??,??????????????�?�?�???�?�?????�?�??????????????(????????????????????????+??????)�?�??????????????IP??????????�?�?�??

(???????????)?

?????????????????,?????????????,2023?????????????????????7??????????????????????26????????????????????????????,????????????(65.21.XX.XX)??,???????????????,?,????,????1.03GB????????????,?????�??�?�tip4XXXXXXXX.php�?

(?????????????)?

??????????????????,??????????????,???????????,?????????????????SSH??????????????????????????????,?????????,??????????????

?????????????????????

(??????????????????)????????????????????????

??,??????????????22?8??????????????????????,?????10???????????20????????????????????,????????,?????

(???????????)???????????????????

2023????????5????????????????2023?10???????,???????????????????30????????????????????,?IP???????,?????????????

(?)????

???????2?PIPE???????????�c:\windows\system32\�?,???.net?,????????????,???????????????????KB,?TLS??????????????????????????????,??????https?,???????????????????websocket+SSH??????,??????????????????

???????IP???????????????????????????

????????????????????????:??

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐