???????????????!?????????????????

???????????????

2024???????12??????????????18?,????CNCERT?(

???

(??????????)?

?Exchange?????????????????????????????????????????????????????????2???????????Exchange???????????????????,?,??????????????????????,???????????

(??????)??????????

???????????????,?????????????????2???????????????,??????????????,?????????????????????????????,???????????????????/owa/auth/xxx/xx.aspx????/owa/auth/xxx/yy.aspx,???????,??????????????,?????

(?)???????????30??

????????,?????????????????????,????,???????????????????????SSH?SMB??30????????????????;????,?????????????????????????????????????????,????????????????????????websocket+SSH??,????????,????????????????WeChatxxxxxxxx.exe???2??PIPE????,?????????????

???????????????????????

(?)????

???????????,???????????????????????,???????????,??,???,?????

(??????)???????????????????????????

????3????,??????????,2023?5?2???,????????????????????(95.179.XX.XX)?,?,???????????????????????????,????????????????,??????“???????”?“??????????????”?“?”?“???????????????????(?+?????)”?“?????????????IP???????????????”?“????”????????????????????

(?)?

?????????????????????????????????,?????????????????????????????,2023?7?????????????26?,??????????????(65.21.XX.XX)????,?,??????,??,???????????????????????1.03GB??????,?“????????”?????“tip4XXXXXXXX.php”?

(??????????????)???????

?,?,?????????????????,?????????????????????????????????????????????????????????SSH?,????????????????,???????????

?????????

(???)??????????????????????

???????,???22?????????????8???????,??????????????10?20????????,?,??????

(?????????)????

2023?????5???????2023?10?,??30?????????????,????????????????????????????IP?,?????????????????????

(?)??????????????

??????2??????PIPE?????????????“c:\windows\system32\”?,????.net?,??????????????????,???????????????KB,?????????TLS??????????????????????????,??????????????https??,?websocket+SSH??,??????????

????????????????????????????????????????IP???????????

??????????

2024?????12??????????????18??????,?CNCERT?????(

???????

(??????????)?

2024????8???19?,?????????,?/??2024???8?21?????????????????,???????????/?????????????????????????

(????????????)???????????????

2024?8?21?????????????????????12?????????,??????????????,?????????,???????????????,?/xxx/xxxx?flag=syn_user_policy????????????????,??????????/xxx/xxxStats?

(?)??????

2024??????????????????????????11?????????????6???????????2024??11????8??????????????2024??????????11???16?????????????????,??????????????????????????????276??????????????????????????????????????

??????

(?)??????????

?????????????IP???????,???????????,??????????,?,???

(?)??????

2024?11?????????6?11????16????????,?????3?IP???????????????,????????????,????????????,????????,?????,????????????????????????????????????????????????4.98GB?

???????????

(???????)???????????????????

????????????,?22???????????????8???????????????????????,???????????10?????????20?????????,??,??

(??????????????????)???????????????

?5?IP??????,??????????,?????????

(??????)?

?????,?????????,??

?,??,????????????????????????

(????)?????????????????

????,????????????????????????????,???,??276???????????,???????????,????????????????????????????????

????????????????????IP???????????

??:?????