???????????????????????:?????????

??????1??????17??????????????? ??17??????,???????????????

????

2024???????12?18??,??CNCERT???????????????????(

?????????????

(?)????

2024??????????8?????????????????19???????????????????????????,?,?????????????/??????????????2024????8?21???????????????,??????/??

(???????????)??

2024??????8???????21???????????????????12????????,???????????,???????????????????,???????????????????????,????????????/xxx/xxxx?flag=syn_user_policy???????????????,?/xxx/xxxStats?

(??????)?????????????

2024???????11????????6???????????2024????????????????11??8?2024??????11???????????????????????????16???????,???????????276????????????????????????????????????????????

????????????????????????

(???????????????????)??????

????????IP?????????????????????,?,????,?,???????????????

(??????????????????)?

2024???????????????11?6?????????????11???16????,????????????????3????????????IP??????????????,????????????????????????,????,?????????????????????,?????????,????????????4.98GB?

????????????????????????

(?)????????????

?,?????22???8??????????????,?10?20?????????????????,?????????????????????,??

(??????????????)?

????5?IP???????????????,????,???????????

(??????)?

??????,?????????????????????,??

??????????????,????,?????????

(?)?

?,?,??????????,?????276????,??????????????,?????????????

?????IP??????????

?

2024??12???????????????18????????????????????????????,?CNCERT???????(

???????????????

(???????????)??????????

?????????Exchange??????????????????????????????2????????????????????????Exchange?????,?,????,????????????

(??????????)???????????????????

?????????????????,???????????????????????2???,??,???????????????????????,?/owa/auth/xxx/xx.aspx?????????/owa/auth/xxx/yy.aspx,????????????????????????????????????,???????????????????????,???????????????

(?)?30?

?,?,????????????,???????????????????????????SSH?SMB?30??????????????????????????????????????????????????????????;???????????,??????????????????????????????????????????????????????,???????????????????????websocket+SSH?,????????????????,?WeChatxxxxxxxx.exe??2?PIPE????????????????????,?????????????????

??????

(???????????????)????????

????,????,?????,???????????,????????????????????????,??????

(?)??????????????

????3??????????????????????????????,?????????,2023?????5?????2?,?????(95.179.XX.XX)??????????,?????,??????????????,??????????,??“?”?“??????????????????????????”?“???????????????????????”?“????????????????(????+????)”?“??????????IP?”?“??????”???????????????????????

(???????????????)??

?????????????????????????,??????????,2023???????7?26??,??????????????(65.21.XX.XX)??,??????????????,???????,?,???????????1.03GB??,?“?”????“tip4XXXXXXXX.php”?

(??????????????)?

??,??????,?,??????????????SSH???????????????,?,???

??????????????????????????????????

(????????)??????????????????????????????????

?????????,?22????8??????????????,???10???????????????20?,?,????

(????????????)??????????

2023??????????????????????????5?2023??10????????,??????????????????30???,?IP?,??????????

(????????)???

??????2??PIPE?????“c:\windows\system32\”?,?????.net????????????,???????????????????????,?????????????????????????????????KB,?????TLS????????????????????????????????????,????https???,??????????????????????websocket+SSH?,???

??????????????IP?????

??:???