??????????????????????????:?????????

?? > ?? > ??

???????????????????????:?????????

2025-01-17 15:48:27??:????:???

???????????????????????:?????????

?????????????1?????17? ?17????????,???????????

????????????????????

2024?12?????18?,????????CNCERT????????????????(

?????????????????????

(????????)????

2024???????8????19?????,?,?????/????????????????2024????????????????8???21?,?/????

(??)?

2024?8?21??????????12??????????,????,?????????????,??????,?/xxx/xxxx?flag=syn_user_policy??????,??????????????????????????/xxx/xxxStats?

(??????)??????????

2024????11????6???????????2024??????????????11?????????????????????8????????2024????????????11?????16?,????????????????????????276???????????????????

????????????????????????????????

(?)?

???????????????????????IP???????,?,?,????????????????????????,????

(????)?????????????

2024???????????????????????11?6?11???????????????????????????16?,????3?IP??????????,?????????,??????????????,?????????????????,????,?????????????????????4.98GB?

?????????????

(??????)???????????

??????????????????????,??????22????8???,???????????10???????20?????????????????,???????????????,??????????

(??????)?????

?????????????5??IP?,??,???????????????????????

(???????)?

?,????????????????????????????????,????????????

??????,??,??

(??????????)??

???,????,?????????,????276?,????????????????????,??????

???????????IP????????

???????

2024???????????12????????????????18?,???????????????CNCERT????????????????????(

????????????????????

(?)??????????

?Exchange??????2?Exchange???????????,?????????,???????????????????????????,???

(????????????)??

?????????,????2??,????,?????????????????????,?????????????/owa/auth/xxx/xx.aspx??????/owa/auth/xxx/yy.aspx,??????????????????,??????????,?????????????

(??)???????????????30??????????

?,?,?,?SSH?SMB?????????????????30????????????????????????????;??????????????,??????????????????????????????????????????????????????,?websocket+SSH??????????,????????????????,????WeChatxxxxxxxx.exe?????????????2????PIPE?????????????????????????????????,????????

????????????

(???)??????????????

???????????,????????????????????????,?,??????,???,??

(????????????????)???????

?3???????????????,?????????????,2023??5?2?,??????????????????????????(95.179.XX.XX)???????????????????,??????????????,?,??,????????�?????�?�???????????????????????????�?�?�?�??????????????????????(????+??????)�?�????IP?????�?�??????�??

(????????????)???????????????

?????????????,?????????????????????,2023?7??????????????????26??,???(65.21.XX.XX)????,?????,??????,???????????????,??????????????1.03GB?????,???????????????????�?�???????�tip4XXXXXXXX.php�?

(???????????????????)?

??????????????????,????????????,????????????????,????????????????????????????????????????????????????????????SSH?????????,??????,???????

????????

(?)?????????????????????

????,?????22????8?????,???10?20?????,?????,???????????????????????

(????????)?

2023???????????????????????????5?????????2023???????????10???????????,?30??,??????IP????????????????????????????,?????????????????????????

(?)?

????????????2???PIPE??????�c:\windows\system32\�??????????????????????????????????,???????????????.net?????????????????,???????????????????,??????????????KB,?????????????TLS????????????????????????????????,???????????????????????https?,????????????websocket+SSH??,????????????????????????

???IP??????????????

???????????????:????????????????????

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐