???????????????????????:?????????

????1??????17??????????? ???????????17????????,?????????????????????

?

2024????12?18?????????,???????????????CNCERT??(

???

(????????????????????????)?

2024?8???????????????????????19?????????????,?????,???????????????????/????2024????8????21?,??/??????

(???)???

2024????8???????21???????????????12????????????,??????????????,???????????????,????????????????????????????????????,?/xxx/xxxx?flag=syn_user_policy???????????,???/xxx/xxxStats?

(??????????)?????

2024??????????11???????6???????2024????11?????8????????2024???????11??16?,???????276????????????????????????????????????????????

?????????????????????

(????????)???????

?IP??????????,???????????,??,????????????,?????????

(?)?????????

2024??11?6???????????????????11?????16??????????,??????????????3????IP????????????????????????????,??????????????,?,?????????????????,??????,????????????????????????????????????????4.98GB?

??????

(??)??????????????????????????????????

?,????????????????????????22??8?????????,?????????10???????20????????,?,??

(??)?????????

?5????????????????????????????IP?????????????????,??????????????,???????

(????)?

?,???????????????,?????

??????????????????????????????,??,????????????

(????????????)?

???????????????,??????????????????????????,?,???276???????????????????????????,??????????????????????????????????????,?????????

???????IP??????????????????????

??????

2024??12???????18???????????????????????????,???????CNCERT?(

???????????????????

(?)??????????????

??????Exchange????????2????Exchange?,???????????????????,???????????,??

(?)?????????????

????????????,?2??????????????????,???,??????????????????????????????????????,?????/owa/auth/xxx/xx.aspx???????/owa/auth/xxx/yy.aspx,???????????????,????,??????????????

(??????????????????????)????30?

?,???????????,?????,?SSH?SMB????????30???????????????????????????????????;?????,???????????????????????????????,????websocket+SSH???????????????,????????????????????,???????????WeChatxxxxxxxx.exe???????????????2?PIPE??,???????????

????????????

(?)?

?,?????????????,??????????????,????????????,??????????????,???????????

(?)??????

?3???????????????????????,??????????????????,2023??5???????????????????2?????,????(95.179.XX.XX)??????????,??????,???????????????,??????????????,???????????????????????“???????????????????????????”?“??????”?“???????”?“???????????????????(?+?)”?“?IP?”?“?????????????”??

(????????????????)????????????

????????????,?????????????,2023?7??????????????26???????????????????????,??????????(65.21.XX.XX)???????????????????????,???,???????????,?,?????????????????????1.03GB??????,?????????????????“?”???????????????“tip4XXXXXXXX.php”?

(?????????????)???????????

?,????????????????????,??????,???????????????????SSH?,??????,???

????????????????

(?)?

????????????????,?22???8?????,??????????10?????20??????,????????????????,????

(???????????????)??????????????

2023??????5????????2023??????????10????,?30?,??????????????IP?????????????????????????????????,???????????????????????????

(??????)????????????

??2?????????PIPE??“c:\windows\system32\”?????????,??.net??????,??????????????????????,?KB,?????????????TLS???????????????????????????,?https????????????????,??websocket+SSH?,??

????IP????

???????????????????:??????????????????????