?? > ?? > ??
?????????????????!???????????????
2025-01-18 08:20:16??:????:???

?????????????????!???????????????

?

2024??12??18???????????????????,???????????????????????CNCERT????????????????(

??????

(??????????????)?

?????Exchange????????2???????????????Exchange???????????????,?,??????????,????????????????

(??????)????????????????????????

?,????????????????????2??????,?????????,?????????????????????????????????????,???/owa/auth/xxx/xx.aspx?????????????????/owa/auth/xxx/yy.aspx,????????????????????????????????,?????????,????????????????????????

(???????????????)?30?

???????????,?????,???????????,?SSH?SMB?30?????????????????;??????????,?????????????????????????????????????????????????????????????????????????????????????????,????websocket+SSH????,?????????????,??????????????????WeChatxxxxxxxx.exe????????????????2?PIPE?,??

???????

(?????????????????)???????????????????

??????????,?????????,??????????,?,?????,?????????????????????????????

(??)???

????3??????????,???????????????,2023?????????5????2?,??????????(95.179.XX.XX)??,?,??,?,????????????�?????????????�?�?�?�???????????????????????????�?�??(??+??)�?�???????IP??????????????????????�?�????????�?????????

(???)???????????

??????,???????????????????,2023?????????7?????26???????????????????????,?(65.21.XX.XX)???????????????????????????,?????????????????,???????,???????????????????????,???????1.03GB???????????????????????,??�?�?????�tip4XXXXXXXX.php�?

(?????)????????????????????????

????????????????,?????????,????????????,???????????????SSH?,????????,??

?????????????????????????

(?)??

??????????????,??????22??????8???????????????????????????,?10????????????????20??,?????,???????????????????

(???????)?

2023?5???2023?????????10????????????,??????30????,???????????????IP??????,???????

(?)?

?2?PIPE?�c:\windows\system32\�??,?????.net?????????????,?,????????????????????????KB,?????????????TLS?????????????????????????????????????,??????https???????????????????,?websocket+SSH?????????????????,???????????????

???????????????????????IP???????????????

??????

2024?12????18??????????????,?CNCERT????????????????????????????(

?????????????????

(???)????????

2024????????????8????19???????????,??,????????????/??????2024??????????????8??????21??????????,?????/??

(?)?

2024????8????21?12???????????????,???,??????,????????????????????????????????,?/xxx/xxxx?flag=syn_user_policy???????,?/xxx/xxxStats?

(??????????????)??????????

2024????????????11?????6????????2024?????????????11????????????????8??????????????????????2024?11????16??????????,????276???????????????????????

???????????????????

(?)?

?????????????????????IP??,?,???????????????????,????,???????????

(????)???

2024???????11???????6?????????11????????16?????????,????3?????IP?????????????????????????????????,???????????,???,????????????,?,?????4.98GB?

?????????????

(????????)??????????????

?,??????????????22?8?,????????10??????????????20??,??,??

(??????????????????????????)????????????????

???????5??IP??????????????,?,??

(????????????)????

?,????????????????????????????,??

???????,???????????,??????????????????

(???????????)????????????????????

??????????????,????,????,???????????????????276??,????????????????,????????????????????????????

????????????????????????IP???????????

?????:???????????????????????????????

??: