????????????:???????????????????????

?? > ?? > ??

?????????:???????????????????????

2025-01-20 09:29:47??:????:???

?????????:???????????????????????

?1??17????????????? ????????????17?????????????????????,???????????

????????????????????

2024?????????????12???????18??,?????????CNCERT????????????(

????????

(?????????)????????

2024???????????8???????????????????????????19???????????????????????????,?,??????????/????2024??????????????????????8??21?,???????/???????????????

(???????????????????????????)?????

2024?8?????21??????????????12?????????????????????????????????,??????????,???????????????????,????????????????????,??????/xxx/xxxx?flag=syn_user_policy???,????/xxx/xxxStats?

(?????????????????)????

2024??????11????????????6????????????????2024??11???????8??????????????2024?11????????????????16???,??????????276?????????????????????????????????????????????

???????????????????????????

(?)?????????????

?IP?,???????????????,????,??????????,????????????????????????

(?????????????)?

2024?????11??????????6?11??????????????16??????,?3????????IP???????????,????,??????????????????????????????????,????,?????,?????????4.98GB?

????????

(???????????????)?????????????

??,????????????22????8??,????????????????10???????????????????????20??,?????????????,????????????

(?)????

??????????????5???????????IP??,?,?????

(?)?????????

?????,???????????,?????

???????,???????????????,??

(????)?????????????

???????????,??????????????,??????????,?????????????????276????,???,?????????????????????????

?????IP?

2024??????????????????????????12??18?,????CNCERT??????????(

??????????????????

(?????)????

???????????Exchange????????????????????????????2??????????????Exchange?,?,?,?????????????????????????????

(?????)?????????????

?,?????????????????????2??????,???????????????,???,?????????/owa/auth/xxx/xx.aspx?????????????????/owa/auth/xxx/yy.aspx,???????????????????????????,???????????,???????????????

(?)????30?

????????,??,????????????,????????SSH?SMB????????????30??????????????????????????????;??????,??????????????????????????????????????????????????????????,?????websocket+SSH?????,??????????????????????????????,?WeChatxxxxxxxx.exe??2???????????PIPE?,???????????

???????????????????????????

(???????????????????????)??????

??,?????????,?????,????????????,??????,????????????

(????????????????????????)??????

?3????????????????????,?????????????????????????????,2023?????????5?2????,????(95.179.XX.XX)??????,?,???????,?,?????????�???????�?�???????????????????�?�????????�?�??(?+??????)�?�????????????????IP??????�?�???�????????????????????????

(??????????)???????????????

???,??????????????,2023???????????????????7??26????,??????????????(65.21.XX.XX)????????,?,?????????????????,?,?1.03GB??,?�???????????�???????�tip4XXXXXXXX.php�?

(???????????????????)???

??,?,?,????????SSH?,???,???????????????

??????????????????????

(??)??????????????

?,?????22?8????????????????????????,???????10?20?????????,????????????????,?????????????????

(?)?

2023?????????5?????2023??????????10?????????,????30?????,???IP??????????????,??

(???????????????????????????)?

?2?PIPE???????????�c:\windows\system32\�?,????.net?????,?,???????????????KB,????TLS?????????????????????????????????????????????,??????????????????????????https?,?websocket+SSH?????,???????????

?????????????????????????IP??????????????

????????????????????????:???????????????????????????????

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐