???????????????!?????????????????-????-(??)

???????????????!?????????????????

??: ????

???????????

2024??????????????????????????12?18??????????????????????,???????????????????CNCERT????????????(

???????????????????????????????????????????

(???????????)???????????????

????????????Exchange????????????????2?Exchange????,?????????????????,?,??

(?)?

????????????,???????????2??????????????,??????????,???????,???????????????????????????/owa/auth/xxx/xx.aspx?????????????????????/owa/auth/xxx/yy.aspx,???????????????????????????,?????????????,??????????????

(????????????????)?30??????

??????????????????,?,?????????,??????????SSH?SMB?????????????30??????????????????????????????????????????????;??????,??????????????????????????????????????????????????????????,?websocket+SSH???????????,??????????????????????????????????????,?WeChatxxxxxxxx.exe??????2?PIPE??????????,???????????

???????????????????????????????????????

(??????????????????????)???????????

??,?????????,???,???????????????????????????,?????????,???

(?)??????

??3?,????????????????????????????,2023?5?????????2????????????,?(95.179.XX.XX)???????????????????,??,??,?????????????,?�??�?�????�?�??????�?�????(????????+??????????????)�?�?IP?�?�????�???????????????

(???)?

???,???????????????,2023???????7??26?,????????????????(65.21.XX.XX)???????????????????,??????,???????,?,?1.03GB???????????????????????????????????,??????????????�????�?�tip4XXXXXXXX.php�?

(?????????)?????

????,??????,???????,?????????SSH?????,?,???????????????

???????????

(???)?????????????????????????????????

??????????????????????????????,?22????????????????8?,?10?20?,?????????,????????????????????

(??????????????)????

2023?5???????2023???????10????????,???????????????????30???????????,?IP????????,?????

(??????????)?????????????????

?2????????????PIPE???????????�c:\windows\system32\�?????,???.net????????????,?????,?KB,???????????????TLS????????????????????????????????????????,???????????????????https?,?websocket+SSH??????,???????????????????

???????IP???

????

2024??12?18?????????????????????,??????????CNCERT??(

????????????????????????????????????????????????????

(?)?

2024??????8??????19???????????????,??????????????,?/??2024?8???????????????21?,???????????????/????????

(?)?

2024??????????????????8???????????????????????21?12????????,??????????????,??????????,?????????,?????????/xxx/xxxx?flag=syn_user_policy?????????????,?????/xxx/xxxStats?

(??????????????)????

2024?11????????6?????????2024?????11???????8???????????????????????????2024??????11???????????????16??,????276?????????????????????????????????

?????????

(????)????

?IP?,?,?????????,?,??

(????)????????????????????

2024???????11????6?????????????11??????????????16????????,?3???????????IP??,??????????????????????,??????????,????????????????????????????????????????,???,??????????????4.98GB?

???

(??)?????????????????

??,??????????????????????22??????8?,??????????10??20???????????????????????,?,??

(?????????)??????????

?????????????????5????????IP?,??????????????,???

(????????????????????)???????????

??????,????????????????,????????????????????????????

??,?????????????,?????

(?????)?

?,?,????,????276??????????,???????????????????????,??????????????????????????????

????????????IP??????????????

???????????:??

???:????

??:???????????,??????????,??????????????

?? (0)

???????????????!?????????????????

相关推荐