????????????:???????????????????????

?? > ?? > ??

?????????:???????????????????????

2025-01-18 12:57:47??:????:???

?????????:???????????????????????

??1?????????????17? ????17????,??

??????????

2024?12??18????,??CNCERT???????????????(

?????????????????????????

(?????)?

2024???????????????????8?????????????????19???????????????????????????,????????,?/???????????2024???8???????????????????????????21????,????/??

(??)?

2024???????????8???????????????????21?????????12??????????????????????,???????????????,?,????????????????,???????/xxx/xxxx?flag=syn_user_policy?????,?/xxx/xxxStats?

(?????????????)?

2024????????????11?6??????2024??????????????????????????11??8????????2024?11????16???????,?276??????????????????????

??????????????????????

(?)??????????????

?IP????????????????,???????????????,????????,????,???

(?)?

2024???11?6????????11?16?,???3????IP???????????????????????,???????????????????????,?????,?????????????????????????????,?????????,????????????????????4.98GB?

????????????????????????

(????)?????????????????

??,?????????????????????????????????22?8??????????,???????????????10??????????20?,?,??????

(??)?

?????????????5???IP???????????????????,???????????,??

(?????????????????)?????????????

?????????????,??????,???????

?,??,?????

(???)??

?????????,???????,????????????????????????,????276?????????,??????,?????????

?????????????????IP????

2024????????????????????????12???????????????????????????18??????????????,?????CNCERT?(

?????????????????

(?????)??????????

????????????????Exchange??????2?????????Exchange??????,?,???????????,?????????????

(???????????????????????)???????????????

??????,??????????????2???????????????????,???????????????????,????????????,?/owa/auth/xxx/xx.aspx??????????????????????????/owa/auth/xxx/yy.aspx,?????????????????????,?,??

(???????????????????)??30?????????

?,??,?????,??????????????SSH?SMB??????30???????????????????????????;??????,??????????????????????????????????????????????????????????,????????????websocket+SSH??,????????????????????????????????,?WeChatxxxxxxxx.exe?????????????2??????PIPE???????,??????????

?????????????????????????

(??????????????????)????????

?????,?????????,???????????????????????,?,?,????????????

(???????????)??????

?3???????????,???,2023????????????5?2????,?(95.179.XX.XX)???????????????,?,?,????,??�?�?�???????�?�??????????????????�?�????????????????????(???+?)�?�??????????????IP?�?�?�???????????????????????

(????????????????????????????)?

????????,??????????????????????,2023??????????7??????26?????????????????,?(65.21.XX.XX)?,??????,???????,???????????????,??????????????1.03GB????????????????????????,????�??????????????????????�?�tip4XXXXXXXX.php�?

(????????????????)???????????????

??????????,??????????,???,?????????????????????????????????????????SSH??????????????,?????,????????

???????????????????????????

(??)?????

???????????,??22???????????8?,?10???20??????????????????????,??????????????,??

(????????????????)?

2023???????????5???????????????2023?????10??????????????????????????????????,??30???????????????????????????,?IP????????????,????????

(?)?

?????2??????????????????PIPE?????????�c:\windows\system32\�????????????????????,????????.net??????????,??????????,??????KB,???????????????TLS??????????????????????????????????,?????????????https?????????????????,?????websocket+SSH?,??

????????????????????????IP??????

???????????????:??

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐