�??????�????

?? ???????????????!?????????????????

????:1???????:??????

2???????

3?????????

4????????

5?????90??

??????????????

2024??????????????12??18????,????????CNCERT?(

?????????????????

(?)??????

?????????Exchange???????????????????????????????2?????????????Exchange?,???????,?,??

(??????)?

???????,??????????????????????????2?,?,????????????????????????????????????????????????,????????????????/owa/auth/xxx/xx.aspx?????????????????/owa/auth/xxx/yy.aspx,???????????????????????,????????,??????

(???????????????????????????)?30?

??????????,?????????,???,?SSH?SMB?????30???????????;???????????,????????????????????????????????????????????????????????????????????,????????????????websocket+SSH????,???????????????????????????????,?WeChatxxxxxxxx.exe??2????PIPE??????????,???????

????????????????

(????????????)?

????????????????????????,???????????????,??????????????????,?,????,??????????????

(?)???????

??????????3???????????????????,??????????????,2023??????????5?2????????????????????????????,???(95.179.XX.XX)???????,??????????????,?????,??????,?????�?????????????????�?�????�?�?�?�?????(??+??????)�?�?????????????IP??????????????????????????�?�??????????�?????????

(?)??????????????????????

?????????????????????,??????????????,2023??????????????7????????????????????26?,?(65.21.XX.XX)???????????????????,?????,??????????????,??????,????1.03GB????????????????,???�??????????�???????????????????????�tip4XXXXXXXX.php�?

(?)??????????????

?,??????????????,??,?????????????????????????????SSH?,??,?????????

??????????????????????????

(????????????????????)??????

?????????????,??????????22????????????8?,???????????????????????????10?20?????,?????????????,??

(???????????????????)??????

2023???5????2023?10??????????,??????????????????30??,??IP?,???????????????????????????????????

(??)???????????????????

??????????????2????????????PIPE?�c:\windows\system32\�??????,?????????????????????????????????.net?????,????,????????KB,?TLS?????????????????????????????,??????????????????????https????????????????????????,?websocket+SSH????,???????????????

????IP?????

?????????????

2024???12???????????????18????,?CNCERT????????(

????????????????????????

(????)?????

2024?????????????????8???????19?,???,?/?????2024???????????8?21????????????,?????????/??

(?????????)??

2024????????????8?21???????????????????????????12??????,????????????????????????????????,?,?????,?/xxx/xxxx?flag=syn_user_policy?????,???????????????????????????/xxx/xxxStats?

(?)???????????

2024?11???????????6???2024?11?8?2024???????????11??????????16???????????,?276???????????????????????????????????????

????????????

(????)??

?IP?,???????,?????????????????????,?,???????????????????

(???????????????????????)???????????????

2024??????11?????6??????11????????????16????????,?3??????????IP??,??????????????,????,?????????????????,??????????????,????????????????????????????????????????4.98GB?

?????????

(??)?????????????????

?,?22???????????8?,?10?????????20??????????????,??????,?????????????

(?)?????

?????5??IP??????,??????????????????????,??????????

(?)????????????????????????

???????,????????????????????????,??????????

???????????????,??,????????

(???????????????????)??????????

?,????,????,?????????276????,???????????????????????????,?????????????????????

????IP???

?????:??

????6%

?? ???????????????!?????????????????

相关推荐