??????????????????????????:?????????

?? > ?? > ??

???????????????????????:?????????

2025-01-19 11:29:54??:????:???

???????????????????????:?????????

?1?????????17??????? ????????17???,????????????????

??????????????

2024????12?18????,?CNCERT???(

?????????????????????

(?)????????????

2024????????????8?????????????19?,??,?/?????????????????2024?????????????????8??????????????????????21???,?/?????????????????

(??????????)?

2024??????8??21??????12?????????,????????????,??????,?????????????,???????????????????????????/xxx/xxxx?flag=syn_user_policy?????????,????????????????/xxx/xxxStats?

(?????????)?

2024??11???6????????????????????2024??????11?8??2024???????????????11???????????16???????????????????,?276???????????????????????????????????????????????????????????????

??????

(??????)???????????????????

?IP?,??????,?,?,??

(???????)??????????????

2024????11?6?????11??????????16??????????????,????3???IP?????????????,?,??,????,?,?????????????????????????????????4.98GB?

???????????????????????????????????

(?)?

?,???22?8????????,????10????20????,?????,?????

(????????????)?????

??????5????????IP?,?????????????,??

(??????????????)?

???????????????,???????????????????????,??

??,??????????????????,?????????????????

(??????????????)??????????

?,??????????,????,?276??????,?????????????????????????????????,????????????????????????????????

??????????IP?????????

???????

2024?12?????????????18?????,?CNCERT????????(

?????????????????????????????

(???????????)???????

?????????????????Exchange???????????????????????2?????Exchange??????????,?????,??????,??

(?)??

???????????????????????????,????2?????????,???????????,????????????,??????/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,????????????????????????????,??????,??????????

(???????????????)???????????30??

??????????,????,???,????????????SSH?SMB???????????????????????30???????????????????????;???????????????,??????????????????????????????????????????????????????????????????????,??websocket+SSH????????,???????????,?????WeChatxxxxxxxx.exe??2?PIPE??????????,???

??????????????????????

(?)?

??????????????????????????????????,???????????????????????,?,???????????????????????,?,???????

(?????????????????)??????????

?3???????????????????????????,???,2023????????????????????????5?2???????????????????,???????????????????????????(95.179.XX.XX)????????????????????????,???????????????,?????,???????,???????????�???????????�?�???�?�?????�?�??(???????+??????????????)�?�????????IP?????????????�?�?�??????????????????

(??)?????????

????,?????????????????,2023???????????????????7?26?,??????????(65.21.XX.XX)?????,?,?,????,??1.03GB???????????????????????,?�????�????????????�tip4XXXXXXXX.php�?

(???)?

??????????,????????????,????,???????????????????SSH????,???????????????????????,????????

?????????????????????

(?)???????????????

??????????????????,???????????????22????8???????,????10?????????????20?,????,???

(???????)??????

2023??5?2023????????????????????????????10?????????????,?30??,??????????????IP?????????????,??????

(???????????????????)??????????

??2?PIPE??????????????�c:\windows\system32\�??????????????????????????????,????????????????????????.net?,?,???????????KB,?????????????????TLS????????????????????????????????????,?????????????????????????????????https??????,??????????????????????websocket+SSH??,??

??????????????????????????IP?

?????????????:???????????????????????????

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐