??????????????????!?????????????????

?? > ?? > ??

???????????????!?????????????????

2025-01-18 09:11:21??:????:???

???????????????!?????????????????

2024??????12??????18??????????????,?????CNCERT??(

??????

(???????????????)?????????????????

???????????Exchange????????????????????????????2????????????????????????????Exchange??????????,???????,???????????,??????????????????????????????????

(??????????????)??????????????

??????,???2???????,???????????????????,????????????????????????????,?/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,?????????????????????????????????????????,??????????????,????????????????

(?????????)??????30???

?,?????,?????????????????????,?????????????SSH?SMB??????????????30??????????????????????????;?????,??????????????????????????????????????????????????????????????????????????,????websocket+SSH????,???????????????????,????WeChatxxxxxxxx.exe???????2???????PIPE???????????,??

?????????????????

(?????)??????????

???????????,????????????????????,?,?,?,??

(????????????????????????)??

?3???????,??????????????????????????,2023?5?????2?,??????(95.179.XX.XX)?,?,??,?????????,??????????????????????�????�?�?????�?�????????�?�????????????????(????+?)�?�?IP?�?�???�??????????????????

(????)???????????

??????????????????????????????,????????????????????,2023?7?26????????????????,?(65.21.XX.XX)???,????,????????????,????,??????1.03GB????????????????,??????????????????????�???????????????????????�?�tip4XXXXXXXX.php�?

(??????????)?

??,?,??????,???????????????????SSH??,???????????????????????,??

????????????????????

(??????????????)??????????????

???????????????????????????,?22?????????????8????????,?????????10???????????????????20??????????,?,???????????????????????????????

(?????)?

2023???????????????????????????5??????????2023??????????????10??,?????????????30?,??????????????????????IP???????????????,???????????

(??????)????

??2?PIPE?????�c:\windows\system32\�????,??????????????????.net?????????,???????????????????????,??????????????????????????KB,??????????TLS???????????????????????????????????????????????,?https??,?websocket+SSH??????????????????,?????????

????????????IP????????

??????????????

2024???????????????????12????18??????????,??????CNCERT????(

??????

(???????????????????????????)???

2024?8??????19????????????????,????????,??/????????2024???????????????????8?21????????????,??/??

(?????????????)??

2024????8?21????12?,?????????,????,??????????????,????/xxx/xxxx?flag=syn_user_policy????????????,??????????/xxx/xxxStats?

(??????????????????????)????

2024?11?????6???????????????2024??11?????8????????????????????2024?????????11?????????????16???????????????,?276??????????????????????????????????????????????

????????????????????????????

(???????????????????)?

?????????????????????IP?,?????????????,??????????,??????????,??

(?)???????

2024?11?6?11?????????????????16??????????,?3???IP???,?,??????????????????????????????????,????????,?????????,????????????????????????????????????????4.98GB?

??????????????????????

(????????????????)?

?,????????22?8?????????,?10?20????,????????,????????????????????

(???)????????????

?????5?????????????IP????????????????????????,?,???????

(????????)?

??,?????????,??

?????,???????????,?????????????????

(???)?????

?,????,?,??276??????,???????????,?????

???????????????IP?????

?????????????:????????????

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐