???????????????????????:?????????

??: ????
2025-01-18 20:12:43

?1????17?????????? ??17?????????????????????,?????????????????

??????????????

2024??12????18?,?????????????????CNCERT????(

?????????????????

(???????????????????)????????????????

2024????????????????????????8??19???????????????,????????????,???????????????????????/???????????????2024?8??????????21??????,??????????????????????/?????????????

(?)??????

2024??????????????????????8???????????21??????????????12????,?????????,?,??????????????????????????,???????????????????????????/xxx/xxxx?flag=syn_user_policy?????,?????????????/xxx/xxxStats?

(???????)?

2024?11???????????6??????????????????????????????????2024??????????????????11?8??????????2024??11??16?????,???????276???????????????????????????????

????????????

(?)????

??????????????IP?,???????????????,???????????????????,????????????????,??????

(???????????)??????

2024?11?????6???????????????????????11??????????????????????????16??????,????????????????????????????3?IP????????????????????????????,????,???????,??????????????????????????,????????????,??????????????????????????4.98GB?

????????

(??)?

????,?????22??????????????????????????????8?,????????????????????10??20?,??,???????????

(????)?????????

?????????5?IP????,?,??

(??)????????????

???????,??????????,????????????????????

??????????????,?????????????????????,????

(???????????????????????)????

?????????????,????,???????????????????,????276??????????,????,????????????????????????????

?????????????????????IP??

???????????????????????????

2024?12??????????18????????,?CNCERT????????(

???????

(?)??????

???????????????????????Exchange???????????????????????2?Exchange???,?????????,????????????,??

(?????????)????????????????

????????????,????????2?,??????????????,???????????,???????????/owa/auth/xxx/xx.aspx??/owa/auth/xxx/yy.aspx,??????????????????????????????,?,????????????????????????????

(?)?30?

???,????,???????????,??????????????????????????????????SSH?SMB??????????????30???????????????????????????;????????????????????????,????????????????????????????????????????????????????????????????,?????websocket+SSH???????????????,??????,??????WeChatxxxxxxxx.exe??????2????????????????????PIPE??,???????

???????????????

(?)?

?,????????????????????????????,?????????,?,???????????,????????????

(????????????)?

?3??????????,???,2023??5???????????2??????????,???(95.179.XX.XX)?,?,?,?,???“??????????????????”?“??”?“???”?“???????(???????????+?????????????)”?“???????????IP??????????????”?“?”??????????????????

(??????)?

????????????????????????????????,???????????????????,2023???????7???????????????26?,?????(65.21.XX.XX)???????????????,?,?????????,?,????1.03GB??,?????????“?”????????“tip4XXXXXXXX.php”?

(?)??????????????

?????,???????,?,?????????SSH?,?,??????????

??????????????????????????????????????????????????

(??????)????

??,??22???????????????????????8????,??10??????20?,?????????,????????

(????????????????)?????????????

2023??????????????????5????????2023?10?,??????30?????????????,?IP?????????????????,???????????????

(?????)?

?2?PIPE???“c:\windows\system32\”???????????????,??????????????.net??,?????????????,?????????????KB,??????TLS???????????????????????,?https??????????,?websocket+SSH??????????,????????????????????

??????????????IP?

?????:????????????????????

??

???:????
??:???????????,??????????,??????????????
?? (0)

????

相关推荐

???? ??

Copyright ? 2023 Sohu All Rights Reserved

???? ????