???????????????!?????????????????

????????????????

2024?12???????????????18???????????,?CNCERT???????(

??????????????????????????

(???)?

????????????????????Exchange???????????????????2?Exchange?,??????????????,?,??

(????)?????

???????????????????,?2????,????????????????????????,???????????????????,?????????????????/owa/auth/xxx/xx.aspx????/owa/auth/xxx/yy.aspx,????????????????????????????????????,?????????????????????,???????

(?)?30???

???????????????,?????????????????,???????????????????????,?SSH?SMB????????????????????????????30????????????????????????????????????;???????????,???????????????????????????????????,?????websocket+SSH?,?????????,??????????????WeChatxxxxxxxx.exe?????????????????2?????PIPE?????????????,??

????????

(???????)??

?,???????????????,?????,???????????????????????,?,????????

(?)?

?3?,???,2023??????????????????????5?2????????,????????????(95.179.XX.XX)?,?????,??????????????,????,?“????????”?“??????????”?“??”?“?(??????????+???????)”?“??????????IP??????????????????????????”?“??????????”?????????????????

(????????????????????????)????????

???????????????????????????????????,????????????????,2023??????7??????????26?,????????????????????(65.21.XX.XX)???????????,?,??????????????,???????????,?????????????????????????????????1.03GB?????,?“????”??“tip4XXXXXXXX.php”?

(????)?

????????????,???,??????????,??????????????????????????SSH?????????????,?,???????????

??????????????????????????

(???????????)???????????

??????????,????????????22?????????8?,??????10?????????????????????20??????,?,????????

(????)??????????????

2023?5?????2023?10???????????????????????????,???????????????????30??????,??????????IP?,?????

(?)?????

??????????????2?PIPE????????“c:\windows\system32\”?,?.net?????????,???????????????,????KB,???????????????????????????TLS??????????????????????????????????????????????,??https?????????????????,??websocket+SSH???????????????????,???????????????????????

?????????????????????????????????????????IP?

?

2024?????????12???????????????????18??,????????????????CNCERT?????(

??????????????????

(??????)??

2024???????????????8?19??,?????????????,??????????????/?????2024?8????21???????????????????????,??????/????????????????????

(?)????

2024??????8???????????21??12??,??????????????????????????????,????????????????????????,??????????????????,????/xxx/xxxx?flag=syn_user_policy??,?/xxx/xxxStats?

(????????)????

2024?11????????6?????????????2024?????11???????8??2024????11?16????????,??276???????????????????????????????

???

(??????????????)???????

?IP????,??????,????,?,????

(??????????????????)?

2024????????????????11????????????6???????????????11????16?????????????,??????????3?????????????????IP??????,????????,??????,???,?????????,????????????????????????????4.98GB?

???

(?????)??????????????

??????,??????????????????????????????22???????????8?????????,?????????10?????20??????????,?????????,?????

(??????????????????)????????

??????????????????5??IP????,???????????????????????,????????????????

(?????)??

??????????????????????,??????????????,???????????????????????????????????

?,???,??????????????

(??)?

????????????,?????????,??????,?????????????276?,?????,??????????????????????

?????????????????????????IP??

??:?????