?????????:???????????????????????

??????1???????????17?????? ????????????????????17??,????????????

?

2024???????????????12??????????18????,??????????????CNCERT??????????????????????(

????????????

(??)????

2024?????8????19?????????????,?,?/??????????????????????2024?8???????????????21?,?/????????????????????

(??????????????????)????????????????????????

2024?8?21????????12?,????????????????????????????????,??????????,????????????????????????????????,?????????/xxx/xxxx?flag=syn_user_policy??????????????,??/xxx/xxxStats?

(??????)??????????????????

2024??????????????11????????6??2024???????????11??????8??????2024?????11???????????16????,????276???????????????????????????????????????

???????????

(?????)??????????????????????

?IP???????????,??????,?????????,??,???

(?)?

2024???????????????????????11?????????6?11?16?,???????3?IP?,??,?????,???,??,???????????????????????4.98GB?

????

(???????????????????????)?

???????????????????????????,????????????????22??????????????8?,????????????????????????10???20?????????,?,?????????????

(??)?????

???????5????IP?,??????,??????????????????

(?)????

????????,?????????,??????????????????

?,????????????????????,?????

(??????????????)??????????

?????????,???????,???,??????????276??????????????,?????,??????????????????

??????????????????????????????????????IP???????????

?

2024??12?18??????????,???????????CNCERT?????????????(

?????????

(?)???????????????????

??Exchange?????????????????2????????Exchange???????????????????????????,?,?,??

(???)????

?????,????2???????????????????????????,?,????????,????/owa/auth/xxx/xx.aspx???????????/owa/auth/xxx/yy.aspx,???????????,????????????,?????????????????

(?)?30??

????????????,???????,???????????????,?????????????????????SSH?SMB???????????????30????????????;????????,?????????????????????????????????????????????????????????????????????,????websocket+SSH?,???????,?????WeChatxxxxxxxx.exe????????????????????????2??PIPE??,??

?????????????????

(???????????????????)???????????????

?,???????????????,??????????????????????????????,??????????????????????????,?,??

(??????)????????

?3?????????,????????????????????????????????????????,2023????????5????2??????????,?????(95.179.XX.XX)?????,????????????????????????????,?,???????????????,?“?”?“???????”?“??????????????”?“?????(??+??????????????)”?“????????????????IP????????????”?“??????????????”??????

(???????????)??????????

????????????????,????????????????????,2023?????????????????7??26???????????????????????????,??????(65.21.XX.XX)??????????????????????,?,???,?,?1.03GB???????????????,?????????????“?”??????????????“tip4XXXXXXXX.php”?

(?????)??????

???,???????????????,?????????,?????????????????????????????????????????SSH??????????,?????????????????,???????????????

??????????????????????

(?)???????????????

?,????22?8???,??????????10?20??????????,???????,????????????????????

(?)??????

2023?5?????????????2023?10????????,????????????30????????????,????????????IP????,????????????????????

(?????????)?

??????2???????PIPE??????????????????????????????????“c:\windows\system32\”???,??????????????.net?,?????????????,???????????KB,???????????TLS???????????????????????????????????????????,???????????https?????????????,????websocket+SSH?,???????????

????IP???????????????????