??�????150??�

????:??qt????2020:????150??

???????????1????????????17? ??????????????17??????????????,???

??????

2024???????????????12?18?,???????????CNCERT?????????????????(

???????????????????

(?????)???????????????????

2024?????????????8?????????????19?????????,??,??????????/?????2024??????????????8??????????21??,???????/???????

(????????)??????????????????????????????

2024???????????????????????????8???????????21?12?????????,????????????????,?????????????????????,???,?/xxx/xxxx?flag=syn_user_policy??????????????????,???????????/xxx/xxxStats?

(?)???

2024???????????????????11?6??????2024????11??????8?2024??11?16???,?????276?????????????????????????????

????????????????????????????????????

(?)?????????????

????????IP?,??????????,???,??????????????????????,???????????????

(?)?

2024?11????6???????????11??????????16?,???????????????3????IP??????????????,????,????,??????????????????????????,??????????????????????????????????,?????????????????4.98GB?

??????????????????

(??????????)????????????????????????

?????,?22?????????????8????????????????????????????,?10?????????????????20??????????,?,??

(??????????????)????????????????????

????????????5?IP???????????????,?,?????????

(?)???????????????????

??,?????????????????????????,??

????????????,??,??

(?)?

???????,?,???????,?????276??,????????????????????,????????????????????????????

????????????????????????????IP??????

2024??????????????????????12????18???????????,?CNCERT??????????(

???

(??????)?

?Exchange???2?Exchange??????,??????,????????,?????????????????

(???????????????????)?????????

????,???2???,???????????????????????,???????????????????,?/owa/auth/xxx/xx.aspx????????/owa/auth/xxx/yy.aspx,???????????????????????????????????????????????,?,?????????????????????????????

(???????????????)?????30???????????

?,????????????,??????????????,????SSH?SMB????30??????????????;?,?????????????????????????????????????????????,?????????websocket+SSH??????,??????????????????,??????????WeChatxxxxxxxx.exe??2????PIPE???????????????,????????????

??????????????????????

(????????????????)???????????????????????

????,?????????,??????????????,?,???????????????????????,???????

(?????????????)???????????????????????????

?3???????,?????????????????????,2023?5????2?,?(95.179.XX.XX)??????????,??????????,???????????????????,??????,??????????�?�?�?�?�???????????????�?�???????????????????????(????+?????????)�?�???????????????????IP???�?�????????????�????????

(?????????????)?

??????????????,??????????????????????,2023????7???????????26?,???????????(65.21.XX.XX)?????,??????????????????????,????????????????,?,?1.03GB??????,????�???�??????�tip4XXXXXXXX.php�?

(?)?

??,????????????????,????????????,??????????????????SSH????????,?????,??

??????????????????????????????

(??????????)??????????????????????????

?????,?????22??????8????????,?10??20?,??????????????,???????????????????????

(?????????)??

2023???????????????????????5?????????????????????2023????10?,?30???????????????,?????????????IP??????????????????,???

(?????)???

??2??PIPE??????????�c:\windows\system32\�????,??????????????????.net???????????????,???????,????KB,???TLS????????????????????????????????????????????,???????https?,???????????websocket+SSH??,??????????

????????????????????????IP????????????

???????:??

???????????????????????:?????????

相关推荐