???????????????!?????????????????

????:???????:?????????

?????????????????

2024???????????????????12?????18??,??????????????????????CNCERT?(

?????????????????????

(???????????????????)???????????????????????????

???????Exchange???????????????????????????????2?Exchange????,?,??,??

(?????)????

??????,???????????????2??????,?,?????????????????????,??????/owa/auth/xxx/xx.aspx???????????????????/owa/auth/xxx/yy.aspx,???????????????????????????????????????????,?,???????????

(????)???30?

??????????,??,??????,?????????????SSH?SMB???????????30?????????????????????????????????????????;?????????????,??????????????????????????????????????????????????????????????????????????????????,?websocket+SSH?????,??????????????????????,????WeChatxxxxxxxx.exe???????????????????????2???PIPE?,????

?????????????????????????????

(??)????????????

?,???????????????,????????????????????????????,???????????????????,????????,??

(?)????

???????????3?,???,2023???????????????????????????5?2???????????,?(95.179.XX.XX)???????,??????????????????,?,????,???????“???????????????”?“????”?“?”?“?(??????+?????????????????)”?“??IP?”?“??????”??????????

(?)?

???????????????????????????,???,2023??7????????26??????????????????????????????,????????????(65.21.XX.XX)????????????????,?,?,????,????????1.03GB??,???????????????????????????“?”???????????????????“tip4XXXXXXXX.php”?

(???????)?

???,??????????????,???????????,???????????????????????????SSH??????????????,????????,???

???

(?)?????????

??????,????????????22?8??????????,??????????10??????????????????20?,?,??????????????

(????)??????????????

2023??????????5?2023????????????10?????,?30????,????IP???,???????

(????????????????)?

??????????????2?PIPE???????????“c:\windows\system32\”????????,?????????????????????????????????.net?????????????????,?????,??????????????KB,?TLS???????????????????????????????,??????????????????????????https?,???????????????????????websocket+SSH??????,??????????????

?????IP?

????????????

2024??????????????????????12????????????18?,????????????????????CNCERT??(

??????????????????????

(????????????????)?????

2024????8?????????19??,?????????,?/???2024???????????8?21???????,??/??

(??)?

2024???8?????21????12????,?????????????????????????,????????????????????????????,?????????????????????,??????????/xxx/xxxx?flag=syn_user_policy???,?/xxx/xxxStats?

(???????????????)?????????????

2024????????????????????????11???6??2024???????11??????8??????2024?11?????????????????16???????????,????276???????????????????????????????????????????

?????????????????

(????????????????)??????

??????????IP???,????,??????????????,?,??

(?????)???????????????

2024????11?????6???????????????11??????????????????16??????????,???????????3?IP?????????????,??????????????,?,???????????????,???,??????????????????????????4.98GB?

????????????????????

(??????)????????

???????????,?22?8??????,????????10??????20????????,???????????????,??

(????)??????????????????????????????????

?????????????????5?????????IP??,????,??

(???????)??????????

?????????????,???,????????????

???????????????????????????,?,??

(?????)?

???????????????,???????,??????,??276????,?????????????????????????,???????????????????????????????????????????????

???????????????????????????????IP?

??:?????