???????????????????????:?????????

????????????????????????????1?17???? ???17?,??

???????????

2024???????????????12?????18??????????????,?????CNCERT??????????????(

?????????????????????????????

(?)?

2024???????????????????8?????????19??????????,??????,??????????/??2024??????????????8?????21???????????,??/?????

(?)???????

2024??????8??21?12??????????????????????????????????,?????????????????,??????????,?????????????????????????????????????????????????,??????????????/xxx/xxxx?flag=syn_user_policy??????????,???????????/xxx/xxxStats?

(?????)????????????????

2024????????11????????????????????6??2024??????11???????????????????????????8????2024?????????????11????????16????,?????276???????????????????????????

???????????????????

(???????????????????????????)?????

????????????????IP?,?,????????????,??????????????????????????????,???????????

(??)????

2024??????????????????11??????????????6??11??????????16?,?????3??????????????????????????IP???????????????????,?,??????,?????????????,????????????,????????4.98GB?

???????????

(???????????????)??????????????????????

????????,????????22???????????????????8?,?10???20??????????????,????????,??

(???????????????)?????

??????????????????????5????IP??,???????????????,????????????????

(??????????????)????????????????????????

???????,????????????????????,??

??????,????????,??????????

(?)???

??????????,??????????????,???????????,???????????????????276??,???????????????,?????????????????????????????

?????????????????IP??

???

2024?12???18????,?????????????CNCERT?(

?????????????????????

(?)?

?Exchange????2????????????Exchange???????????????????????,?,????,??

(?)?????????????????

?,?2????????????????????,????,?????????????????????,????????????????/owa/auth/xxx/xx.aspx??/owa/auth/xxx/yy.aspx,??????????????????????,????,???????

(?????)?30?????

??,?????????????????????,???,???????????????????SSH?SMB???????????????????????30???????????????????;??,??????????????????????????????????????????????????????????????????????,????????????websocket+SSH??????,??????,???????????????????????WeChatxxxxxxxx.exe???????????????????2???????????????PIPE????,??

?????????

(?????)?

?,????????????????,???????????,?,??????????,?????

(????????????????????????)?

??????????????3?????????????????,??????????????????????????,2023????5?2???????????,????????(95.179.XX.XX)????????????????,?,?????????,??,???????????????“??”?“??”?“?????????”?“????(????????????+??????????)”?“????????????????????????????IP?????????????????”?“???????????”??

(??????????)?

????????????????????,????????,2023?????????7?26???????????????,??????(65.21.XX.XX)?,??,?????????????????,????,??1.03GB??????????????,?“?”?“tip4XXXXXXXX.php”?

(??????????)?

?,???????,?,???????????????????????????????????????????????????????SSH????,???????????????????????,????????????

???????????????

(??????????)??

??????????,?????22????8???????????????,?10??????????????20?????????????,????,??

(???????????????????)?

2023???5?2023?10????????,?????30??????,????????????????IP?,????????????

(???????)??????????????????????

????2???PIPE?????“c:\windows\system32\”?????,?????????????????????????????????.net???????????????????,?,??????KB,??????TLS????????????,????????????https???????????????????????,??websocket+SSH????,??

???????????????IP?

???????:??