�92939598?????�????

????:???????????:92939598?????

???????????1???????????17?? ??????17???????????,??????

????

2024?12?18????????,?????????????CNCERT?(

??????????????????????????????????

(??????)?????????

2024???????????????????????????8?19??????????????,???????????????,????????/????????????2024??????????????????????????????8????????21???,???????????/?????

(??????)????

2024???????????????8????????????21??????????????12???????????????????????,????,????,????????????????????????????????????,??????????/xxx/xxxx?flag=syn_user_policy??????????????,?/xxx/xxxStats?

(????)??????

2024???????11??????????6???????????????????2024?11??8??????????2024?????11?16?,????????????????276??????????????????????????????????????????

???????????????????

(??????????)?

?IP??????????,????????????????????????,?????,???????????????,??

(?)?

2024??????11??6??????11????????16?,???????????3?IP?,?,???????????????,?????????????????????????????,????????????????????,??????????????????4.98GB?

???

(?)??????????????

??????,??????????????????????22???8??????????????,?????10??20???????????????,????,?????

(?)??????

?5?IP?,?,?????

(???????)???????????????????????????

??,???????????????????,?????????

???????????????,?????????,????????????????

(???????)???????

?????,??????????????,??????,?????276??,??????????????????????????????,????????????????????????????????????????????

???????IP????????

??????????????

2024????12????18?,?????????CNCERT?(

???????????????????

(?)??????????????

????????????Exchange?????????????????????????2?????????????????Exchange?,??,??????????,?????

(???)?????????????

?????????,???????????????2?,???????????,??????????????????????????????,?????/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,????????????????????????????,?,????????????????????

(??)?30???

?,?,?,???????SSH?SMB?30????????????????????????????????;?,?????????????????????????????,???websocket+SSH?????????????????,??????????????????????????????,?WeChatxxxxxxxx.exe????????????????????2???????????????????????????PIPE???????????????????????,???????

??????????????????

(???????????????????????)????

?,???????????????????????????????,?????????????????,??????,??????????????????,??

(?)?

??????????????3?,??????????????????,2023?5?????2??????????,??(95.179.XX.XX)??????????????,?,?????????????,???????????????,????�????�?�??�?�?????????????????????�?�?(?????+?)�?�????????????IP?�?�??�????????

(?????????????)?

?????,????????????,2023?????????7???????????26???????????,?(65.21.XX.XX)?????????????????????,?????,????????????????????????,??????????,??1.03GB??,???�??????�?�tip4XXXXXXXX.php�?

(??????????)????????????????????

????????????,????,????????????,?????????????????????SSH??????,?,?????????

?????????????????????????????????

(???????????????????)??????????????????????????

???????????,?????????22??????????????????????8?,???????????????10?????????????20???????,????,????????????

(???????????????????)?????

2023????????5???2023????????????????10?,?????????????????????????????????30???????,??????????????????????IP????????????????,??????

(??)?

??2??????????PIPE?????????????�c:\windows\system32\�?????????,??????????????????????????.net?,??,??KB,??????TLS????????????????????????????????,?????https??????,??????????????websocket+SSH?,??

?????????????????IP?????????????????

???????:????

?????????:???????????????????????

相关推荐