??????????????????!?????????????????

?? > ?? > ??

???????????????!?????????????????

2025-01-17 21:40:17??:????:???

???????????????!?????????????????

??????????????????????

2024???????????12?????18??????????????,????????CNCERT???????????????(

????????????????????????????

(????????????????)????

??????????????Exchange??????????????????2????????????Exchange????????,???????????????,??????????????????????????,???????????

(??)??????????????????????????????

?,??????????2??????????,????????????,????,?/owa/auth/xxx/xx.aspx?????????/owa/auth/xxx/yy.aspx,????????????????????,?,??????

(????????????????????????)????30??????????????

???????????,????????????????????????,??,?SSH?SMB?30?????????;??????,???????????????????????????????????????????????????????????????????????????,????websocket+SSH?,?????????????????????????,?WeChatxxxxxxxx.exe????2??????????????PIPE????,????????????????????

????????????????

(??????????)??????

?,?????????????????????????????,?????,?,?,??

(???????????)????????????

?????????3???????????????????,??????????????????,2023??????5????2??????????,?????(95.179.XX.XX)?????????,??,?????????,??,??�?????????????????????�?�?�?�????????????�?�????(???????????????+???)�?�?IP??????�?�????????�??

(?)?

??????????????????????????????????????????????????????????,???????????????????,2023???????????????????????????7???????????26?,??(65.21.XX.XX)??????,????,???????,????????????,???????????????1.03GB?????????????,????????????????????????????�??????????????????�??????????�tip4XXXXXXXX.php�?

(?)??????????

??????????????,?,???????????,????????????????????????????SSH??????????,???????????????????????,??

??????????????????

(????????????????????????)???????

?,????22???????8??????,????10?20???????????????,?,???????

(??????)?????

2023????5??????2023?10??????????,??30?????????????,??????????????IP?????????,????????????????????

(??????)??????????

?2?????PIPE??????????????�c:\windows\system32\�?,??????????????.net???????????????????????,?,??????????KB,?????TLS?????????????????????????????????????????????,??????????https????,???????????websocket+SSH??????????,???????????

??????????????????????????IP???????????????

2024?12?????????????????????18????????,????CNCERT?(

???????????????

(??????????????)????

2024?8?19?????????,?,??????????????????????/???2024????????????????8?21???????????????????????????,?????????????/??????????

(?????????)?

2024????8?21?12?????????,???????????,???????,????,???????????????????/xxx/xxxx?flag=syn_user_policy??,????????????????????/xxx/xxxStats?

(?????)???????

2024?????????????????11???????????6???2024?11?8???????????????????????????2024???????????????11????????????????????16????????????,?????276????????????????

???????????????????

(??????????????)?????????????

???????????????????????????IP?,?,?,???,????????

(?????)??????

2024???????????????11?????????????6?????11??16????????????,???????????3?IP?,?,????,??????,??????,????????????????????????????4.98GB?

????????????????

(???????????????????????)?????

???????,??22????8?,??10????20???????,????,????????????

(????)????????

?5????????IP????????????????,?????,???????????????????????

(????)??????????????????

???,?????????????????????,??

????,???,??

(?)???????????????

?,?,?,?276?,??????????,??????

??????????????????????????????????IP?????????????????

???????????????:????????????????????

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐