?????????:???????????????????????

?1?17?????? ??????17?,??????????

?

2024??????12?18?,?CNCERT?????????????(

????????????????????????????????

(?)???

2024?8?????19?,?,???/??2024?8???????????????21?????????????????,???????????????????/??

(???????????????)?????

2024??????????8?21??12??????????????????,?????????????????????????,?????,????????????????????????????????,???/xxx/xxxx?flag=syn_user_policy????????????????????,????????????/xxx/xxxStats?

(????????????????????????????)???????????????????????????

2024???????11??6??2024?11??????8????????????????????2024?11??????????????16????,??????276???????????????????????????????????????????

???????????????????

(??????)????????????

??????????IP???????????,?,??,??????????,????????????????

(?????????????)????????????

2024???????????????11????????????6?11??????16?????,??????????????3???????????????IP?,?????????,??????????????,????????????????????????????????,????????????,?????????4.98GB?

??????????????????

(?????????????)??????????????

????,??????????????????????22?????????????????????8?????,???????????????10?20??????????????????????,???????,???????????????????????????????

(????)??

?5??????????????IP??,??????,??

(??????)???????????????????????

?,?????????,??

????????,?,????????????????????????

(??????????)?

????,???????,???????????????,?276????,?????????????????,?????????????????????????

??????????????????IP??????

?

2024??12?????????18???,???????????????????CNCERT?????(

???????

(?)??????????????????????????

????Exchange?????????????????????????????????????????2?Exchange???????????????,???????????,???????????????????????????,??????

(??)?

??????????????,?2?????,???????????????????,????????????????????????????????????,??????????????????/owa/auth/xxx/xx.aspx????????/owa/auth/xxx/yy.aspx,??????????????????????????????????????,???????,?????????

(???????????)???????????????????????30???????????

??????,????????????????????????,???????????????????????,?SSH?SMB??30???????????????;?????????????,??????????????????????????????,????websocket+SSH?,?????????????????,????????WeChatxxxxxxxx.exe??????????????????2?????????PIPE????,??

????????

(???)????

??????????,??????????????,????,???????????????????????????,??,?????????

(?????????????????????????????????)????????

???????????3??,???????????????????????????????,2023????????????5?2???????????,?(95.179.XX.XX)????,???????????????????,??????????????????,??????????,?????????“??????????????????????????”?“?”?“???”?“?(?+????????????????)”?“???????????IP????”?“????????”???????

(??????????????)????????????????

??????????????????,???,2023??7?26??????????????,????????????????(65.21.XX.XX)?,????,???????????????,????,??????????1.03GB???????????,??????????????“??”?“tip4XXXXXXXX.php”?

(??????)?????????????

?,??,?????,???????????????????SSH?????????????,??,????????????

?????????????????????

(??)???????????????????

?,?22????????????????8????,????????????????????????????10??20????????????,??????????????,??????

(?????)????

2023????????5?2023?????10???????,?30??,?IP???????,??????????????????

(???)???????????

??????????2?PIPE?“c:\windows\system32\”?????????????,?.net????????????????????????,??????????????,?????????KB,?TLS?????????????????????????????,????https??????????????,??????????websocket+SSH?,??

????IP?

??:????????????