??????????????????????????:?????????

?? > ?? > ??

???????????????????????:?????????

2025-01-17 21:35:34??:????:???

???????????????????????:?????????

?1???????????????????????17?????????? ???????????17?,??????????????

2024?????????12????????????????18????????,?????CNCERT????(

???????????????????

(???????????????)?

2024????????????8????????????19?,?????,?/?????????2024??8??????21????,???????????????????/???????

(????????)?

2024??????????????8??????21????12????????,???????,??,?????????????????????????????????????????????????????,?/xxx/xxxx?flag=syn_user_policy?????,?????????????????/xxx/xxxStats?

(??????????????????????????????????)?????

2024??????????????11????6???????2024???????????11??????????????8????????????2024???????????11?16?,???????????276????????

??????

(?????)????

??????????????????????????IP???,?????????????,??????????????????,????????????????,?????

(?)???

2024??????????????????11?????????????6??????????????11???????????????????????16????????,?3????IP?,?,??,?????????,???????,?????????????????????????4.98GB?

???????

(?)?????????

???????,??22???8?,??????????????10?????20?,???????????,???????????

(?)?

?5???????????????????????IP??????????????????????,????????????????????????,???????????????

(??????????????????????????)?

?,??????????????????????,???

??????????,??,??

(??)?

?,?,?????????????????,????????276?,???,????????????????????????????????????

??????????????IP???????????????????????????

??????

2024?12?????????????????18???,??????????????CNCERT????(

??????????????????????????

(???????????????????)?

??????Exchange???????2???Exchange??????????,?,????????????,????????????????????????

(????)?????????

???????????,???????????2????????????,???????????????,?????????,?????/owa/auth/xxx/xx.aspx?????????/owa/auth/xxx/yy.aspx,????????????????????,???????????????????,??????????

(????????????)????????????????????30????????????????????????

?,?,??,?????????????????SSH?SMB????30????????????????????????;??,?????????????????????????????????????????????????????????,?????websocket+SSH???????????????,???????????????????,?WeChatxxxxxxxx.exe?????????????2??????????PIPE??,?????????????????????????

????????????

(????????)?

??????,???????????,???????????????,???????????????????????????,?,????????????????

(?)??????????

?3???????,??????????????,2023???????????????5???????????????????????????2???,?(95.179.XX.XX)??????????????,?,????????,???,?�??????�?�????????????????�?�??????????�?�??????????????(????+???????????????????)�?�?IP???????????????�?�??????????�??

(?)?????????

?????,???????????,2023??????????????7??26?????????????,??(65.21.XX.XX)????????,???????,?,??????????,????1.03GB??,??�?�????????????????????????????�tip4XXXXXXXX.php�?

(?)???????

????,????,?,?????????????????????????SSH???????????,??,????????????????????

??????????????

(?????????????)???????????????

?????????????,????????????????????22?????8?,?10??20??????????????,??????,??

(?)???

2023?????????????????????5????????????????2023???????????????????????????10?,????30???????????????,????IP?????????????????????????????????,????????????

(??????????????????????)???

???????????????2?PIPE?????????�c:\windows\system32\�?????????????????????,??????.net????,???????????????????????,???????????KB,????TLS?????????????????????????????????????,???????https??,??????????????????websocket+SSH?????????,??

???????????????IP??????????????

??????????????????:??

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐