?????????:???????????????????????

??1?????????17? ??????17?????,????????

????????

2024???????12?18???????,???????????CNCERT????????????????(

???????????????

(????)???????????????

2024??????8???????19?,??,??????????????????/???????????????2024????8?????????21????????,???????????/???????????

(???????????????)??????

2024??????????8???????????????????????21??12?,???????????,????????????,?????????????????????????,????????????/xxx/xxxx?flag=syn_user_policy??,??/xxx/xxxStats?

(???????????????????????????)??????????????

2024?11??6???????????2024??11?8????????????????????2024????????????????????????11?????16?????,?????????????????????????????????276????????????????????????????????

??????????????????????????

(????????????????)????

?IP?,??,?????????,??????????????????,??????????

(?????????????)???

2024???????????11?6?????????????11?16?,??3????IP??????????????,???????????????????,???????????,?????????????,????,?????????????????????????????????????4.98GB?

?????????

(??????)?????

??????????,????22?????????8????,??????10?20?,????,?????????

(?)?

?5?IP?????,?????????,???

(??????)??????????????

?,???,??

?????????????????,?????????????,??

(?????????????????)???????

????????????,????,???????????????,???????????276????????????,??????????????,?????

??????????????IP?????

???????????

2024?12??????????????18??????????,???????????????????CNCERT?????????????(

??????????????????

(???)????

?Exchange??????????????????????????????????????????2?Exchange???????????????????????,??????????????,???,????

(??)????????????????

??,??????????2????,?,???????????,???????????/owa/auth/xxx/xx.aspx???/owa/auth/xxx/yy.aspx,?????????????????????????????????,????,?????

(?)??30????????????

?,??????????????????????????,?,?SSH?SMB???30?????????????????????;???????,????????????????????????????????????????????????????????????????????????????????????????,???????????????????????????websocket+SSH??,????,?WeChatxxxxxxxx.exe??2?????????????PIPE??????,??

???????????

(????????)???????

??,???,??????????????????????,?,???,????????????????????????????

(?)???????????????

??????????3?,?????,2023????5?????????????????2?????,?????????(95.179.XX.XX)??????????,?????????????????????,???????,?,????????????????????“?”?“?”?“???????????”?“?(???????????????+????????????)”?“??????????IP???????????????”?“????”?????

(??????)????????

???????????????????????????,???????????,2023???????7?????????????????????26???????????????,?????????????(65.21.XX.XX)?,?????,?,??????????,??????????????1.03GB????????????,???????????“??????????????????????”?????“tip4XXXXXXXX.php”?

(???????????????????????)?

???????????????????????,??????????????,??????????????????????????????,????????????????????????????????SSH?,??????????????,???????

????????????

(?)??

?,?????22????8?????,??????????????????????????????????10??????????20????????,?,???????????????

(??????????)??????????????

2023????????5??????????????????????2023?10??????????????????????,???????????30?,?????????IP???????????????,????????????????????????????

(??????????????)?????????

????2???PIPE?“c:\windows\system32\”?,?????.net????,??????????????????,???????????????????KB,?TLS?????????????????????,?????????????????https????????,?????websocket+SSH??????????????,??

????????????????????????????IP???????????????????

??:??