?????????:???????????????????????

????1?17???? ??????????????17??????????????????????,???????????????????

?????

2024????12?18??????????,???????CNCERT????(

??????????????????????????

(??????????)????????

2024???????????????????8?????????????19??????????????,?,?/??2024?8????????????????21?????????????,?????????????/???????

(???????????????????????????)?

2024?8???????????????21?12?,????,??????,?????????????????,?/xxx/xxxx?flag=syn_user_policy????????,?/xxx/xxxStats?

(?)??????

2024??11?6??????2024???????????????????????11???????????8??????????????2024?????????11?16????,???????276???????????????????????????????

??????

(????????????)???????????????

??????IP???????????,???????????,???????????????,????????,????????????????

(?)?

2024????11???????????????????6?????11??????16?,???3????????????IP???????????????????,?,?????????????,???????????????????????,?????????????????,?????????????????????????????4.98GB?

?????????????

(?)??????????????

?????,?????????????22??????????8?,?10?20???????????????,?,??

(???????????????????????????)?

??????????5?????IP???????,????????,??????????

(??????????????????????????)???????????????????

?????????,?????????????????,???????????????

??????,????????????,??

(?????????????????????)?

??????????,?????????,???????????????????????,???????????????????276???,???????????,?????????????????????????????????????????????????????????

???IP?????

?

2024??????????????12??????????????????????18??????????????????????????????????,??CNCERT??(

??????????????????

(????)??

???????????????????Exchange???????????????2????Exchange????,????????????,????,???????

(???????????)????

??,???????????2?,??????,????????????????,??????????/owa/auth/xxx/xx.aspx????/owa/auth/xxx/yy.aspx,???????????????,???,??

(????????????????????????)????30????????

?,????,????????,?SSH?SMB????????30????????????????????????????????????????;??????,??????????????????????????????????????????????,??????????????????????????????websocket+SSH????????,??????????,?WeChatxxxxxxxx.exe??????????2?????????????PIPE???,??????????

??????????

(?)?????????????????

??????,???????????????????????????????,??????,?,????,????????????????????

(??????????)???????????

???3?????????????????,???????,2023?5??????2?????,????(95.179.XX.XX)??????????????,????????????????????,???????????,?,????????????“??”?“?”?“??”?“?(?+????????????????????????)”?“?IP??????????”?“?????”????????????

(???)?????????

?????????????????????????????,?????????????????????????,2023????????????????7?????26????,???????????(65.21.XX.XX)????????????????,??????,?,?,??????????????????????1.03GB???????????,?“??????”???“tip4XXXXXXXX.php”?

(?)?

?????????,?,??,??????????????SSH???????,??????????????????,????????????????

?????????????????

(???????)????????????????????????????

??????????????,???22????????????8??????????????,?????10?20?,????,???

(???????????????)??????????????

2023??5????????????????????????2023??????????10?????,?30????????????????,?IP?????????,??????

(???????????????????????????)??????????

???????2?PIPE??“c:\windows\system32\”?????????????????,???.net??,????????,??KB,?TLS????????????????????????????????????????????????????????,??https?,???????????????????????????websocket+SSH??,???????????

????????????????????????????IP??????

??????????????:??????????????????