???????????????????????:?????????

?1?17?????????????? ????????????????17?????,????????????

?????

2024???????12???????????????18????,?CNCERT???(

????????????????

(??????????????)??????????

2024?8??????????????????????????19???????????????????,?,???/????????2024?8?21????????????????????????????,???????????/??????????????????

(?????)?

2024??????????8?21?????????????12??????????????,????????????????????????????,???????,????,???????/xxx/xxxx?flag=syn_user_policy?????????????????,?/xxx/xxxStats?

(??)?????

2024?11?????????6?????????????2024????????11??????????8?????????????????2024??????????????????????11?????16????,???????????276???????????????????????????????????

????

(????)?

???????IP??????????,????,??????,????????????????????,??

(?)????

2024?11?6???????11????????????????16???,???????3??????IP?????????????????,???????????????,?,????,??????????????,??????????????????????4.98GB?

????????????????????????????

(????)??????

???????????,?22?????????8?,???????????????????10????????????????20???????????????????,????????????????,?????

(??????????)??

?5????IP??????????,?,??

(??????????????)?????????

????,???,???????????

?,????,??

(??)?

????,???????????????????,??????????????,?276???????????????????,????????????,???????

???????????IP??????????????????????????????????

??

2024???????????????12???????????18?,????????????CNCERT??????????????????????(

????????????

(???????????)????

??????????Exchange????????????????2?????Exchange????????,??,?????,???

(????)?

???,????????????2?,??,???????????????????,?????????????/owa/auth/xxx/xx.aspx??????????????????????????/owa/auth/xxx/yy.aspx,??????????????????????????????????????,??????,?????

(????????????????????????)?30?

????????????,???????????,???????,?SSH?SMB????????????30?????????????????????????;?,?????????????????????????????????????????????,????????????websocket+SSH???????????????????????????,??????????????????,?????????????????WeChatxxxxxxxx.exe?????????2???????????PIPE?????????,???

??????

(??)??????????????????????

????????????????????????,??????????????????,????????????????????????????,??????????????????,??????????,??????????????????????????????????

(??????????????)???????????????????????????

???????????????????????3?????????????,???,2023??????5??2?,???????????(95.179.XX.XX)???????????,??????????????,??????,??????,?“??????????????????????”?“???????????”?“??????????”?“????????????????????????(????????+?)”?“??????IP???”?“?”???

(?????????)?????????????

????????,??????????????????,2023??????????????7??????????????26?,?(65.21.XX.XX)?????????????????????,?????????????,????,?,?????????1.03GB???????,???????????????????“????????????????????”?“tip4XXXXXXXX.php”?

(?)???

?????????????,?????,????,???????????????????????SSH??,??????,???

??????????????????????????????????????

(???????????????????????????)??

??????????????,?22?8???????????????????????????,????????10??????20????,????,?????????????

(?????)?????

2023??????????5???????????????????????2023???????????????????10?,??????30?,?????????????IP?????,????

(?????)???

???????????????2?PIPE??????????????????“c:\windows\system32\”?????,?.net??????????,?,?KB,????????TLS????????????????????????????????????????????????????,?https????,?websocket+SSH??????,???????

??????????????????IP??