鸡西品茶联系小巷子

????:??????????:???????

????

2024???????????12?18????,????CNCERT??????????(

???????????????

(??????)???????????????

????Exchange????????????????????????????2?????????Exchange???,??????????????????????????????????,????,?????

(?)??????

????,???????????2????,?,??????????????????,?????????????/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,???????????????????????????????,???????????????????????,?????

(???????????)??????????????????????????30?

?????????,??????,????,???????????????????SSH?SMB??????????30?????????????????;????????????????????????,?????????????????????????????????????????????????????????????????,??????????????websocket+SSH?????????????????????,??????,????????WeChatxxxxxxxx.exe?????2?????PIPE??????????????,????????

????????????

(?)?

?,??????,?????????????,?????????,?????,??????????

(????)???????????

?3?????????????,??????,2023????????????????5???????????????????????2?????,?(95.179.XX.XX)?,????????????,??,???????????????,???????????????????�????????????�?�???????????????????????????�?�?�?�????(?+??)�?�???????????????IP???????????????????�?�??????????�????????

(????)???????????

???????????,?????????????????????????????,2023??????7?????????????????26???????????,?????????(65.21.XX.XX)???,????????????????????????????,??????????,?,??????????????1.03GB??????,????????�??????????????????�???????????????????�tip4XXXXXXXX.php�?

(???????????)?

???????????????,??????????,??????,??????????????????????????SSH?,????????????,??

?????????

(???????????????)??????

?,??22?8??????,?10?20????????????????,???????,???????????????????????

(????????????)???????????????

2023??????????????5??????????????????????2023??????????????????????????????10?,????????30??????,????IP?,?????????

(?)??

???????????????????????2????PIPE??????????????�c:\windows\system32\�??,?.net??,?,?????????????KB,?TLS?????????????????????????????????????,?https?,?websocket+SSH?,??

??????????????????????????IP????

2024???????????12??18?????,??????????????????????CNCERT??????????(

???????????

(?)?

2024??????????8?????????19?,?????,?/????????????????2024??????????????8????21??????,??/???????

(???????????????????????????)???????????????????????????

2024?8???????????21?????????????????12?,?????????,???????,????????,????????????????????????/xxx/xxxx?flag=syn_user_policy?????????????????,???????????????????/xxx/xxxStats?

(???????)???????????????

2024????????????11?6?????????????????????????????2024???11?8?2024?????????11?????16?,???????????????????276?????????????????????????????????????????????????????????

????????

(?????)??????

?IP??,????????????,?????????????,??????????,??

(?)???????

2024???????11??????????6????????????????11??????????????16??????,?3???IP???????????????,??,?,????????????????,???????,????????????????????????4.98GB?

??????????????????

(??????????????????)?

??,??22???8????????,?????????????????10??????????????20?,?????????????????????,????????????????????????

(??????????)??????

????5?IP?,?,??????

(??????????????????????????)?

??????????????????,???????????????????,???????????????