????????????:???????????????????????

?? > ?? > ??

?????????:???????????????????????

2025-01-18 15:40:11??:????:???

?????????:???????????????????????

?????1???????????????????????17? ????17?????????????????????,???????????????

???????????????????

2024????????????????12?18??????,???????????CNCERT?(

????????

(?????????)?

2024?8???????????????19??,???????,?????????/?????2024?8???21??????????????,????/?????????

(??????????)?

2024???????????8??????????21?????????????12?,????????,?,?????????????????????????????????????,?????????/xxx/xxxx?flag=syn_user_policy??,???????????????????????????/xxx/xxxStats?

(??????????)???????????????????

2024???????????????????????????11?????6??2024??????????????????????????????????11?????????8??????????????????????2024?11??????????16??,??????????276?????????????????????????????

?????????????

(??????????????????????)????

??????????????????????IP????????????????????,?????????????????,?????,????????????????????,?????

(???????????)???????????????

2024???????11??6???????????11???????????16?????????,??????????????????????????3??IP?,????????????,????,?????????,?,??????????????????????4.98GB?

?????????????

(????????????)?????????

?,?????????????22??????8???????????????,?10???20?,?????,??

(?)?

?5??????????????IP????????,????,??

(???????????)???????????

??????,?????????????????????,??????????

??????????????,??,????????????????

(????)??

?,??,?,??????276??,?????????????????????,????????

??????????????IP????

???

2024?12?18?,????????????????CNCERT?(

?????????????????????????

(??????????????)?

??????????????????????????????Exchange???????????????????????????2??????????Exchange??????????????????????,???????????,??????????,??

(???????????????)?????????????????????

?,?????????????????2????????????????,?,?????????????,?/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,????????????????????????????????,??????,??????

(??????????????)?30???????

????,????????????????,????,?SSH?SMB?????30???????;?,????????????????????????????????????????????????????????????????????????????????????????????????????????????????????,???????websocket+SSH?????????,?????????????,???????????????WeChatxxxxxxxx.exe??????????????2???????PIPE???????????????????,????????????

???????????????

(?????????????)???????????????

????????????,????????????,???????????????????????????,??????????,????????,?????

(????????????)??

??????????3??,?????????????,2023??5?2????????????,?(95.179.XX.XX)?,?????????????????,???????,??????,????�?�?�???�?�?????�?�??????????(??+?????????????????????????????????)�?�??????IP????�?�???????????????�???????????????

(?)?????

????????????????????????????????,????????????,2023?7??????????????26????,????(65.21.XX.XX)??????,???,??????,???????????????????,?1.03GB??????????????,??????�?�???????????????????�tip4XXXXXXXX.php�?

(?)?

??,??????????????,???,?????????????????????????????SSH????????,????????????,????????

?????????????????????

(?)????????????????????????

?,????22??8??????????????????????????,????????10?????20?,????,?????????????????????????

(?)??????????

2023???5????2023??10?,???30????????????????????????,?IP?,?????

(??????)??????????????

????2?PIPE??????????????�c:\windows\system32\�?????????????,??.net?,?,?????????????KB,??????????????????TLS??????????????????????????????????????????,?https??????,????????????websocket+SSH??,????????????????????????

???????????IP?

????????????????:??????????????????

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐