?? > ?? > ??
???????????????????????:?????????
2025-01-18 20:30:57??:????:???

???????????????????????:?????????

???????1?????17?? ?17??????,????????????????

??????????

2024??????12?18?,???????CNCERT?(

????????????

(??????)?

2024????????????????????????8?????????19?,?,?/??2024???????????8????21?,????????????/??

(?????????????????????)??????????????

2024??8?????21???12???,?????????????????,???????,????????,?????????????/xxx/xxxx?flag=syn_user_policy???????????????????????,??????????????/xxx/xxxStats?

(?)?????????

2024???????????????????11?6?????2024???????????????????11??8?????2024??????11??16?????????????,??????????????276??????????????????????

???????????????????

(??????)?????????????

????IP???????????,????????????????,??????????,?,??

(???????????????????????????)???????????

2024?11?????????6?????????11???????????????16??????,?3?IP?,?????????,?????,???,????????????,?????????????????????????????4.98GB?

??????

(??????)??????

??????????????,??????????22?????????????8???????????????,??10??20?????,?,????????????????

(?)?

??5????IP?????????????????,???????????,??

(??????????????????????)?

??,??????,??????????????????

????????,??????????????,????????????????????

(?????)??

????????????????????????,????,?,?276?????,???????????????????,???????

??????????????????????????????????IP????????????????

?

2024????????????????12?????18??????????????????,?CNCERT?(

?????????????????????????????????????

(??)????

??????????Exchange???????????2?????Exchange??????,??????????,???????????????????,??

(??????????????????????????????)?

???????????????????????,???????????2???????????????????,???????????,???????????,?????/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,?????,????,????

(??????????)??????30????????????????????????

????????????????????,???????????????????????????,?,?SSH?SMB??30??????????????????????????????????;?????????????????,????????????????????????,???websocket+SSH??????????????,?????????,??????????????WeChatxxxxxxxx.exe??????????????2?????????????????PIPE?,???????????

???????????????????????????????????????

(????????????????????)????

?,?????????????,????????????,??????????,??,????????????????

(???????)???????

????3????????,???,2023?5???????????2???????,??????(95.179.XX.XX)?,????,????,???????????,?“??????????????”?“??????????”?“????”?“?(??+????????)”?“????????IP???”?“??????????”?????????????

(?????????)???????

??????????,????????????????????,2023?7???????????????????????????26?,?(65.21.XX.XX)????????????,??????????????,?,?,?1.03GB????????????????????????,??“???????????”????????????“tip4XXXXXXXX.php”?

(??)????????????????

??????,????,?,?????????????????????SSH???,?????,???????

??????????????

(????)????

??????????????????????????,?22???????????????????????8??????????,????????????10?????????????20??????,??,????????????

(?????????????)???????

2023??????????????????5??2023????????10????????????????????????????,??????????????30?,??????????????????????IP?,??????????????????????????????????

(????)??????????

??2???????PIPE?“c:\windows\system32\”???,??????.net??????????,????????????????,???????KB,?????????TLS???????????????????????????????????????????????????????,?????????????????????https???????????????????????,???????????????????websocket+SSH?,???????????????????????????????????

????????????????????????????????IP??????????????

????????????????:???????????????????????????

??:

相关推荐

  • ????:????????(??)????
  • ????????????????©1997-
  • ???????????????