�????95?�

????:????:????95?

???????1???17??????????????? ?17???????????????,??????????????????

???????????????????????

2024???????????12?????????????18???????,??????????CNCERT????????????(

????????????

(????)???????

2024???????????8???????19????,????????????,?????????????????????/?????????2024?????8?????????21??????,?/??

(??????)???????????

2024?8?21?????12?,??????????????????,?,????????????????????,?????/xxx/xxxx?flag=syn_user_policy??,????????/xxx/xxxStats?

(??????????)???????????????????????

2024??????????????11???????6??2024???????????11?8?2024??????????11??16?????????,???????????276??????????????????????????????????

?????????????????????????????????????????????????

(?)?

?IP????,?,??????,??????????????????????,????????????????????????

(??)?

2024?????11?????6?11?16????,?3?IP????,???????????,??????????????????,????????????????????????????,???????????????,??????????????????????4.98GB?

???????????????????????????????????????

(?)?????????????

???????????,???22?8?,????10????????????20????????,??????,???????????????

(?)??????????????

???????????????????5??????IP???????????????????,???????????,???

(?????????????????????????????????)?

???????????????,???????????????,??

???????????????????,??,??

(????????????????????????)???

????????????????????????,??,???????????????????????,????276??,??????????????????,??????????????????????

?????????????????IP?????????

2024???????????12??18??????????,????CNCERT?(

?????????????????????????????

(?)?????????

???????????????????????????Exchange????????????????????????????????????????????2?Exchange??????????????,?,?,??

(????????????????????????????)??????

?,?????????2????????????,???????????,??????????????,????/owa/auth/xxx/xx.aspx??????/owa/auth/xxx/yy.aspx,??????????????????,??????????????????????,??

(?????????)??????????30????????

????,?????????????,?,???????????????SSH?SMB?????30??????????????????????????????;??????????????,??????????????????????????????????,?????????????websocket+SSH??????????????????,?????,?WeChatxxxxxxxx.exe??2???????????????????PIPE????,??

????????????????

(???????????????????)?????

??,?????????????????,?,????,????????????????????,??

(?)?

????3?,???,2023????????5??????????????????????2?,???????????????(95.179.XX.XX)?????,??????????,??????,?,???�?????????????????�?�?�?�?�?�??????????????????????????(?+?????)�?�??????IP???????????????�?�?�??

(????)?

????????????,???????,2023?????????????7???????26???????????????,????????????????(65.21.XX.XX)????,?????,?????,????????,??????????????????1.03GB???????????,???�??????�??????????????�tip4XXXXXXXX.php�?

(???????????????????????????)??????????

?,????????????????,??????,????????????????SSH????,???????????????????????????,?????

???????????????????????????????????????

(?????????????)?

???????????????????,?22????????????????????????8?,?10???20???,???,??????????

(?????????????????)???????

2023?????5???????2023????10?,?30??????,????????????????IP??,???

(???????)?????????

?????????????????2?PIPE??????????????????????????�c:\windows\system32\�?,?????????????????.net??,?????????????????????,???????????????????????KB,??????????????TLS?????????????????????????????????????????????,??????????https????,?websocket+SSH??,??

???????????????IP??????????????

????????????????????????????:??

???????????????????????:?????????

相关推荐