?????????:???????????????????????

???????????1?17?????????? ??17????,??

?

2024?12???????????18?????????????,?????????CNCERT??????????????(

?????????????

(????????????????)?

2024????8?????????????19????,???????,????????????????????/?????????????????????????????2024?8?21?????????,???????????/???????

(?)?????????????

2024?8??????????????????21??12????,????????????????????????????,?,?????????????????,????/xxx/xxxx?flag=syn_user_policy????????????????????,?/xxx/xxxStats?

(?????)????????????

2024????11???????????????6????2024??????11??????8????????????2024?????????11???????????????????????????16??????,?276?????????????????????????????????????????????

????????????????????????

(???????????????)?

?IP??????????,??,??????????????????????,?,????????????????????

(??????????????)?????

2024????????11??6?11??????16??????????????????????,??3?????????????IP???????????????????,???????????,???????,???????????????,??,?????????????????????????????????????4.98GB?

????????????????

(???)??

?????,???22??????????????8?,?????????????????10????20??????????????,????,?????????

(????)??

?5???????????????IP????????,?????,??????

(?????)?

?????????????,???????????????????????????????????????????,??

?,??????,??????????????????

(??????????)????????

?,??????????????,???????????????,?276????????????,???????????????????????????????????????????????????,?????????????????????

??????????????????????????????????????IP?

????????

2024?????12?18????????????,?CNCERT???????(

?????????????

(??????????????)?????

?Exchange?????????????2?Exchange?,??????,???????,?????

(??)??

??????????????????????,?????????2???????????????????,????????????????????????,????????,???????????????/owa/auth/xxx/xx.aspx????/owa/auth/xxx/yy.aspx,???????????????????????,?,?????????

(?????????)??30??

?????????????????,????????????,???????????????????,?SSH?SMB???????????????????????30?????????????????????????????????;??????,????????????????????????????????????????,??????????????websocket+SSH?,????,?WeChatxxxxxxxx.exe????????2????PIPE??????????,??????????????????

??????

(??????????)??????

?,????????????????????????????????????????,????????????????????????????,???????????????????????????,???????????????????????,???????????????????

(?)????

?????????3?,????????,2023?5?2????????????,???????????????(95.179.XX.XX)?????????????????????,??,????,????????????,?????????????????“??”?“?????”?“????????”?“??????(????+?)”?“??????????????????????????IP??????????????”?“?????????”????????????????????????????

(???????????)??????????????

??????????????????,????????????????????,2023??????7??????26??,???????????????(65.21.XX.XX)?????????????,????????????????,????????????????,???,?1.03GB????????????????,?“?”???????“tip4XXXXXXXX.php”?

(??????????)?

????????????????????????,??????????????,?,?????????????????SSH???????????????????????,?,?????????????????????????

??????????

(????????)?

??,??????????????22?8?????????????,?10?20?,??????????????????????????????,????

(???????????????????)??

2023???????5???2023??????????????????10?????,??????30???,?IP??????????,?????

(?)???????

?????????????????????2?PIPE????“c:\windows\system32\”??,?.net?,??????,???????????????KB,???????????TLS?????????????????????,???https?,????websocket+SSH?,??

??????????????????????IP??????????????

??:??????????