???????????????!?????????????????-????-(??)

???????????????!?????????????????

??: ????

????

2024?????????????12?????18??????????????,???????????????????????????CNCERT?(

????????????????????

(????)??????????????

????Exchange??????????????2?????????????Exchange????????,?,?,?????

(??????????????????????)???????????

?????????????,?2?,?????????,????,?????/owa/auth/xxx/xx.aspx????????/owa/auth/xxx/yy.aspx,??????????????????????????,?????????,????

(?)???????????????????????????30???????????????????????????

?,??????,??????,?SSH?SMB?30??????????????????????????????????;????,??????????????????????????????????????????????????????????????????????????,????websocket+SSH??????????????????,????????????????,????WeChatxxxxxxxx.exe??????2?PIPE??????????,?????

????????????????

(???????)?

?,???????????????????????????????????,????,??,???,????????????????

(?)?

???3????????????????????,??????????????????????????,2023??????????????????????????????5????2??????,????(95.179.XX.XX)?,???????????????????,????,???????????????,???????????�?�?�?�?�?????????�?�???????????????????????(???+???????????????????)�?�????????????IP??�?�??????�?????

(????)??

?????????,???????????????????????????????,2023??????????????????7?????26???????????????,???????????(65.21.XX.XX)????????,?,?,?,?????1.03GB???,??????????????????????????�???????????�?�tip4XXXXXXXX.php�?

(???????????????????????)??????????

?,?????????????????????,?,??????????????????????????????????????????SSH??,??,???????????????

??????????????

(?????)??

?????????????????,????22?8??,?10??????????20???????,???????????????,??

(?)???????????????????

2023??5???2023??10?????????????,?30????????????????????????,?IP??????????????,???

(????????)?

?????2?PIPE?�c:\windows\system32\�???????????????,?.net???????????????,???,?KB,??TLS????????????????????????????????????????????????????????????????????????,??????????https????????????????????????????,???????????????websocket+SSH????????????????????????,??

????IP??????????????

??????????

2024?????????12?18?,?CNCERT?(

?????????????????

(?)???????????????????

2024?8?????19?,?,?/????2024????8????21????????????????,???????/?????

(????????????????????)??????????????

2024?????8??21??????12??????????????,???????????????,?,????????????????????????????,?????????????????????????????????/xxx/xxxx?flag=syn_user_policy??,??????????/xxx/xxxStats?

(??????????)??????

2024??????????11???????????6??2024?????????????????11?8?????2024?11??????16??????????????????????,?????????276??????????????????????

????????????????????

(????????????????????????)????????

??????????IP?,???,???????????????,??????,????????

(?)???????

2024?11?????6?11??????16??????????????,???????3?IP?,?,????????????????,???????,???????????????,??????????????????????????????????????????4.98GB?

????????????????????????????

(?)?

???????,?????????????22??????8?,???????????????????10????????????????20??????,????????????,???????????????

(?)????????????????

???????????5????IP????????????,?,?????

(???????)??????

?????,??????????????????????,????

??????????????????????????,?????????????????,???????????

(?)?

????,?????????????,????????,???????????????????????276????????,????????????????,?????????????

????????????????????IP???????????

?????????????????????????????:??????????????????????

???:????

??:???????????,??????????,??????????????

?? (0)

???????????????!?????????????????

相关推荐