?? > ?? > ??
?????????:???????????????????????
2025-01-18 04:28:31??:????:???

?????????:???????????????????????

?1?17???? ??????????????????????17?,???????????????

??????????

2024?????12?????????18??????,????CNCERT?(

???????

(?????????????????????)??

2024?????????8??????????????19???????,?????????????,?????????????????????/???2024????????8??21??????????????????,????/????????????

(?????)????????????

2024?????????????????8???????????????21???????????12???????????????????????,??????,??????,?????????????????????????,????/xxx/xxxx?flag=syn_user_policy??,?????/xxx/xxxStats?

(??????????????????????)???????????????????

2024?11??????????????6???????????2024?????????????????11????8???????????2024????11??16?????,???????????276???????????????????????????????????????????

?????

(?)????????????????

???????????IP????????????????,?,??????????,?,???????????

(??)?????????

2024???????11???????????6??????11????????????16????,????????3????????????IP??????????????????,?,??,???????????????????????????????????????????,?,???????????????4.98GB?

?????????????

(???????)???????????

???????????????????,?22?????????????8????,????????????10?20?,???????????????,?????

(??????)?

???????5?IP???????????????????????????,?,???????????????

(?????)?????????

?,????????,??

?,???????????????,????????????????????

(??????????????)??????????????????

???????????????????????,??,??,?276?,??????,???????????????????????????????????

?????????????????IP????

????

2024?12???18?????????????,????????????????????CNCERT?????????????(

?????????????????????????????

(?????)?

?Exchange??????2????????Exchange??,????????????,?,??

(??????????????)?

??????????????,?2?,????????????,?????????????????,???????????????/owa/auth/xxx/xx.aspx??????/owa/auth/xxx/yy.aspx,????????????????????,?????,??

(????)??????30??????

???,?????,???????????,??????????????????????????????????SSH?SMB??????30?????????????????????????????????;?,????????????????????????????????????????????????????????????????????,????websocket+SSH?,???????????????????????,??????????????WeChatxxxxxxxx.exe??2?PIPE??????????,??

?????????????????????????????

(?)?????????

??????????,?????,??????????,?????,??????????????????????,??

(??????????????)????????????????????????????

??3?,?????????????????????????????,2023????????5?2?,?(95.179.XX.XX)?,??????????????,??????????,????,??????“?”?“??”?“?????????????”?“??(???????????????+???????)”?“???????????IP???”?“???????????????????????”??????????????

(??????????????????????)???????

?????????????????????,?????????????????????????,2023??????7????????????26??,??????????????????????????????(65.21.XX.XX)?,???????????????,?????,?,?????????????????1.03GB??,?????“???????????”???????????????“tip4XXXXXXXX.php”?

(?)??????

??????????,???,?????,???????????????????????SSH?????????????????,????????,??

???????????????????????????????

(????????)?

?,???????????22???????????????????????????8?,??????10?????????20??????????????,???,??????

(?????????????)??????????????

2023???????5????????2023????10??????????,??????30??,?IP?????????????,??

(?)????

??2???PIPE?“c:\windows\system32\”?,???????????????.net????????????,??????,?KB,??????????????TLS??????????????????????????????????????????????,?https???????????????,?websocket+SSH???????????????????????,????????

????????????????????????????????????????IP??????????

???????????????????????????:???????????

??:

相关推荐

  • ????:????????(??)????
  • ????????????????©1997-
  • ???????????????