????????????????????!???????????????

?? > ?? > ??

?????????????????!???????????????

2025-01-18 05:06:32??:????:???

?????????????????!???????????????

2024??????????12?????????????????????18?,?CNCERT?????????????(

??????

(?)????

?Exchange???????????????????????????????2??Exchange?,?,?????????????????,???????????????????????

(?????)????????

?????????????,????????????????????2?????????????,??,????????????????,???????????????/owa/auth/xxx/xx.aspx?????????????????/owa/auth/xxx/yy.aspx,??????????????????????????????,???????????,??????

(??????????????)?????????30?????????????

??????????,????,?,???????SSH?SMB??????30????????????????????????????????????????????????;????,?????????????????????????????????????????????????,?websocket+SSH??????????????,????????????????????,??????????????WeChatxxxxxxxx.exe?????2?PIPE?,??????

???????????????????????????

(??????????)????

??,???????,?,??????,????????,??

(????????????)????????????????????????

??3??,?????????????,2023????5?2?,?(95.179.XX.XX)?????,??????????????,???????????????????????,?,??�??????�?�??????????????�?�??????????????????�?�??????????(???????+?????????????????????????????????)�?�?IP????�?�?????�??

(?)???

???????????,????????????????????????????,2023???????????????????7??????????????26???????????????,?(65.21.XX.XX)?????,??????????????????,????????,?,?1.03GB?????????,????????????�?????????????????�??????�tip4XXXXXXXX.php�?

(???)??????

??????????????????????????????????,?????????,?,????????????????????????SSH????????????????,????,?????????????????

?????????????????????????????

(????????????????)????????????????????????

???????????????????????????,??????????????22?8??????????????????????????,?10???????????????20???????????????????,?,???????????????????????

(?)????

2023?????????????5??????2023?????10???,???30?,???????????????????IP???????????????????????,?????????

(????)??

?2???????PIPE?�c:\windows\system32\�?,???????????.net???????,???????????,???????????????KB,?TLS??????????????????????????????????,???????????https?,?????websocket+SSH????????????,???????

??????????????????????IP????

?????

2024?12??????????18??????????,????CNCERT??(

???????????????????????

(????????)?

2024??8????19????????????,?,???????????????????/??2024?8?????????21???????,????????/???????????

(????)??????????????

2024??????8?????21??12?????????,???????????????,???????,??????????????,??????/xxx/xxxx?flag=syn_user_policy????????????????????,?/xxx/xxxStats?

(??????)??????????

2024???????????????11????????6??2024???????????????????????????11??????8??2024???11?16?????,???276???????????????????????????????????????????????

??????????????????????????????????????

(??)???

??IP?,?,?,????,??????????

(?)?

2024??????????????11???????????????6??????11?16?????,?????3??????????????????????????IP????????????,??????????????,???????????,??????,?,????????????4.98GB?

?????????????????????

(?)???????????

??????????,?22?8?,??????????10????????????????????20?,??,?????

(??????)???????????

???????????????????????????5????????????????IP?,??????,????????????????

(??????????)??????????????????????????????

???????????????????,??????????????????????????????????,?????????????????????????

?,??????????????????,????????????????

(??????????????????????)?

???????????,???????????,????????????????,????276???????,?????????????,?????

????IP???????????????

??:??

??:

????
1. ????
2. ????
????
1. ????
2. ????
3. ????
????
1. ????
2. ????
3. ????
4. ???
????
1. ????
2. ????
3. ??????????

相关推荐