?????????:???????????????????????-????-(??)

?????????:???????????????????????

??: ????

?1?????17???????????? ???????????17????????,????????????????

2024?12?????????18????,?????CNCERT??????????????(

???????????????????????????????

(?????????????)??????????

2024?8????????????19?,?,?/???????????2024?????8?21????,?/???????????????

(?)?????

2024?8???????????????21??????????????????12??????????????????????,??????????????????,?????,???????????,???????????????????/xxx/xxxx?flag=syn_user_policy???????????????,?/xxx/xxxStats?

(?????????)??

2024?????????????11?6??2024???????????11??????????8??????????????2024?11?????????16???????,????????????276?????????????????????????????

?????????????????????

(?????????)????????????????????????

????????????????????IP???????????,?,?????,???????,???????????

(?)??

2024??????11????????6?????????????????11????16?????,???????3????????????IP????????????????,?,????????????,????????????,????????,???????????????????????4.98GB?

???????

(?)???????????

??,????????22????????????????8?,???????????10???????????????????????20?,????????????????,????????

(???????????)??

?5??????IP???,?????????????????????????????????,??????????????????????

(??)???????????????????

??????,????,???????

???,??????????,????????

(??)????

?,?????????????????,????????????????????????????,????276???,?????????????????,????????????????

???IP?

??????????

2024?12???????????????????18??????,?CNCERT?(

??????????????????????

(??????)???????????????????????

??????????????????Exchange??????2?Exchange??????????,???????????,??????????????????????,?????

(????????)??????

????,??2???????,????,???????,??/owa/auth/xxx/xx.aspx??/owa/auth/xxx/yy.aspx,???????????????????????????????,???????????????????????????,??????????????

(?)?30??????????????

??,??????????,?,???????????????SSH?SMB?30??????????????????????????????;??????????????????????,????????????????????????????????????????,?websocket+SSH??????,?????????????????????????????????,?WeChatxxxxxxxx.exe??????????????2???????????????????PIPE??????????????,??

????

(??)???????????????????

????????????,??????????????????????????????,???,?,???????,????????????????????????????

(????)?????????????

???????????????3?,???????????????,2023???????????5??2??????,?(95.179.XX.XX)???????????????????????????,??????????????????????????????,?????,??,???�?????????????????�?�?�?�??????????????????????????????????�?�???????????????????(?+?)�?�?????IP????????????????????????????�?�????�??

(??????)??????

????????????????,???,2023?7??????????26?,???????????????????????(65.21.XX.XX)???????,??????????????,??????????????,??????????????????????????,??????????????1.03GB???????????????,????????�????????�???????????????????�tip4XXXXXXXX.php�?

(?)?????????????????

?????,?,??????,????????????????SSH?,????,??

??????????????

(?????????????????)????????????

????,????22??8??????,?10????20?,?????????????,???????????????????????????

(?????????)???????????????

2023???????????????????????5?2023??????????????????????10?????????,???????????????????????????30????,?IP?,????????????????

(??????)???????????????

??????????2?PIPE???�c:\windows\system32\�?????????,??.net???????????,??????,????KB,?TLS??????????????????????????,???????https????????,?????websocket+SSH????,??????????????????????

??????????IP???

????????????????????????:?????????????????????????

???:????

??:???????????,??????????,??????????????

?? (0)

?????????:???????????????????????

相关推荐