???????????????????????:?????????
??
????1???????17??? ???????????????????????17???????????,???????????
????????
2024???????12???????????18???????????????????????,???????????????CNCERT?????????????(
??????????????????
(????)??????????????
2024?????8???19??,????,?????????/???????????2024??8????21??????,?/????????????
(?????)??????
2024????8???????????????21?12??????????????????,?????????????????,?,???????????,?????????????????/xxx/xxxx?flag=syn_user_policy??????????????????????,?/xxx/xxxStats?
(???????????)??????
2024????????????11??????6?????2024??11????8?2024?11?16????????????????????????????,?276????????????????????????
????????
(????????????)?
????????????????????????IP??????????????,?????????,??????????????,???????????????????,????????????????????
(??????)??
2024???????11?6?11?16??????????,?3????IP???????????????,????,?,??????????,??,????????????????????????????????????????4.98GB?
??????????????????????
(???????????????????????)?????
?,??????22???????????8???????,????????????10??????????20?,??????,?????????
(???????)?
?????????????5?????????IP???,??????????????,??
(?????????)??????????????
?????????,????????????,??????
?,?????????????????????????????????,????????
(???????????????????????)?
?,?,???????????????????,???????????????????????????276?,??????????????????????????????????????,???????????????????????????????????????????????
??????????????????IP?
??
2024??????12??18???,?CNCERT????????????(
?????????????
(?)????????
?????????????????Exchange?????????2?Exchange?,?,????,????????????????????
(?????????????)?
???????,????????2?????,?,???,?????/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,???????????????????????????????????????,????????,?????????????????
(??????)??????????????30????
?????????,??,????????????????,?SSH?SMB?30?????????????????????????????????????????????;??????????,?????????????????????????????????????????????????,????????????websocket+SSH????,?????????????,?????????????WeChatxxxxxxxx.exe??2????????????????????????PIPE?,???
??????????????????????
(???)?????????????
?,??????????????????????????????????????????????????,????,????,???,??
(?????????????)?
???????????????????3??????????????,????????????????????,2023?????5?2?,??(95.179.XX.XX)?????????,??????????????,?????????,??,??????????????????????????????????????????????(?+???????????????)??IP????????????????????????????????????????
(??????)?
????????????????,???????????,2023?????????????7????26???????????????,??????????(65.21.XX.XX)????????????????????????????,????,?,?????????????????,?1.03GB???????????????????????,??????????????????????tip4XXXXXXXX.php?
(??????????)????????????????
????????,???????,??,????????????????????SSH???,?,????????????????
????????????
(?)?
????????,?22????????8???????????????????????????,?????10???????????20??????????????????????????,???????????????,???????????
(??????)????????????
2023?????5????2023??10?,?30????????????,????????????????IP???????????????????,?????????????????????
(????)?
???????????????2??PIPE?????????c:\windows\system32\?,???????????????????????????.net?????,?,?????????????????KB,????????????TLS???????????????????????????????????????????,???????????https?,??websocket+SSH??????????,??
?????IP??????????????????????????????????
?????:?????????????????
?????????
????????????????????????????:??????????????????????
????
- 1409????!32??????????????
- 2???????????????5???
- 3????????????????5???
- 4?????????:??????1.5%??????
- 5???????????????+??????
- 6???????????????????
- 7????????????????????
- 8?????????:IPO???????PE??
- 92017???????????:???11?
- 10???????????!????????
- 11?S??????????????????
- 12?????????????????????
- 13????????:???????????
- 146???????????????????
- 15????K?!??????!????????
- 16???????????????+??????
- 17????????????:??AI????????
- 18????????????????5???
- 19??:????????????????????
- 20??????????????:??????????