�?????24????�????

????:???????:?????24????

????????

2024??????12??????18????,?????????????CNCERT?(

????????

(??????????)??

??Exchange???2????????????????Exchange????????????????,????????????,??????????,????

(?)??????

???????????????,????2????????,?????,??????????,?/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,????????????????????????????????,?,?????

(??????????????????????)?30?

??????????????,??????????????????????,?????????,???????SSH?SMB???????????????????30???????????????????????????????????????????????????????;????????????????????????????,????????????????????????????????????????????????,??????????????websocket+SSH????,??????????????????,??WeChatxxxxxxxx.exe??????2??????PIPE???,???

??????????????????????

(?)?

???????????,????????????????????????????????????????,????,?,??????????????????????????????,??????????????

(??)?

?????????3????????????,????????????????????????????,2023??????????5??????2?,?(95.179.XX.XX)???????????????????????,??????????????,????,???????????????????????,????????????????�????�?�?????????????�?�??????????????�?�????????(?+????)�?�?IP??????????????????????�?�????????�??

(?????????????????)??

?????????????????,?????????????,2023?7????26??????????,??(65.21.XX.XX)?,?????????,?,???????????????,??????????????????1.03GB??,????????????????�??????????????????�??�tip4XXXXXXXX.php�?

(???????????????)??????????????

????,?????????,??,????????????????????????????SSH???????????,?????????????????,?????????

???????????????

(??????)?

??????,??????????????22?8?,????????10????????20?????????,????,??????????????

(?????????????????)??????????

2023?????5?????????????2023?10???????????,?????30??,?IP?,?????????

(?????????????????)?????????????????????

??????????2?PIPE?�c:\windows\system32\�??????????????,?????????????????????.net?,??,??????????KB,?TLS??????????????????????????????????????????,????????????????????????https??,???????????????????websocket+SSH?,???????

??????????????????????????IP??????????

2024?12?????????????18???????????????,????????????????????CNCERT?(

?????????????

(????)???????????????

2024?8?19?,????????????,????/????????????2024?8?21?,?/?????????????????????????????

(?????)??????????

2024???????8???21?????12?,????,?,??????????,??/xxx/xxxx?flag=syn_user_policy????,????/xxx/xxxStats?

(???????????????)??

2024??????11???????????????????6????2024?????11?????????8??????????????2024??????????????????????????11????????????16???????????????????????????,?276??????????????????????????????????????????

?????????

(??????????????)????

???????IP?????????????????,?,?????????,??,?????????????

(???????????)?????

2024???????????11?6?11???????16?????,?3???????IP???????????????????,??????????????????????????????????,????????????,???????????????????,????,??????????4.98GB?

???????????????

(????)???????

??????,???????????????22??????????8???,????10?20??????????????????????????,????????????????????????,???????????????

(?)???????

???????????????5????????????????IP???????,??????,??????

(???)?

?????????,?????????,????????????

???????????????????,??,???????????????

(????)????????????????????

??????????????????,???????????????????,?,???276?,?????????????,????????????????????????????????????????????

??????????IP?????