?????????????????!???????????????

??????????????

2024???12????????????18????????,????CNCERT??(

???????????????

(????????????)??????????

???????????????????????Exchange???????2???????????????Exchange?????????????,?????????,???,?????????????????

(?)?

?,??2??????????????????,?????????,????????????,????/owa/auth/xxx/xx.aspx?????????????????????????????????/owa/auth/xxx/yy.aspx,??????????????????????????????????????????????,???????????????????,??????????????????

(?)??????30????

?,????????????,?,????SSH?SMB??30?????????????????????????????????????????????????;?????,????????????????????????????????????,??????????websocket+SSH?,???????????????????????,?WeChatxxxxxxxx.exe???2?????????PIPE??,???????????????????????????????????

??????????????????????

(?????)????????????????

?,????????????????????????,??,??????,?,???

(????????)?

???????3????????????,????????????????,2023??????5?2????,????(95.179.XX.XX)?????,???????????????????????????,????????????????????????,????????????????????,??“???????????????”?“???????????????????????”?“???????????”?“??(??????+????????)”?“????????????????????????IP???”?“???????????????”????????????????

(?)?????????????

???????????????????,???????????????????????,2023???????????????????7????????????26???????????????,?????????(65.21.XX.XX)??????????????,?,??????????????????????,??????????????,??1.03GB????,???????????????????????????“?????????????????”?“tip4XXXXXXXX.php”?

(??)????

???????????????????,???????????,???????,???????????????????????SSH?????????????,?,????????????

?????????????????

(?????????)??

????????,???22???????8?,?10?20?????,?,???????

(????)?

2023????????????5????2023?10??????????????,?????????30??????,???IP?,???????????????

(?)????

??????????2????????PIPE?“c:\windows\system32\”???????????????????????,????.net?,?,??????????KB,????TLS??????????????????????????????????????????,?https????????,?websocket+SSH???????,?????

????????????????????????????????????IP?????????????

?????????????

2024??????????12??????????????????????????????18??????????,?CNCERT??(

???????

(?)?????????????????????

2024?8???????????19???????,????,?/??2024???????????8??????????????????????????21???????,??????????????/??

(??)??

2024??????????????8?????????????21????12??,???????????????,???,?????????????????,??????????????/xxx/xxxx?flag=syn_user_policy??,?????????/xxx/xxxStats?

(??????????????)??????????

2024???????????11?6???????????????????2024????????????????????????????11???????8?2024????11????????????????16?,??????????????????????276???????????????????????????????????????????

???????????

(?????????????????)??

??????????????IP?????,???????????????,?????????????????,?,?????

(??????????)???????

2024???????11???????????????6???????11??????????????16?,??3?????????IP????????,?,?????,??????????????,???????????????,??????????????????????????4.98GB?

?????????????????

(??????????????)?

?,??????????????22?8??????????,????10??????20?,??????,???????????????????

(??????)????????????????????????

????5?IP?,?,??

(???????????????????????????)?

?,??????????,?????????????

?????????????????,?,??

(????)???????????????????????

?,??????,????,????????????????????????????276?,???,?????????????????

????????IP??????????????????????

??:???????????????