?????????????????!???????????????-????-(??)

?????????????????!???????????????

??: ????

????????????????????????

2024???????????????12??????18????,????????????CNCERT???????(

?????????????????????????????

(??????????????????????)?

???????????Exchange????????????????2????????????????Exchange???????????????????????,??,??,????????

(?)??????????????

?,????????2?????????,??????????????,????????????????????????????,?????????????/owa/auth/xxx/xx.aspx?/owa/auth/xxx/yy.aspx,????????????,?,????????????

(???????????)?30?

???,?,????????????????????????,?????SSH?SMB????30??????????????;????????????,????????????????????????????????????????????????????????,?????websocket+SSH??????????,????????????????,?????WeChatxxxxxxxx.exe?????????2????????????????PIPE???,??

?????????????????????

(??)?

?,?????????????????????,???,???????????????,??????????????????????????????????,???

(????????)??

???????????????????????????3?,?????????????,2023??5????????????????2?????,?????????????(95.179.XX.XX)?,??????,????????,??????????????,??????�????????�?�????????�?�??????????????�?�???????????????(??????+??????)�?�?????????IP?�?�???????�??????????????

(???????????????)???????????????????????

????????????????????,??????????????????????????????,2023?????????????????7?????????????????26??????????,?(65.21.XX.XX)??????,???????,?,?????????????????????,?1.03GB??,??�??????�?�tip4XXXXXXXX.php�?

(???????????????????????)???????????????

???????,????,??????????????,??????????????????????SSH?,????,?????

??????????

(?)??????????????????

?,????????????????????????????22??????8?????????????????,?10??????????????????????????20??????????????,?,????????????????????????????

(?????)??????????????????????????

2023?5???????????????????????????2023???10?,?????30???????????????,????IP?????????,????????????

(???????????)??

?2?PIPE??????�c:\windows\system32\�?????????,??????????????.net???????????,????????????,??????????????????KB,???????TLS??????????????????????????????????????????,??????https???????,?websocket+SSH?????,???????????

????IP?

????????????

2024?12???????????????????18?,?????????CNCERT????(

???????

(???????????)???

2024?8?19?,??????????,??/???????????2024????????????????????????????8?????????21?,?????????????/??

(?????????????)?????????????

2024???????????????8??21?12??,???????????,????,?????????????,????/xxx/xxxx?flag=syn_user_policy??,????????????????/xxx/xxxStats?

(??????????)????

2024?????????????????11?????6??2024?11????8????2024????11??????16??,??????????????????????????????276??????????????????????

??????????????????????????????????

(?????)?

?IP????????????????????,?,?,?,????????

(????)??

2024???????????????11???????????????????????????6????11????????????16?????????????????,????????????3?IP????????????????,??????,??????,????????????,?,??????????????4.98GB?

????????

(??????????????????????)????

???,??????????????22?8?,??10????????20????????????,????,??????????????

(?????????????)?

?????????????????????????????????5???????????IP???????,???,???????????

(???????????????????)??????????

??????????????,?????????????????????????????,??

????????,????,?????

(??????)?

?,?????????,???????????????????????,????276???????????????????,???????,???????????????????????????????????

??????????????????IP?

?????????????????????????:?????

???:????

??:???????????,??????????,??????????????

?? (0)

?????????????????!???????????????

相关推荐