'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339627)

Rule General Information
Release Date: 2025-11-12
Rule Name: XMR Mining Trojan Connection Traffic Detection
Severity:
CVE ID:
Rule Protection Details
Description: The detected artifact corresponds to network traffic generated when a Monero-mining trojan on a compromised host establishes its first outbound connection to an external controller. The malware typically infiltrates via exploit kits, malicious e-mail attachments or cracked software, then exfiltrates local system data such as CPU count, process name and wallet address to prepare for the delivery and configuration of a mining payload. By silently enrolling large numbers of victims into anonymous mining pools, attackers steal computational resources in an untraceable way, causing severe performance degradation, inflated power costs and accelerated hardware wear. Because the trojan remains resident and often provides a backdoor, it can later be repurposed for lateral movement, data theft or ransomware deployment, creating a persistent, multi-stage threat.
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.