'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339819)

Rule General Information
Release Date: 2026-03-18
Rule Name: Tool Havoc Detection - 5
Severity:
CVE ID:
Rule Protection Details
Description: Havoc is a modern open-source post-exploitation command and control (C2) framework that supports multi-platform agents, Malleable C2 communication camouflage, various Listeners such as SMB/HTTP/HTTPS, and comes with rich post-exploitation modules and plugin extensions. This rule has detected Havoc communication traffic.
Impact: Attackers use attack tools to attack targets, which can lead to data leakage, service interruption, system crash, data tampering, and illegal access.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Conduct a thorough inspection of the environment immediately. Once infection is confirmed, isolate the affected host without delay, collect memory dumps and network traffic evidence, completely remove all malicious components, and restore the system by performing a full reinstallation.