Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：1805172）

Rule General Information


Release Date:		2025-11-12

Rule Name:		Tool SchtaskCreator Connection Detection

Severity:

CVE ID:

Rule Protection Details


Description:		The activity involves the use of SchtaskCreator, a post-exploitation utility that abuses the Windows Task Scheduler service to create or modify scheduled tasks remotely. Attackers leverage this tool to establish persistence, execute arbitrary binaries with SYSTEM privileges, or trigger lateral movement without touching disk on the target. Because the traffic masquerades as legitimate MS-RPC/ATSvc calls, it often bypasses traditional endpoint controls. Successful deployment grants the adversary the ability to launch code at predetermined intervals, harvest credentials, or deploy additional payloads across the enterprise, silently extending the duration and scope of the compromise.

Impact:		Attackers use attack tools to attack targets, which can lead to data leakage, service interruption, system crash, data tampering, and illegal access.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

1. Scan the server file system to ensure that no hacking tools and related malicious files are left. 2. Make a complete system backup to ensure the security of server data. 3. Secure the server, restrict access rights, install firewalls, and use secure access control lists.