Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：717197）

Rule General Information


Release Date:		2025-11-12

Rule Name:		XMR Mining Trojan Connection Traffic Detection-3

Severity:

CVE ID:

Rule Protection Details


Description:		This event indicates outbound traffic generated by a Monero-mining trojan that is attempting to register itself with its command-and-control pool. The malware silently consumes CPU and GPU resources to solve cryptographic puzzles for the benefit of an external attacker, causing severe performance degradation, shortened hardware life, and inflated power costs. Because mining logic is embedded in user-land or kernel-land code without authorization, the infection also serves as a foothold that can be leveraged to deploy additional payloads, steal credentials, or move laterally inside the network.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.