Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware
May 18, 2026, 7:26 p.m.
Description
In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment.
Tags
Date
- Created: May 18, 2026, 7:23 p.m.
- Published: May 18, 2026, 7:23 p.m.
- Modified: May 18, 2026, 7:26 p.m.
Indicators
- 1ba73df60e12b3feb8b5574e65cfceb6910460ab7fae2cf5554769fafdad049e
- 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4
- 8f5f4408998bbfc6987d9cb39216071c57c7b087f2867a504e83414ee5cfcd08
- 64944d2a6129631ff675c6dcfdd57a7e99a1e4dc41802cbd0eabcef3eb3e81c3
- 943f952652fbc16923c0519449feeee11698304dac51268d4e6065146dcad69e
- 065c54893e4777d52be6b7bf30b832d5ffd9d96fd178642a5828a364c0e904a0
- 6de4da7919185f84212d02011e955530011b08c389408f2a012b81757c3d0c0f
- d252aeabbf4cd9f336e83d1fa0042fcc2f74f45d4b8cbe2a8bfe790d4db0580d
- 1329be66458962dabfa20185c230439c57d32b90a20de791afdce9c15226fccb
- c3ecb90c9915daa23aec51f93ff8665778866f0592b2413578c8ba9708df6091
- 06776635e386d536b1b0fc21e6aa41865d44d83dae5e9b109868d71ca309eeaa
- 12f76f48727916d6c05f53f8cd94915db5de5ffcbfa02c4807c27e090cfa47c1
- 905ae6ac24225db221da346a1695e443ba4c57ea1c9066e8bac3e5fcb4156fc7
- 660af53acdc505f333f6d4f4269cec740a5eb05e41a4c7926742606b18f22d33
- 8363ff6bddfaf247318308f215ad53f3c77f218d4a6562b537aeaf7e9135d10f
- 2012ff4d7c36e42d256d78c265f242d29a305af66686866c581ee96c2b05d5a6
- 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab
- 710539554f065fe9a0bf6a6e32d3ea73ab3c797a033f8bfef57ad929bcdf9195
- 7f6bec5dd217151fcd03087a6e7ba1070f0fa603801fb128a4097076c9976d36
- 94f67819c0f7e200abf4b39fad2fd6fef227da15d939f21a657d1717ca2b3014
- 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9
- 37facbbd0047c19f4efdea75ccb9e3ec793cb9b1d7846afa4fb8e900d6e9ed95
- 5c02115b3f090551393cca3ce91fe837727d1c4586164c580759eb94387dba10
- 79340e589a69f5dc204d4073341a07e98a588d0401d18f34991d14b71a475063
- 75b36769f0d36c05be74d41610d4af3f73397983ba746f8c569de6f23ee130e0
- cdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4
- 921e41190fed3437ca7a0d53e7590ccb0f1ab5d667532778fbda5664c657d712
- b77c8531ee45ffdfd63ef19aa1f1ae8b603b274f6951f7d8f4e725130bfca06d
- df5f74e1e0e5b0a0748de2efd86358293b4d368d171a926af6f14880d55adb57
- 976f890ab0ee8aac613da2458d0069f00d0ebabc76f1fceb63e05b2113f6a449
- 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314
- 4ae8de40153c66455d972e6e98fe06fb68db7301ba126557e96599527bc5509c
- 7170f3051cc9f4520e84f1ea3b599616d82be8e5087f19d8e2951fa6848924b3
- 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac
- b7a5192a90c14a9a36e5a3565fed46becffa88dbc719e8ee396a0c9d46f5dde4
- ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216
- 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998
- 0fe91200a2bb4aed13b1a1ba4ec8fd4454566f5929ffed4f537d9a87c1bf1187
- 73c24bafba21f871cc9d28de92ee7e4b9f9c8ec337279c14c1facdb9feeb7af4
- 147f86854690ba096f3797c623b66365d6adbf7140d7d7c3dcf746b83a4b6dac
- fdb5eca8f00e1802f3c9c0ca79f93a8419353f4ef2a0606bec39c4497da91035
- 5ac484ec0846fff8f099b234dfd1602864300da8c68b01822c6036eb709fc584
- 746c4cd5fe3a8edd37d4b37b23af64b1086b5ea7c1ab0bcfd9c47e4e2e986518
- 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63
- aaf49281b2f65390adc2e763af37fc4e3fe03b94af550927fc91141e0d6347db
- b5e0866368873b4c5eacc6df01114fc749cc32f507e9324bc6d763999371777d
- 1d2e37b41d616ecb32b8bd2f2a52c792f1808fdc938574fc366d737b6f643c61
- 750a707084839fe970266964957b8eaa7e25b4d9ca1050cd7ab19e4a2add707d
- 31635e4667eba1ba3588e1bc9c05d18a78d9693c801e5176e6cddf74e0d5bcc2
- 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca
- 5ef76098be5ed1559b71ebd8d29cb32c1825991824051d8a641746e08bf9e1b3
- 45.64.52.242
Additional Informations
- Manufacturing
- gin-tne-fahcesmukw.cn-hangzhou.fcapp.run