Reconnecting to live updates…

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

Severity: mediumType: malware

In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment.

AI Analysis

Technical Summary

This threat involves TencShell, a newly identified malware implant written in Go and derived from the Rshell open-source command and control framework. It was used in an attempted intrusion against a global manufacturing organization, detected and blocked by Cato CTRL in April 2026. The activity was associated with a third-party user connected to the victim environment and is suspected to be linked to a China-based threat actor. There are no known public exploits or patches related to this malware, and it is not a cloud service. The malware's capabilities are implied by the associated MITRE ATT&CK techniques tags but are not explicitly detailed in the provided data.

Potential Impact

The attempted intrusion was blocked, so no confirmed compromise occurred. The malware implant TencShell could potentially enable command and control operations if successfully deployed. The threat actor's targeting of a global manufacturer indicates potential espionage or disruption motives. No known exploits in the wild have been reported, and no direct impact beyond the attempted intrusion is documented.

Mitigation Recommendations

No specific patch or remediation is available or referenced for TencShell malware. Organizations should ensure intrusion detection and prevention systems are updated to detect this threat. Since the attack was blocked by Cato CTRL, continued use of such security controls is recommended. Monitor third-party user access closely and apply least privilege principles. Patch status is not yet confirmed — check vendor advisories and threat intelligence updates for current remediation guidance.

Indicators of Compromise

hash: cdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4
domain: gin-tne-fahcesmukw.cn-hangzhou.fcapp.run
ip: 45.64.52.242
hash: 12986838bf5c0b638edca3ac84c9e18f
hash: 1da53ba0766c902a50ba40271b82e557
hash: 20150ed3ac726c486d60b2be05ee2b74
hash: 2c3e4e7219e33327915a4371051fe84f
hash: 35f56e4a65b73a29e446b13eaff7eede
hash: 4dbb6a1ae553dc9659cd734fc5586f8c
hash: 7aa333c814c9ac618ae2fab66a6eddef
hash: d8d4e5be6f2014d17001f3a5ac7c1dcf
hash: debb2b7123e2b024ac6ae77c1aa59da2
hash: f819c42f5e5dafc87d770cb8f6af8b11
hash: 3874881233450ced72e743e3d9e6e3a7f0dc7ff9
hash: 3d56fb150811ef2d5769b15cca5d3c363edfb926
hash: 552ea6e21dbd17054db51c61607aadee910d6f13
hash: 637c77e4b952ca38410f68c1fdcc3e57e75858ef
hash: 6c972d0f0f8c11c28272826add94f4e16e59dda1
hash: 7412708f87194b3dc27b776840d83d7965aabc5c
hash: 93da3d6daf2ab0433f19d04e28e4736458f5606a
hash: e6229e69ace3adb6c6d59354c21e9de30fba0c50
hash: f6a4b3937dc373549e8f81eb29bfd2454e6e05a7
hash: fb3484f3b344c89c9c8f56348585e5f0cfc69f68
hash: 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab
hash: 065c54893e4777d52be6b7bf30b832d5ffd9d96fd178642a5828a364c0e904a0
hash: 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4
hash: 06776635e386d536b1b0fc21e6aa41865d44d83dae5e9b109868d71ca309eeaa
hash: 0fe91200a2bb4aed13b1a1ba4ec8fd4454566f5929ffed4f537d9a87c1bf1187
hash: 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca
hash: 12f76f48727916d6c05f53f8cd94915db5de5ffcbfa02c4807c27e090cfa47c1
hash: 1329be66458962dabfa20185c230439c57d32b90a20de791afdce9c15226fccb
hash: 147f86854690ba096f3797c623b66365d6adbf7140d7d7c3dcf746b83a4b6dac
hash: 1ba73df60e12b3feb8b5574e65cfceb6910460ab7fae2cf5554769fafdad049e
hash: 1d2e37b41d616ecb32b8bd2f2a52c792f1808fdc938574fc366d737b6f643c61
hash: 2012ff4d7c36e42d256d78c265f242d29a305af66686866c581ee96c2b05d5a6
hash: 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9
hash: 31635e4667eba1ba3588e1bc9c05d18a78d9693c801e5176e6cddf74e0d5bcc2
hash: 37facbbd0047c19f4efdea75ccb9e3ec793cb9b1d7846afa4fb8e900d6e9ed95
hash: 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac
hash: 4ae8de40153c66455d972e6e98fe06fb68db7301ba126557e96599527bc5509c
hash: 5ac484ec0846fff8f099b234dfd1602864300da8c68b01822c6036eb709fc584
hash: 5c02115b3f090551393cca3ce91fe837727d1c4586164c580759eb94387dba10
hash: 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998
hash: 5ef76098be5ed1559b71ebd8d29cb32c1825991824051d8a641746e08bf9e1b3
hash: 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63
hash: 64944d2a6129631ff675c6dcfdd57a7e99a1e4dc41802cbd0eabcef3eb3e81c3
hash: 660af53acdc505f333f6d4f4269cec740a5eb05e41a4c7926742606b18f22d33
hash: 6de4da7919185f84212d02011e955530011b08c389408f2a012b81757c3d0c0f
hash: 710539554f065fe9a0bf6a6e32d3ea73ab3c797a033f8bfef57ad929bcdf9195
hash: 7170f3051cc9f4520e84f1ea3b599616d82be8e5087f19d8e2951fa6848924b3
hash: 73c24bafba21f871cc9d28de92ee7e4b9f9c8ec337279c14c1facdb9feeb7af4
hash: 746c4cd5fe3a8edd37d4b37b23af64b1086b5ea7c1ab0bcfd9c47e4e2e986518
hash: 750a707084839fe970266964957b8eaa7e25b4d9ca1050cd7ab19e4a2add707d
hash: 75b36769f0d36c05be74d41610d4af3f73397983ba746f8c569de6f23ee130e0
hash: 79340e589a69f5dc204d4073341a07e98a588d0401d18f34991d14b71a475063
hash: 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314
hash: 7f6bec5dd217151fcd03087a6e7ba1070f0fa603801fb128a4097076c9976d36
hash: 8363ff6bddfaf247318308f215ad53f3c77f218d4a6562b537aeaf7e9135d10f
hash: 8f5f4408998bbfc6987d9cb39216071c57c7b087f2867a504e83414ee5cfcd08
hash: 905ae6ac24225db221da346a1695e443ba4c57ea1c9066e8bac3e5fcb4156fc7
hash: 921e41190fed3437ca7a0d53e7590ccb0f1ab5d667532778fbda5664c657d712
hash: 943f952652fbc16923c0519449feeee11698304dac51268d4e6065146dcad69e
hash: 94f67819c0f7e200abf4b39fad2fd6fef227da15d939f21a657d1717ca2b3014
hash: 976f890ab0ee8aac613da2458d0069f00d0ebabc76f1fceb63e05b2113f6a449
hash: aaf49281b2f65390adc2e763af37fc4e3fe03b94af550927fc91141e0d6347db
hash: b5e0866368873b4c5eacc6df01114fc749cc32f507e9324bc6d763999371777d
hash: b77c8531ee45ffdfd63ef19aa1f1ae8b603b274f6951f7d8f4e725130bfca06d
hash: b7a5192a90c14a9a36e5a3565fed46becffa88dbc719e8ee396a0c9d46f5dde4
hash: c3ecb90c9915daa23aec51f93ff8665778866f0592b2413578c8ba9708df6091
hash: d252aeabbf4cd9f336e83d1fa0042fcc2f74f45d4b8cbe2a8bfe790d4db0580d
hash: df5f74e1e0e5b0a0748de2efd86358293b4d368d171a926af6f14880d55adb57
hash: ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216
hash: fdb5eca8f00e1802f3c9c0ca79f93a8419353f4ef2a0606bec39c4497da91035

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

hash: cdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4
domain: gin-tne-fahcesmukw.cn-hangzhou.fcapp.run
ip: 45.64.52.242
hash: 12986838bf5c0b638edca3ac84c9e18f
hash: 1da53ba0766c902a50ba40271b82e557
hash: 20150ed3ac726c486d60b2be05ee2b74
hash: 2c3e4e7219e33327915a4371051fe84f
hash: 35f56e4a65b73a29e446b13eaff7eede
hash: 4dbb6a1ae553dc9659cd734fc5586f8c
hash: 7aa333c814c9ac618ae2fab66a6eddef
hash: d8d4e5be6f2014d17001f3a5ac7c1dcf
hash: debb2b7123e2b024ac6ae77c1aa59da2
hash: f819c42f5e5dafc87d770cb8f6af8b11
hash: 3874881233450ced72e743e3d9e6e3a7f0dc7ff9
hash: 3d56fb150811ef2d5769b15cca5d3c363edfb926
hash: 552ea6e21dbd17054db51c61607aadee910d6f13
hash: 637c77e4b952ca38410f68c1fdcc3e57e75858ef
hash: 6c972d0f0f8c11c28272826add94f4e16e59dda1
hash: 7412708f87194b3dc27b776840d83d7965aabc5c
hash: 93da3d6daf2ab0433f19d04e28e4736458f5606a
hash: e6229e69ace3adb6c6d59354c21e9de30fba0c50
hash: f6a4b3937dc373549e8f81eb29bfd2454e6e05a7
hash: fb3484f3b344c89c9c8f56348585e5f0cfc69f68
hash: 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab
hash: 065c54893e4777d52be6b7bf30b832d5ffd9d96fd178642a5828a364c0e904a0
hash: 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4
hash: 06776635e386d536b1b0fc21e6aa41865d44d83dae5e9b109868d71ca309eeaa
hash: 0fe91200a2bb4aed13b1a1ba4ec8fd4454566f5929ffed4f537d9a87c1bf1187
hash: 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca
hash: 12f76f48727916d6c05f53f8cd94915db5de5ffcbfa02c4807c27e090cfa47c1
hash: 1329be66458962dabfa20185c230439c57d32b90a20de791afdce9c15226fccb
hash: 147f86854690ba096f3797c623b66365d6adbf7140d7d7c3dcf746b83a4b6dac
hash: 1ba73df60e12b3feb8b5574e65cfceb6910460ab7fae2cf5554769fafdad049e
hash: 1d2e37b41d616ecb32b8bd2f2a52c792f1808fdc938574fc366d737b6f643c61
hash: 2012ff4d7c36e42d256d78c265f242d29a305af66686866c581ee96c2b05d5a6
hash: 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9
hash: 31635e4667eba1ba3588e1bc9c05d18a78d9693c801e5176e6cddf74e0d5bcc2
hash: 37facbbd0047c19f4efdea75ccb9e3ec793cb9b1d7846afa4fb8e900d6e9ed95
hash: 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac
hash: 4ae8de40153c66455d972e6e98fe06fb68db7301ba126557e96599527bc5509c
hash: 5ac484ec0846fff8f099b234dfd1602864300da8c68b01822c6036eb709fc584
hash: 5c02115b3f090551393cca3ce91fe837727d1c4586164c580759eb94387dba10
hash: 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998
hash: 5ef76098be5ed1559b71ebd8d29cb32c1825991824051d8a641746e08bf9e1b3
hash: 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63
hash: 64944d2a6129631ff675c6dcfdd57a7e99a1e4dc41802cbd0eabcef3eb3e81c3
hash: 660af53acdc505f333f6d4f4269cec740a5eb05e41a4c7926742606b18f22d33
hash: 6de4da7919185f84212d02011e955530011b08c389408f2a012b81757c3d0c0f
hash: 710539554f065fe9a0bf6a6e32d3ea73ab3c797a033f8bfef57ad929bcdf9195
hash: 7170f3051cc9f4520e84f1ea3b599616d82be8e5087f19d8e2951fa6848924b3
hash: 73c24bafba21f871cc9d28de92ee7e4b9f9c8ec337279c14c1facdb9feeb7af4
hash: 746c4cd5fe3a8edd37d4b37b23af64b1086b5ea7c1ab0bcfd9c47e4e2e986518
hash: 750a707084839fe970266964957b8eaa7e25b4d9ca1050cd7ab19e4a2add707d
hash: 75b36769f0d36c05be74d41610d4af3f73397983ba746f8c569de6f23ee130e0
hash: 79340e589a69f5dc204d4073341a07e98a588d0401d18f34991d14b71a475063
hash: 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314
hash: 7f6bec5dd217151fcd03087a6e7ba1070f0fa603801fb128a4097076c9976d36
hash: 8363ff6bddfaf247318308f215ad53f3c77f218d4a6562b537aeaf7e9135d10f
hash: 8f5f4408998bbfc6987d9cb39216071c57c7b087f2867a504e83414ee5cfcd08
hash: 905ae6ac24225db221da346a1695e443ba4c57ea1c9066e8bac3e5fcb4156fc7
hash: 921e41190fed3437ca7a0d53e7590ccb0f1ab5d667532778fbda5664c657d712
hash: 943f952652fbc16923c0519449feeee11698304dac51268d4e6065146dcad69e
hash: 94f67819c0f7e200abf4b39fad2fd6fef227da15d939f21a657d1717ca2b3014
hash: 976f890ab0ee8aac613da2458d0069f00d0ebabc76f1fceb63e05b2113f6a449
hash: aaf49281b2f65390adc2e763af37fc4e3fe03b94af550927fc91141e0d6347db
hash: b5e0866368873b4c5eacc6df01114fc749cc32f507e9324bc6d763999371777d
hash: b77c8531ee45ffdfd63ef19aa1f1ae8b603b274f6951f7d8f4e725130bfca06d
hash: b7a5192a90c14a9a36e5a3565fed46becffa88dbc719e8ee396a0c9d46f5dde4
hash: c3ecb90c9915daa23aec51f93ff8665778866f0592b2413578c8ba9708df6091
hash: d252aeabbf4cd9f336e83d1fa0042fcc2f74f45d4b8cbe2a8bfe790d4db0580d
hash: df5f74e1e0e5b0a0748de2efd86358293b4d368d171a926af6f14880d55adb57
hash: ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216
hash: fdb5eca8f00e1802f3c9c0ca79f93a8419353f4ef2a0606bec39c4497da91035

Source: AlienVault OTX General

Published: Mon May 18 2026

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

Medium

Malwarecato ctrl china-linked tencshell rshell go tencent t1005 t1036 t1041 t1055 t1057 t1059 t1071 t1082 t1083 t1090 t1102 t1105 t1106 t1113 t1129 t1547 t1548

Published: Mon May 18 2026 (05/18/2026, 19:23:51 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/18/2026, 19:51:57 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.catonetworks.com/blog/cato-ctrl-suspected-china-linked-threat-actor-targets-global-manufacturer/"]
Adversary: null
Pulse Id: 6a0b6747345498a268db0263
Threat Score: null

Indicators of Compromise

Hash

Value	Description	Copy
hashcdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4	—
hash12986838bf5c0b638edca3ac84c9e18f	MD5 of 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab
hash1da53ba0766c902a50ba40271b82e557	MD5 of 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca
hash20150ed3ac726c486d60b2be05ee2b74	MD5 of 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998
hash2c3e4e7219e33327915a4371051fe84f	MD5 of cdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4
hash35f56e4a65b73a29e446b13eaff7eede	MD5 of 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac
hash4dbb6a1ae553dc9659cd734fc5586f8c	MD5 of 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4
hash7aa333c814c9ac618ae2fab66a6eddef	MD5 of 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9
hashd8d4e5be6f2014d17001f3a5ac7c1dcf	MD5 of ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216
hashdebb2b7123e2b024ac6ae77c1aa59da2	MD5 of 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63
hashf819c42f5e5dafc87d770cb8f6af8b11	MD5 of 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314
hash3874881233450ced72e743e3d9e6e3a7f0dc7ff9	SHA1 of 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac
hash3d56fb150811ef2d5769b15cca5d3c363edfb926	SHA1 of 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab
hash552ea6e21dbd17054db51c61607aadee910d6f13	SHA1 of 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4
hash637c77e4b952ca38410f68c1fdcc3e57e75858ef	SHA1 of 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca
hash6c972d0f0f8c11c28272826add94f4e16e59dda1	SHA1 of cdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4
hash7412708f87194b3dc27b776840d83d7965aabc5c	SHA1 of 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998
hash93da3d6daf2ab0433f19d04e28e4736458f5606a	SHA1 of 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63
hashe6229e69ace3adb6c6d59354c21e9de30fba0c50	SHA1 of 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9
hashf6a4b3937dc373549e8f81eb29bfd2454e6e05a7	SHA1 of ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216
hashfb3484f3b344c89c9c8f56348585e5f0cfc69f68	SHA1 of 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314
hash01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab	—
hash065c54893e4777d52be6b7bf30b832d5ffd9d96fd178642a5828a364c0e904a0	—
hash065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4	—
hash06776635e386d536b1b0fc21e6aa41865d44d83dae5e9b109868d71ca309eeaa	—
hash0fe91200a2bb4aed13b1a1ba4ec8fd4454566f5929ffed4f537d9a87c1bf1187	—
hash12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca	—
hash12f76f48727916d6c05f53f8cd94915db5de5ffcbfa02c4807c27e090cfa47c1	—
hash1329be66458962dabfa20185c230439c57d32b90a20de791afdce9c15226fccb	—
hash147f86854690ba096f3797c623b66365d6adbf7140d7d7c3dcf746b83a4b6dac	—
hash1ba73df60e12b3feb8b5574e65cfceb6910460ab7fae2cf5554769fafdad049e	—
hash1d2e37b41d616ecb32b8bd2f2a52c792f1808fdc938574fc366d737b6f643c61	—
hash2012ff4d7c36e42d256d78c265f242d29a305af66686866c581ee96c2b05d5a6	—
hash2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9	—
hash31635e4667eba1ba3588e1bc9c05d18a78d9693c801e5176e6cddf74e0d5bcc2	—
hash37facbbd0047c19f4efdea75ccb9e3ec793cb9b1d7846afa4fb8e900d6e9ed95	—
hash3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac	—
hash4ae8de40153c66455d972e6e98fe06fb68db7301ba126557e96599527bc5509c	—
hash5ac484ec0846fff8f099b234dfd1602864300da8c68b01822c6036eb709fc584	—
hash5c02115b3f090551393cca3ce91fe837727d1c4586164c580759eb94387dba10	—
hash5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998	—
hash5ef76098be5ed1559b71ebd8d29cb32c1825991824051d8a641746e08bf9e1b3	—
hash5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63	—
hash64944d2a6129631ff675c6dcfdd57a7e99a1e4dc41802cbd0eabcef3eb3e81c3	—
hash660af53acdc505f333f6d4f4269cec740a5eb05e41a4c7926742606b18f22d33	—
hash6de4da7919185f84212d02011e955530011b08c389408f2a012b81757c3d0c0f	—
hash710539554f065fe9a0bf6a6e32d3ea73ab3c797a033f8bfef57ad929bcdf9195	—
hash7170f3051cc9f4520e84f1ea3b599616d82be8e5087f19d8e2951fa6848924b3	—
hash73c24bafba21f871cc9d28de92ee7e4b9f9c8ec337279c14c1facdb9feeb7af4	—
hash746c4cd5fe3a8edd37d4b37b23af64b1086b5ea7c1ab0bcfd9c47e4e2e986518	—
hash750a707084839fe970266964957b8eaa7e25b4d9ca1050cd7ab19e4a2add707d	—
hash75b36769f0d36c05be74d41610d4af3f73397983ba746f8c569de6f23ee130e0	—
hash79340e589a69f5dc204d4073341a07e98a588d0401d18f34991d14b71a475063	—
hash7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314	—
hash7f6bec5dd217151fcd03087a6e7ba1070f0fa603801fb128a4097076c9976d36	—
hash8363ff6bddfaf247318308f215ad53f3c77f218d4a6562b537aeaf7e9135d10f	—
hash8f5f4408998bbfc6987d9cb39216071c57c7b087f2867a504e83414ee5cfcd08	—
hash905ae6ac24225db221da346a1695e443ba4c57ea1c9066e8bac3e5fcb4156fc7	—
hash921e41190fed3437ca7a0d53e7590ccb0f1ab5d667532778fbda5664c657d712	—
hash943f952652fbc16923c0519449feeee11698304dac51268d4e6065146dcad69e	—
hash94f67819c0f7e200abf4b39fad2fd6fef227da15d939f21a657d1717ca2b3014	—
hash976f890ab0ee8aac613da2458d0069f00d0ebabc76f1fceb63e05b2113f6a449	—
hashaaf49281b2f65390adc2e763af37fc4e3fe03b94af550927fc91141e0d6347db	—
hashb5e0866368873b4c5eacc6df01114fc749cc32f507e9324bc6d763999371777d	—
hashb77c8531ee45ffdfd63ef19aa1f1ae8b603b274f6951f7d8f4e725130bfca06d	—
hashb7a5192a90c14a9a36e5a3565fed46becffa88dbc719e8ee396a0c9d46f5dde4	—
hashc3ecb90c9915daa23aec51f93ff8665778866f0592b2413578c8ba9708df6091	—
hashd252aeabbf4cd9f336e83d1fa0042fcc2f74f45d4b8cbe2a8bfe790d4db0580d	—
hashdf5f74e1e0e5b0a0748de2efd86358293b4d368d171a926af6f14880d55adb57	—
hashed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216	—
hashfdb5eca8f00e1802f3c9c0ca79f93a8419353f4ef2a0606bec39c4497da91035	—

Domain

Value	Description	Copy
domaingin-tne-fahcesmukw.cn-hangzhou.fcapp.run	—

Ip

Value	Description	Copy
ip45.64.52.242	CC=HK ASN=AS64050 bgpnet global asn

Threat ID: 6a0b6a46ec166c07b0ea1f4e

Added to database: 5/18/2026, 7:36:38 PM

Last enriched: 5/18/2026, 7:51:57 PM

Last updated: 5/20/2026, 7:18:21 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Hash

Domain

Ip

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Hash

Domain

Ip

Community Reviews

Related Threats

Is this Medium article about "NetMirror" malware legit?

An AI coding assistant installed malware into production environments. Nobody typed the command. AMA on what "supply chain attack" means now.

ThreatFox IOCs for 2026-05-19

Malware installed without literally doing anything?

Discord bot C2 infrastructure

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility