Pulse Detail-

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

概要

In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment.

Created: 2026-05-18

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 14.67

Matched TTPs:

T1546.013 - PowerShell Profile
T1099 - Timestomp
T1003.007 - Proc Filesystem
T1131 - Authentication Package
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

APT32

Score: 11.27

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1131 - Authentication Package
T1588.001 - Malware
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Saint Bear

Score: 3.77

Matched TTPs:

T1546.013 - PowerShell Profile
T1597 - Search Closed Sources

MITREへのリンク →

FIN6

Score: 5.87

Matched TTPs:

T1546.013 - PowerShell Profile
T1588.001 - Malware
T1597 - Search Closed Sources

MITREへのリンク →

Sidewinder

Score: 5.26

Matched TTPs:

T1546.013 - PowerShell Profile
T1090 - Proxy

MITREへのリンク →

MuddyWater

Score: 10.33

Matched TTPs:

T1546.013 - PowerShell Profile
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Earth Lusca

Score: 9.82

Matched TTPs:

T1546.013 - PowerShell Profile
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1027.004 - Compile After Delivery

MITREへのリンク →

Winter Vivern

Score: 10.34

Matched TTPs:

T1546.013 - PowerShell Profile
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1090 - Proxy
T1588.001 - Malware

MITREへのリンク →

Silence

Score: 7.12

Matched TTPs:

T1546.013 - PowerShell Profile
T1547.011 - Plist Modification
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Contagious Interview

Score: 17.44

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1131 - Authentication Package
T1021.006 - Windows Remote Management
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery

MITREへのリンク →

LazyScripter

Score: 3.49

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

TA505

Score: 15.09

Matched TTPs:

T1546.013 - PowerShell Profile
T1527 - Application Access Token
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN7

Score: 11.79

Matched TTPs:

T1546.013 - PowerShell Profile
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1562.001 - Disable or Modify Tools
T1027 - Obfuscated Files or Information

MITREへのリンク →

Cobalt Group

Score: 6.51

Matched TTPs:

T1546.013 - PowerShell Profile
T1598.004 - Spearphishing Voice

MITREへのリンク →

Higaisa

Score: 4.07

Matched TTPs:

T1546.013 - PowerShell Profile
T1588.001 - Malware

MITREへのリンク →

Kimsuky

Score: 25.38

Matched TTPs:

T1546.013 - PowerShell Profile
T1213.006 - Databases
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1131 - Authentication Package
T1546.008 - Accessibility Features
T1588.001 - Malware
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Indrik Spider

Score: 12.48

Matched TTPs:

T1546.013 - PowerShell Profile
T1003.007 - Proc Filesystem
T1552.008 - Chat Messages
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Mustang Panda

Score: 16.29

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1169 - Sudo
T1136.003 - Cloud Account
T1055.005 - Thread Local Storage

MITREへのリンク →

Star Blizzard

Score: 3.49

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Magic Hound

Score: 17.99

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1588.001 - Malware
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1027 - Obfuscated Files or Information

MITREへのリンク →

HEXANE

Score: 4.26

Matched TTPs:

T1099 - Timestomp
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

APT29

Score: 23.56

Matched TTPs:

T1099 - Timestomp
T1584.008 - Network Devices
T1202 - Indirect Command Execution
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1556.008 - Network Provider DLL
T1027.004 - Compile After Delivery

MITREへのリンク →

Gamaredon Group

Score: 19.72

Matched TTPs:

T1099 - Timestomp
T1527 - Application Access Token
T1098.007 - Additional Local or Domain Groups
T1090 - Proxy
T1554 - Compromise Host Software Binary
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools

MITREへのリンク →

TA2541

Score: 6.06

Matched TTPs:

T1099 - Timestomp
T1098.007 - Additional Local or Domain Groups
T1597 - Search Closed Sources

MITREへのリンク →

FIN13

Score: 13.04

Matched TTPs:

T1099 - Timestomp
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1134.001 - Token Impersonation/Theft

MITREへのリンク →

HAFNIUM

Score: 8.06

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1552.008 - Chat Messages

MITREへのリンク →

Volt Typhoon

Score: 26.03

Matched TTPs:

T1099 - Timestomp
T1686.003 - Windows Host Firewall
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1552.008 - Chat Messages
T1488 - Disk Content Wipe
T1584.002 - DNS Server

MITREへのリンク →

FIN8

Score: 5.09

Matched TTPs:

T1099 - Timestomp
T1027 - Obfuscated Files or Information

MITREへのリンク →

GALLIUM

Score: 6.81

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification

MITREへのリンク →

Dragonfly

Score: 7.92

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1027.004 - Compile After Delivery

MITREへのリンク →

Ke3chang

Score: 14.41

Matched TTPs:

T1584.008 - Network Devices
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1198 - SIP and Trust Provider Hijacking
T1090 - Proxy

MITREへのリンク →

Agrius

Score: 5.86

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources

MITREへのリンク →

APT41

Score: 16.32

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1588.001 - Malware
T1208 - Kerberoasting
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT5

Score: 4.06

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

menuPass

Score: 12.17

Matched TTPs:

T1584.008 - Network Devices
T1527 - Application Access Token
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification

MITREへのリンク →

Threat Group-3390

Score: 5.58

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Wizard Spider

Score: 10.11

Matched TTPs:

T1584.008 - Network Devices
T1588.001 - Malware
T1083 - File and Directory Discovery
T1597 - Search Closed Sources

MITREへのリンク →

Ember Bear

Score: 8.26

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Sandworm Team

Score: 27.71

Matched TTPs:

T1484.002 - Trust Modification
T1686.003 - Windows Host Firewall
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1546.008 - Accessibility Features
T1562.001 - Disable or Modify Tools
T1027 - Obfuscated Files or Information
T1075 - Pass the Hash

MITREへのリンク →

Leviathan

Score: 15.10

Matched TTPs:

T1484.002 - Trust Modification
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1554 - Compromise Host Software Binary
T1488 - Disk Content Wipe

MITREへのリンク →

Storm-0501

Score: 9.75

Matched TTPs:

T1686.003 - Windows Host Firewall
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1027 - Obfuscated Files or Information

MITREへのリンク →

BRONZE BUTLER

Score: 6.66

Matched TTPs:

T1003.007 - Proc Filesystem
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

TeamTNT

Score: 5.84

Matched TTPs:

T1003.007 - Proc Filesystem
T1098.007 - Additional Local or Domain Groups
T1597 - Search Closed Sources

MITREへのリンク →

OilRig

Score: 4.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Aquatic Panda

Score: 6.42

Matched TTPs:

T1003.007 - Proc Filesystem
T1588.001 - Malware
T1597 - Search Closed Sources

MITREへのリンク →

APT1

Score: 4.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Rocke

Score: 8.01

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery

MITREへのリンク →

APT28

Score: 13.56

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1139 - Bash History
T1131 - Authentication Package
T1547.011 - Plist Modification

MITREへのリンク →

BackdoorDiplomacy

Score: 3.57

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware

MITREへのリンク →

Medusa Group

Score: 5.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Fox Kitten

Score: 6.85

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1588.001 - Malware

MITREへのリンク →

Cinnamon Tempest

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.004 - Compile After Delivery

MITREへのリンク →

BlackByte

Score: 9.74

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1134.001 - Token Impersonation/Theft
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

INC Ransom

Score: 9.23

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

UNC3886

Score: 15.68

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1588.001 - Malware
T1597 - Search Closed Sources
T1488 - Disk Content Wipe
T1027.004 - Compile After Delivery

MITREへのリンク →

Axiom

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver

MITREへのリンク →

Play

Score: 3.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources

MITREへのリンク →

APT39

Score: 6.56

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1027.004 - Compile After Delivery

MITREへのリンク →

Akira

Score: 8.68

Matched TTPs:

T1137.005 - Outlook Rules
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Storm-1811

Score: 8.40

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact

MITREへのリンク →

Scattered Spider

Score: 13.12

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1083 - File and Directory Discovery
T1556.008 - Network Provider DLL
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

ZIRCONIUM

Score: 5.95

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1027.004 - Compile After Delivery

MITREへのリンク →

RedEcho

Score: 3.92

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Lazarus Group

Score: 19.22

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification
T1588.001 - Malware
T1069.001 - Local Groups
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1055.005 - Thread Local Storage

MITREへのリンク →

Silent Librarian

Score: 5.36

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1546.008 - Accessibility Features

MITREへのリンク →

APT38

Score: 14.73

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1590 - Gather Victim Network Information
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1493 - Transmitted Data Manipulation

MITREへのリンク →

Moonstone Sleet

Score: 3.86

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1027 - Obfuscated Files or Information

MITREへのリンク →

BITTER

Score: 3.61

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware

MITREへのリンク →

RedCurl

Score: 9.25

Matched TTPs:

T1016.002 - Wi-Fi Discovery
T1090 - Proxy
T1027.004 - Compile After Delivery

MITREへのリンク →

SilverTerrier

Score: 3.29

Matched TTPs:

T1131 - Authentication Package

MITREへのリンク →

Tonto Team

Score: 5.09

Matched TTPs:

T1547.011 - Plist Modification
T1027.004 - Compile After Delivery

MITREへのリンク →

APT3

Score: 6.03

Matched TTPs:

T1547.011 - Plist Modification
T1177 - LSASS Driver

MITREへのリンク →

Deep Panda

Score: 3.29

Matched TTPs:

T1177 - LSASS Driver

MITREへのリンク →

Tropic Trooper

Score: 7.42

Matched TTPs:

T1090 - Proxy
T1136.003 - Cloud Account

MITREへのリンク →

APT-C-36

Score: 4.49

Matched TTPs:

T1588.001 - Malware
T1562.001 - Disable or Modify Tools

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1556.008 - Network Provider DLL

MITREへのリンク →

Velvet Ant

Score: 4.20

Matched TTPs:

T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1584.002 - DNS Server

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70

Matched TTPs:

T1686.003 - Windows Host Firewall
T1098.007 - Additional Local or Domain Groups
T1075 - Pass the Hash
T1027 - Obfuscated Files or Information
T1562.001 - Disable or Modify Tools
T1546.008 - Accessibility Features
T1016.002 - Wi-Fi Discovery
T1484.002 - Trust Modification
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Volt Typhoon

Score: 0.66

Matched TTPs:

T1552.008 - Chat Messages
T1686.003 - Windows Host Firewall
T1083 - File and Directory Discovery
T1003.007 - Proc Filesystem
T1488 - Disk Content Wipe
T1099 - Timestomp
T1584.002 - DNS Server
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Kimsuky

Score: 0.64

Matched TTPs:

T1027.004 - Compile After Delivery
T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1597 - Search Closed Sources
T1003.007 - Proc Filesystem
T1546.008 - Accessibility Features
T1131 - Authentication Package
T1213.006 - Databases
T1140 - Deobfuscate/Decode Files or Information
T1546.013 - PowerShell Profile

MITREへのリンク →

APT29

Score: 0.60

Matched TTPs:

T1027.004 - Compile After Delivery
T1177 - LSASS Driver
T1202 - Indirect Command Execution
T1556.008 - Network Provider DLL
T1584.008 - Network Devices
T1099 - Timestomp
T1547.011 - Plist Modification
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ