Vshell: A Chinese-Language Alternative to Cobalt Strike

Vshell is a mature, Go-based command-and-control and post-exploitation platform widely used in Mandarin-speaking offensive ecosystems and observed in real-world incidents in 2025; the report details its architecture, listener types (including TCP/8084, WebSocket, DNS/DoH/DOT, OSS), Censys-derived Internet exposure (hundreds of listeners and panels), and documented usage in campaigns such as DRAGONCLONE and SNOWLIGHT, recommending defenders monitor and hunt for Vshell-related infrastructure.