TAMECAT

Description

(Mandiant) TAMECAT is a PowerShell toehold that can execute arbitrary PowerShell or C# content. TAMECAT has been observed dropped by malicious macro documents, communicates with its C2 node via HTTP, and expects data from the C2 to be Base64-encoded.

Names

Name
TAMECAT

Type

Backdoor

Information

https://www.mandiant.com/media/17826

Mitre Attack

https://attack.mitre.org/software/S1193

Other Information

Uuid

7340d8f6-ce8c-4b0b-be88-f93b2f562eb6

Last Card Change

2025-06-28

Threat Intelligence Garden

Explorer

TAMECAT

TAMECAT

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks