TAMECAT - Analysis of an Iranian PowerShell-Based Backdoor

*TAMECAT* is a modular PowerShell-based espionage malware used by APT42 that employs a VBScript/PowerShell loader chain to deploy in-memory modules capable of browser data extraction, screen captures, and data exfiltration via encrypted POSTs to attacker-controlled endpoints; the report includes technical analysis of the loader and decryption routines, observed C2/hosting domains, MITRE ATT&CK mappings, and recommended mitigations such as EDR/AV deployment and expanded PowerShell logging.